PeopleSharz: Comprehensive Incident Response Plan and Analysis
VerifiedAdded on 2019/10/18
|14
|3628
|158
Report
AI Summary
This report analyzes a security incident at PeopleSharz, a social media site where user passwords were leaked. It investigates potential causes, including malicious code, insider threats, weak security software, and vulnerabilities like injection flaws and broken authentication. The report details a threat analysis, outlining the scope, data collection methods, and vulnerability assessment processes. It identifies critical success factors such as employee identification, unrestricted access, and the development of a cybersecurity program, policy, and framework. Recommendations include protection against injection flaws, improved authentication, security configurations, encryption of sensitive data, employee training, and incident management. The report aims to provide a comprehensive incident response plan, offering insights into preventing future security breaches and protecting user data.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Incident Response Plan
PeopleSharz
Student Name:
Student ID:
Course Name:
Course ID:
Faculty Name:
University Name:
PeopleSharz
Student Name:
Student ID:
Course Name:
Course ID:
Faculty Name:
University Name:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
The social media site of PeopleSharz has been attacked by some unknown internal or external
entities and numerous user passwords have been shared externally. The purpose of this document
is to analyze the problem or the incident that took place, and identify the key issues that might
have led to the company’s web server and customer information being compromised.
The scope of the activity was to assess the internal and external threat exposure and recommend
solutions. The interview of the company employee, along with the key employees of the host
provider was required. Moreover, testing the issues of current system was also under
consideration.
There are numerous possible problems that have been identified in this case. Some of them are
weak security problems, insider threat, injection flaws, broken authentication, improper
encryption and others.
There are some recommendations that have been given regarding these issues. Some of them are
using protection against injection flaws, using framework for authentication issues, proper
security configuration, hiding sensitive data under HTTPS or encrypted storage, restricting use of
vulnerable components, employee education and awareness program, restriction to use
removable media, use privilege management, and incident management.
The social media site of PeopleSharz has been attacked by some unknown internal or external
entities and numerous user passwords have been shared externally. The purpose of this document
is to analyze the problem or the incident that took place, and identify the key issues that might
have led to the company’s web server and customer information being compromised.
The scope of the activity was to assess the internal and external threat exposure and recommend
solutions. The interview of the company employee, along with the key employees of the host
provider was required. Moreover, testing the issues of current system was also under
consideration.
There are numerous possible problems that have been identified in this case. Some of them are
weak security problems, insider threat, injection flaws, broken authentication, improper
encryption and others.
There are some recommendations that have been given regarding these issues. Some of them are
using protection against injection flaws, using framework for authentication issues, proper
security configuration, hiding sensitive data under HTTPS or encrypted storage, restricting use of
vulnerable components, employee education and awareness program, restriction to use
removable media, use privilege management, and incident management.
Table of Contents
Executive Summary.........................................................................................................................1
Background and Problem Analysis.................................................................................................3
Threat Analysis................................................................................................................................4
Dependencies and Critical Success Factors.....................................................................................7
Recommendations for Improvements..............................................................................................9
References......................................................................................................................................12
Executive Summary.........................................................................................................................1
Background and Problem Analysis.................................................................................................3
Threat Analysis................................................................................................................................4
Dependencies and Critical Success Factors.....................................................................................7
Recommendations for Improvements..............................................................................................9
References......................................................................................................................................12
Background and Problem Analysis
The site of PeopleSharz (PS) has been hacked by some unknown external unethical entity or
individual. PS is a social media site for the masses and is expecting an appreciable growth in the
user base in the years to come. The hacking incident that just took place might dent image of the
company and few people might prefer to tread towards this site.
The news on April 21st came as shocking to the company that the passwords of the site users
have been dumped to the Pastebin. The company, after confirming the news, has consulted the
HackStop Consulting for solution to this issue.
There are various possibilities that can be identified as the issues that might have led to the
company’s web server and customer information being compromised. Some of the likely issues
related to this case are mentioned below:
Malicious Code: The hackers could have used the malicious code that were not identified by the
HotHost1’s server and impacted the stored information (Corona et al, 2014).
