Network and Security: Comprehensive Threat Control Strategies Report

Verified

Added on 2023/06/03

AI Summary

This report presents a comprehensive analysis of network and security threat control, addressing various threat categories and recommending appropriate control measures. The report categorizes controls as Administrative, Product, or Physical, and classifies them as Prevent, Detect, Correct, or Compensate. The threat categories covered include accidental corruption of information, loss of intellectual property, software piracy, theft of information (hacker and employee), website defacement, theft of equipment, viruses, worms, Trojan horses, elevation of privilege, and fire/flood. For each threat, the report suggests specific control descriptions, such as regular backups, access control, antivirus protection, and the use of firewalls, detailing their classification and type. Furthermore, the report emphasizes the importance of incident response planning, security policies, and regular audits to mitigate risks and maintain a secure network environment. The report concludes by providing a bibliography of relevant academic sources.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: NETWORK AND SECURITY
Network and Security
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
NETWORK AND SECURITY
Threat Control
It is essential to identify the threats and set accurate controls for the identified threats. This eliminates the risks of business
loss. The recommendations for control to certain threat categories are represented in the following table-
Threat Category Control Description Classification Type
Accidental
corruption of
information
Regular Backup Regular backup will eliminate the
chances of data loss even if the
information stored is accidentally
corrupted
Administrative Compensate
Protection against Power
disturbances
One of the significant reasons of data
corruption is power disturbances. If
that can be fixed, the probability of
data corruption can be reduced.
Administrative Prevent
Ensuring proper shutting down
of the system after use
Data can be corrupted with improper
handling of information system and
therefore, it needs to be prevented
Administrative Prevent
Use of Proper antivirus and
spyware protection
Another significant reason behind
data corruption might be because of
Product Detect

2
NETWORK AND SECURITY
malware infection which can be
eliminated by making use of proper
antivirus and spyware protection.
Loss of
intellectual
property
Ensuring confidentiality by
enforcing access control
Access control can possibly ensure
confidentiality of intellectual
property thereby preventing the loss
of the same.
Administrative Detect
Maintaining good records of
data
This is important for prevention of
loss of intellectual property.
Administrative Compensate
The contacts and grant of rights
for the property access should
be checked.
The grant of rights should be wise in
order to prevent the loss of
intellectual property.
Administrative Prevent
Incoming trade secretes should
be restricted
Certain incoming trade secrets can
be risky for the intellectual property
and thus should be restricted.
Administrative Prevent
Regular Intellectual property
Audits
Regular audits will be able to
identify the risks associated with the
Administrative Prevent

3
NETWORK AND SECURITY
intellectual property.
Software piracy Development of software
policy statement
Having a clear software piracy
statement will help in explaining
how employees can legally acquire a
software thus preventing its piracy.
Product Prevent
Make employees accept and
sign an anti piracy statement
This will prevent the processing of
the information without permission.
Administrative Prevent
Ensuring regular software
inventories
If the staffs of an organization make
sure that the product name, version
number and the serial number for
each piece of software installed on
every computer is documented, the
issue can be prevented. Furthermore,
it is necessary for an organization to
perform unannounced audits.
Administrative Detect
An accurate knowledge of It is essential to keep all the licenses Administrative Prevent

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
NETWORK AND SECURITY
what the software licenses
allow
in one place to prevent the risk of
software piracy.
Theft of
information
(hacker)
Use of proxy services Use of proxy services will block the
revealing details of internal IP
addressing on networks
Product Detect
Stateful packet inspection It will help in distinguishing the
legitimate network communication
from the malicious forms of
communication thus saving from
information threat
Administrative Detect
Real time packet decryption Real time packet decryption helps an
organization to apply content level
control to the data for policy
compliance and malware filtering.
Administrative Detect
Email Handling Email handling is a control since it
includes malware detection, removal
of spam filtering and content check.
Administrative Prevent
Use of Virtual private network Use of virtual private network will Product Prevent

5
NETWORK AND SECURITY
enable a secure connection to the
remote users as well thus preventing
hackers from snooping into the
network
Application controls Proper application control helps in
blocking unwanted or unauthorised
participants in a network
communication
Administrative Detect
Theft of
information
(employee)
Setting Up proper Permissions By enforcing the principle of least
privilege, the theft of information by
employees can be prevented.
Administrative Prevent
Monitoring the changes to
permission
Setting up of permission will prevent
theft to information of an employee.
Administrative Detect

6
NETWORK AND SECURITY
Monitoring the activity of
privileged users in accessing
critical files
This is essential in order to ensure
that the privileged users are not
compromising with the data stored.
Administrative Detect
Encryption of data at the file
system level
Encryption of critical data can easily
prevent the loss or theft of data or
information.
Administrative Prevent
Website
defacement
Use of interactive threat
monitoring detection and
mitigation technique
The use of threat monitoring system
can help in early detection and
immediate mitigation of the risks.
Product Detect
Active maintenance of Web
app configuration
With active maintenance of the web
app configuration the risk of website
defacement can be prevented
Administrative Detect

