No Internal Controls LLC: Operations Security Report on Cyber Attacks

Verified

Added on 2023/04/23

AI Summary

This report, focusing on operations security, examines policies designed to mitigate cyber attacks, specifically addressing the threats posed by malware, including Trojan horses and ransomware, faced by No Internal Controls LLC. The report proposes several key policies, including preventing employees from opening suspicious emails, educating employees about malware, maintaining up-to-date systems, and implementing secure internet connections. For each policy, the report outlines both physical and technical controls to ensure effective implementation. The report emphasizes the importance of employee awareness, system updates, and secure network practices in safeguarding against cyber threats. References to supporting literature are provided to validate the proposed strategies.

Running head: OPERATIONS SECURITY
Operations Security
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1OPERATIONS SECURITY
Table of Contents
Policies for Mitigating Cyber Attacks:......................................................................................2
Controls to Support each Policies:.............................................................................................2
References:.................................................................................................................................5

2OPERATIONS SECURITY
Policies for Mitigating Cyber Attacks:
In recent times the No Internal Controls LLC has faced various types of problems due
to the recent ransomware attacks on them. With the ransomware attack Trojan horse attack is
also a big concern (Jain et al., 2014) for the No Internal Controls LLC. Thus some policies
need to be developed for mitigating the attacks of the Trojan Horse. These policies are:
 Employees of the organization must not check or open suspicions mail or the spam
mails without proper authorization.
 Organization need to aware its employees about various types of malware and their
effects.
 The systems need to be always updated. No outdated systems must be used for
organizational operation.
 Always connect to the internet through a secure connection. Third party connection
must not be allowed within the organization.
Controls to Support each Policies:
The first policy which was suggested in this report is not opening suspicions mails or
the spam mails. Trojan Horse attack is similar with the ransomware in the sense that both are
critical type of malware (Elisan & Hypponen, 2013). As this type of malware mainly comes
in the system from the spam mails, blocking the entry for malware is a good policy as the
malware will be not able to intrude in the system. For following this policy the employees of
the organization must be physically aware about which a corporate mail is and what a spam
or suspicions mail. Technical control is also important to support the above policy. The
administrator of the system must restrict the network usage of the employees so they can be
safe form browsing suspicions mails. Also, if an employee accidentally opens a spam or a

3OPERATIONS SECURITY
suspicious mail then some preventive actions must be initiated by the network administrator
of the system.
The second policy determined for the No Internal Controls LLC is creating awareness
among the employees about the various malwares and viruses including the Trojan horse
also. This policy is very much effective for mitigating the risks related with the malwares
because by implementing this policy the employees of the organization will be able to
distinguish between normal files and malwares. Also, they will be able to take some
preventive actions by their own when they will be facing situations like that. To support this
policy physical control is needed over the employees as this awareness will be distributed to
the employees as a training session (Salas et al., 2017). Some demo system is also needed for
to demonstrate the impact of the Trojan attacks and for that technical controls are needed.
Also, some preventive controls such as blocking the Trojan must be taken during the live
demonstration so that it does not affects the other computers.
The third identified policy is the making sure that all the operational system of the
organization is up to date. After the ransomware attack worldwide it has been identified that
Microsoft had released a critical patch for their Windows Operating system which was able to
defend the system form the ransomware attacks (Mohurle & Patil, 2017) but most of the
systems were not updated and faced the ransomware attack. Due to this reason updating the
system is included in the policy as the OS manufacturers often releases patch for improving
the securities which can protect the systems from future attacks similar with the ransomware.
In this case also physical control is needed over the employees for supporting the identified
policy. In this case the employees must be instructed to check the updates for their system on
a regular basis and when an update is available the employees must download the update and
must install it. With the physical control, technical control is also needed in this case for
monitoring the system of the employees to check whether the system is fully updated or not.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4OPERATIONS SECURITY
The forth policy in this case is implementing secure connection. By the
implementation of this policy various types of malware attacks such as Trojan attacks can be
mitigated easily. Implementing secure connection can easily block various types of malicious
websites from which the Trojan horses can enter into the system (Stringhini, Kruegel &
Vigna, 2013). Thus blocking the entry points by using the secure network can greatly secure
the systems of the No-Internal-Controls LLC. In this case also physical control is needed over
the employees so that the network administrator can communicate with them about the
various types of malicious websites and also can pass the message that they must not use any
type of private networks for the organizational system. Also, technical control is needed over
the system of the employees so that their system can be restricted from visiting malicious
websites. If an employee connects the system to any type of private network then some
preventive measures also need to be taken such as scanning the whole system with a proper
functional anti-virus.

5OPERATIONS SECURITY
References:
Elisan, C. C., & Hypponen, M. (2013). Malware, rootkits & botnets: A beginner's guide.
McGraw-Hill.
Jain, N., Anisimova, E., Khan, I., Makarov, V., Marquardt, C., & Leuchs, G. (2014). Trojan-
horse attacks threaten the security of practical quantum cryptography. New Journal of
Physics, 16(12), 123030.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science, 8(5).
Salas, E., Prince, C., Baker, D. P., & Shrestha, L. (2017). Situation awareness in team
performance: Implications for measurement and training. In Situational
Awareness (pp. 63-76). Routledge.
Stringhini, G., Kruegel, C., & Vigna, G. (2013, November). Shady paths: Leveraging surfing
crowds to detect malicious web pages. In Proceedings of the 2013 ACM SIGSAC
conference on Computer & communications security (pp. 133-144). ACM.