Backdoors in Computer Network: There can be the possibility that the hackers found a
loophole in the network that they can misuse to get into the system.
Trojan horses on employees’ computer: The hackers might have planted Trojans into the
computers of employees who are working with the company. This might have led them to get
access to the administrators account. The Trojan horses are represented as something that is
harmless. This is mostly done through the phishing mails (Bhasin et al, 2013). In such scenarios,
when the user clicks on the file to download, the virus installs itself automatically before the user
can do anything.
Insider Threat: It might be possible that one or two of the employees within the company
shared the key information to the external individuals. This could be possible sighting the
enough competition in the social media space. The employee might have been lured by some
handsome amount of money to dilute the reputation of the company.
The site of PeopleSharz (PS) has been hacked by some unknown external unethical entity or
individual. PS is a social media site for the masses and is expecting an appreciable growth in the
user base in the years to come. The hacking incident that just took place might dent image of the
company and few people might prefer to tread towards this site.
The news on April 21st came as shocking to the company that the passwords of the site users
have been dumped to the Pastebin. The company, after confirming the news, has consulted the
HackStop Consulting for solution to this issue.
There are various possibilities that can be identified as the issues that might have led to the
company’s web server and customer information being compromised. Some of the likely issues
related to this case are mentioned below:
Malicious Code: The hackers could have used the malicious code that were not identified by the
HotHost1’s server and impacted the stored information (Corona et al, 2014).
Backdoors in Computer Network: There can be the possibility that the hackers found a
loophole in the network that they can misuse to get into the system.
Trojan horses on employees’ computer: The hackers might have planted Trojans into the
computers of employees who are working with the company. This might have led them to get
access to the administrators account. The Trojan horses are represented as something that is
harmless. This is mostly done through the phishing mails (Bhasin et al, 2013). In such scenarios,
when the user clicks on the file to download, the virus installs itself automatically before the user
can do anything.
Insider Threat: It might be possible that one or two of the employees within the company
shared the key information to the external individuals. This could be possible sighting the
enough competition in the social media space. The employee might have been lured by some
handsome amount of money to dilute the reputation of the company.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Weak Security Software: The use of any security software is not always suitable and the same
could be the case with this company. It might have been possible that the company or the hosting
provider is using the security software that is not strong enough to detect all kinds of external
intrusion. This might have allowed the hackers to bypass the security and get access to the user
passwords. The easiest route that could have been taken is through sneaking a malicious code on
the website and scanning it for possible security holes (Sagstetter et al, 2013). The presence of
any kind of holes will lead the virus to automatically download on to the server without requiring
anything from the administrator or users’ end.
These are the possible issues for the occurrence of such incident. The sections ahead analyses the
threat looming around the company’s website.
Threat Analysis
This section is concerned with clearly identifying and describing the appropriate web server
vulnerabilities and poor security practices that could have led to this situation. Moreover, the
area to be investigated and tested will be identified in this section. Along with that, the process of
investigation and testing will be explained here in brief. There are some potential issues that need
to be found which has been mentioned in this section also.
The investigation process for the situation will be considering various aspects of the
organization. The external and internal aspects will be equally assessed. The external aspect
constitutes the hackers, and the internal aspect constitutes the employees. Mentioned below is the
process that has been undertaken for the threat analysis of the situation:
Scope
The scope of the threat analysis is to investigate the individuals who are involved in handling the
security aspects of the company’s website. Moreover, the individuals from the HotHost1 will
also be interviewed concerning the situation. The purpose would be to understand the internal
loopholes that might have given way to the external threat. Moreover, a test would be run on the
software that is installed within the company’s network and those that are installed on the server.
A thorough study of the system and the people is likely to give some path to act.
could be the case with this company. It might have been possible that the company or the hosting
provider is using the security software that is not strong enough to detect all kinds of external
intrusion. This might have allowed the hackers to bypass the security and get access to the user
passwords. The easiest route that could have been taken is through sneaking a malicious code on
the website and scanning it for possible security holes (Sagstetter et al, 2013). The presence of
any kind of holes will lead the virus to automatically download on to the server without requiring
anything from the administrator or users’ end.