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
NETWORK AND SECURITY
Strategic and regular review of
web security configurations
The regular review of web security
configurations helps in easier
management of the risks associated
with website defacement.
Administrative Prevent
Theft of
equipment
Installation of CCTV cameras This will be one of the most
appropriate security control for
protection of theft of equipment
Product Detect
Use of a recognizable
indicator
Use of RFID tags can help in easier
tracking of equipments
Product Detect
Appropriate record keeping of
all equipment is needed to be
maintained
Appropriate record keeping can help
in easier identification of the stolen
devices
Administrative Detect

8
NETWORK AND SECURITY
Use of motion sensors and
night cameras
This will detect any unauthorised
movement of the equipments and
will help in detecting the equipment
threat.
Product Prevent
Hiring night guards for after
hour surveillance
This will ensure physical security of
the equipments and will improve the
surveillance
Administrative Detect
Employees should be kept up
to date on security practices
This will help in easier detection of
data threats and loss of equipment
Administrative Detect
Immediate report of equipment
theft
This will help in immediate tracking
of the lost equipments
Administrative Compensate
Viruses, worms,
Trojan horses
Use of a good antivirus The use of good antivirus can help in
easier detection and elimination of
viruses, worms and Trojan horses
Product Detect and Prevent
Having accurate knowledge Having an accurate knowledge of Administrative Detect

9
NETWORK AND SECURITY
about malicious programs malicious programs can prevent its
use or can help in easier detection of
the same
Avoiding third party
downloads
Third party downloads can be a
source of Viruses, worms and Trojan
horses and therefore it is needed to
be prevented.
Administrative Prevent
Use of a hardware based
firewalls
Use of firewalls can help in easier
detection of Viruses, worms and
Trojan horses
Product Detect and Prevent
SLL should be checked prior to
any online transaction
Regular Data backup
The use of secure website can
prevent the threats associated with
Viruses, worms and Trojan horses
Administrative Prevent
Elevation of Segmentation Segmentation of the network helps in Administrative Prevent

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
NETWORK AND SECURITY
privilege applying filtering rules at the
network level
Blocking the traffic to internet Blocking the internet traffic should
not hold direct access to internet
Administrative Prevent
Use of firewalls in operating
system
Use of proper firewalls can help in
easier management of traffic and
communication thus preventing this
affect
Product Prevent and Detect
Execution blocking Execution blocking can possibly
help in mitigation of the risks that
can arise due to elevation of
privilege.
Administrative Prevent
Fire/Flood Ensuring a fire security Fire insurance can reduce the
damage caused by fire and flood.
Thus presence of proper fire security
can help in easier management of
this risk. The fire insurance should
cover maximum damage
Administrative Compensate

11
NETWORK AND SECURITY
Prompt action in case of fire In case of fire or flood, prompt
action can be taken for management
of the problems faced fire or flood.
Proper training can be provided to
the employees for acting promptly in
this situation
Administrative Prevent and Compensate
Regular data back up Regular data backup can reduce the
problems and the damage caused by
fire or flood. Easy recovery of data
can be ensured by regular data back
up
Administrative Compensate
Appropriate disaster recovery
system
Presence of a proper disaster
recovery system can help in better
management of this type of risks.
Administrative Compensate

12
NETWORK AND SECURITY
Bibliography
Abomhara, M. and Køien, G.M., 2015. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal
of Cyber Security, 4(1), pp.65-88.
Babil, G.S., Mehani, O., Boreli, R. and Kaafar, M.A., 2013, July. On the effectiveness of dynamic taint analysis for protecting against
private information leaks on android-based devices. In Security and Cryptography (SECRYPT), 2013 International Conference on (pp.
1-8). IEEE.
Baumann, F. and Friehe, T., 2013. Private protection against crime when property value is private information. International review of
law and economics, 35, pp.73-79.
Dawson Jr, M.E., Crespo, M. and Brewster, S., 2013. DoD cyber technology policies to secure automated information
systems. International Journal of Business Continuity and Risk Management, 4(1), pp.1-22.
He, B.Z., Chen, C.M., Su, Y.P. and Sun, H.M., 2014. A defence scheme against identity theft attack based on multiple social
networks. Expert Systems with Applications, 41(5), pp.2345-2352.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer
Science, 32, pp.489-496.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
NETWORK AND SECURITY
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security
management. Auerbach Publications.
Rostami, M., Koushanfar, F., Rajendran, J. and Karri, R., 2013, November. Hardware security: Threat models and metrics.
In Proceedings of the International Conference on Computer-Aided Design (pp. 819-823). IEEE Press.
Taitsman, J.K., Grimm, C.M. and Agrawal, S., 2013. Protecting patient privacy and data security. New England Journal of
Medicine, 368(11), pp.977-979.
Vacca, J.R. ed., 2013. Managing information security. Elsevier.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.