These are the possible issues for the occurrence of such incident. The sections ahead analyses the
threat looming around the company’s website.
Threat Analysis
This section is concerned with clearly identifying and describing the appropriate web server
vulnerabilities and poor security practices that could have led to this situation. Moreover, the
area to be investigated and tested will be identified in this section. Along with that, the process of
investigation and testing will be explained here in brief. There are some potential issues that need
to be found which has been mentioned in this section also.
The investigation process for the situation will be considering various aspects of the
organization. The external and internal aspects will be equally assessed. The external aspect
constitutes the hackers, and the internal aspect constitutes the employees. Mentioned below is the
process that has been undertaken for the threat analysis of the situation:
Scope
The scope of the threat analysis is to investigate the individuals who are involved in handling the
security aspects of the company’s website. Moreover, the individuals from the HotHost1 will
also be interviewed concerning the situation. The purpose would be to understand the internal
loopholes that might have given way to the external threat. Moreover, a test would be run on the
software that is installed within the company’s network and those that are installed on the server.
A thorough study of the system and the people is likely to give some path to act.
Data Collection
The data collection based on the interview and system assessment will be collected and analyzed.
The purpose would be to understand that whether all the components meet the defined security
standards. There could have been the possibility that the employees rarely followed the right
security protocols. Therefore, it is important that for the compliance purpose, these are clearly
identified. The detailed information on all the aspects will help the consulting firm to understand
that whether there was only security check-boxing attitude or some actions were also taken
regularly towards the security.
The initial step in the data collection will be to collect the thorough information related to the
incident. The possible IP addresses will be assessed and the route that was followed to result this
incident. An analyst would be deputed to the duty with unrestricted access to the entire activities,
system, and individual. The effective access to the data can be only possible way out from the
situation. Some of the areas that will be assessed for the threats are system logs, firewall logs,
honeypots, and others. A digital forensic analysis will be undertaken for the same.
The collection of corporate policies and methods are also necessary to understand where the
company is heading to and its orientation towards the security measures. This will help in
understanding the compliance level too.
Vulnerability Analysis
The level of current exposure will be determined through the data collected above. It will help in
understanding that whether the current implemented defenses are strong at a good level to fight
the threats. The areas of testing are availability, confidentiality, and integrity of the implemented
defenses (Kim and Kim, 2013). Moreover, the consultant would require testing the system which
might give it access to the classified documents and passwords. At these points, the support of
the company is expected.
Mitigation and Anticipation
The mitigation plan is suggested at this stage.
The data collection based on the interview and system assessment will be collected and analyzed.
The purpose would be to understand that whether all the components meet the defined security
standards. There could have been the possibility that the employees rarely followed the right
security protocols. Therefore, it is important that for the compliance purpose, these are clearly
identified. The detailed information on all the aspects will help the consulting firm to understand
that whether there was only security check-boxing attitude or some actions were also taken
regularly towards the security.
The initial step in the data collection will be to collect the thorough information related to the
incident. The possible IP addresses will be assessed and the route that was followed to result this
incident. An analyst would be deputed to the duty with unrestricted access to the entire activities,
system, and individual. The effective access to the data can be only possible way out from the
situation. Some of the areas that will be assessed for the threats are system logs, firewall logs,
honeypots, and others. A digital forensic analysis will be undertaken for the same.
The collection of corporate policies and methods are also necessary to understand where the
company is heading to and its orientation towards the security measures. This will help in
understanding the compliance level too.
Vulnerability Analysis
The level of current exposure will be determined through the data collected above. It will help in
understanding that whether the current implemented defenses are strong at a good level to fight
the threats. The areas of testing are availability, confidentiality, and integrity of the implemented
defenses (Kim and Kim, 2013). Moreover, the consultant would require testing the system which
might give it access to the classified documents and passwords. At these points, the support of
the company is expected.
Mitigation and Anticipation
The mitigation plan is suggested at this stage.
Mentioned below are some of the web server vulnerabilities and poor security practices that
might have led to this situation:
Injection flaws: Passing the unfiltered data to SQL can lead to such incident. In this condition,
there is the possibility that the hacker inject some malicious code that is not filtered in the later
stage.
Broken Authentication: The presence of session id in the URL, poorly encrypted passwords,
predictable session ids, possibility of session fixation, and hijacking are some of the possibilities
(Nagpal and Nagpal, 2014).
Cross Site Scripting: It is almost equal to developing a link and luring the users to click it. The
difference is that in this, the hackers provide JavaScript tags to the web application whose
execution in the later stage gives the access to the hacker.
Insecure Direct Object References: The presence of no authentication code might lead to such
situation. In this the direct links are provided to download something with no authentication
code. This allows the hacker to get unrestricted access to the file system.
Security Misconfiguration: The security configurations such as using the application when the
debug is enabled directory listing on the server, running services that are not required, and never
changing the passwords for longer period.
Sensitive data exposure: The lack of encryption of sensitive data can be one of the reasons. The
secure information such as user passwords should not be travelling in the unencrypted internet
space (Bhanu and Divya, 2016).
Using Components with known Vulnerabilities: Despite knowing that a particular system is
vulnerable, if the company is still using the same, then it can be used by external or internal
unethical parties.
Un-Validated Redirects and Forwards: The automated redirects might contain the link to the
malicious sites.
Outdated Technology Use: the use of technology that is outdated can lead to unsolicited attack.
might have led to this situation:
Injection flaws: Passing the unfiltered data to SQL can lead to such incident. In this condition,
there is the possibility that the hacker inject some malicious code that is not filtered in the later
stage.
Broken Authentication: The presence of session id in the URL, poorly encrypted passwords,
predictable session ids, possibility of session fixation, and hijacking are some of the possibilities
(Nagpal and Nagpal, 2014).
Cross Site Scripting: It is almost equal to developing a link and luring the users to click it. The
difference is that in this, the hackers provide JavaScript tags to the web application whose
execution in the later stage gives the access to the hacker.
Insecure Direct Object References: The presence of no authentication code might lead to such
situation. In this the direct links are provided to download something with no authentication
code. This allows the hacker to get unrestricted access to the file system.
Security Misconfiguration: The security configurations such as using the application when the
debug is enabled directory listing on the server, running services that are not required, and never
changing the passwords for longer period.
Sensitive data exposure: The lack of encryption of sensitive data can be one of the reasons. The
secure information such as user passwords should not be travelling in the unencrypted internet
space (Bhanu and Divya, 2016).
Using Components with known Vulnerabilities: Despite knowing that a particular system is
vulnerable, if the company is still using the same, then it can be used by external or internal
unethical parties.
Un-Validated Redirects and Forwards: The automated redirects might contain the link to the
malicious sites.
Outdated Technology Use: the use of technology that is outdated can lead to unsolicited attack.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Poor controls over system: If the company along with the hosting provider has not complete
control over the system, then it can allow way to external influence.
Network Policy to trust every device: If the company has enabled the system to accept any
external device request then it can be one of the various reasons for the hacking.
These are some of the web server vulnerabilities and poor security practices that could be the
reason for the current incident in the company.
Dependencies and Critical Success Factors
There are certain critical success factors if the current issue needs to be resolved. However, there
are various dependencies in the same which needs due consideration also. Mentioned below are
the factors that are of importance in this case:
Employee Identification
Identification and solicitation of the employees who are working with the company and the
hosting services company is important for the effective investigation. The employees who are
directly related to the security of the server or company system are required to be called for
assessment and interviewing.
Unrestricted Access
The analyst needs to have unrestricted access to all the information that can help in making an
informed decision. The access can be provided to the analyst through open support from the
management of both the company. It will support the analyst in completing the analysis process
seamlessly and within the shortest time possible.
Cyber Security Program
The development of the enterprise range security program is imperative in such scenario which
will require some change management. The change management is important as the resistance
from the individuals working within the company can be expected (Grossman and Roy, 2016).
Cyber Security Policy
control over the system, then it can allow way to external influence.
Network Policy to trust every device: If the company has enabled the system to accept any
external device request then it can be one of the various reasons for the hacking.
These are some of the web server vulnerabilities and poor security practices that could be the
reason for the current incident in the company.
Dependencies and Critical Success Factors
There are certain critical success factors if the current issue needs to be resolved. However, there
are various dependencies in the same which needs due consideration also. Mentioned below are
the factors that are of importance in this case:
Employee Identification
Identification and solicitation of the employees who are working with the company and the
hosting services company is important for the effective investigation. The employees who are
directly related to the security of the server or company system are required to be called for
assessment and interviewing.
Unrestricted Access
The analyst needs to have unrestricted access to all the information that can help in making an
informed decision. The access can be provided to the analyst through open support from the
management of both the company. It will support the analyst in completing the analysis process
seamlessly and within the shortest time possible.
Cyber Security Program
The development of the enterprise range security program is imperative in such scenario which
will require some change management. The change management is important as the resistance
from the individuals working within the company can be expected (Grossman and Roy, 2016).
Cyber Security Policy
There is a need of document procedures and processes that should be followed within the
company for the security purpose. Therefore, the development of the security policy is another
success factor.
Project Plan Development
It is required that the problem identification, problem analysis, and solution should be done in a
planned manner. This requires the development of a project plan for the company. The project
plan for the security measures will be based on the agile methodology. Agile methodology
considers sprint activities that are each of the security measure implementation will take place in
phased manner.
Documentation
The documentation of the whole incident is necessary to ensure that the similar incident does not
take place in the future. The documentation will provide the company with a written record of
the incidents that took place and the measures that were taken for the same.
Cyber Security Framework
A cyber security framework is required to be built that will ensure that all the intrusions or
incidents are identified as early as possible. This will ensure minimum damage to the company’s
data and reputation (Choo, 2014). The framework will be developed by the consultancy in
coordination with the company management and the hosting provider.
These are some of the dependencies and critical success factors. The major part is the
stakeholders who are involved in the incident. There are various individuals such as the
developers, the IT head, the security head, and the individuals from IT department of the hosting
company whom need to be contacted by the analyst for probe. These are the possible resources
from where the analyst can get suitable information. Moreover, observing the system usage
habits of the employees can also be the important aspect in understanding the security loopholes.
company for the security purpose. Therefore, the development of the security policy is another
success factor.
Project Plan Development
It is required that the problem identification, problem analysis, and solution should be done in a
planned manner. This requires the development of a project plan for the company. The project
plan for the security measures will be based on the agile methodology. Agile methodology
considers sprint activities that are each of the security measure implementation will take place in
phased manner.
Documentation
The documentation of the whole incident is necessary to ensure that the similar incident does not
take place in the future. The documentation will provide the company with a written record of
the incidents that took place and the measures that were taken for the same.
Cyber Security Framework
A cyber security framework is required to be built that will ensure that all the intrusions or
incidents are identified as early as possible. This will ensure minimum damage to the company’s
data and reputation (Choo, 2014). The framework will be developed by the consultancy in
coordination with the company management and the hosting provider.
These are some of the dependencies and critical success factors. The major part is the
stakeholders who are involved in the incident. There are various individuals such as the
developers, the IT head, the security head, and the individuals from IT department of the hosting
company whom need to be contacted by the analyst for probe. These are the possible resources
from where the analyst can get suitable information. Moreover, observing the system usage
habits of the employees can also be the important aspect in understanding the security loopholes.
Recommendations for Improvements
There are some steps company can take to make improvements and ensure that such incident
never take place in the coming days. Mentioned below are some of the recommendations that
have been made for the company:
Protection against Injection Flaws
The proper filtering of the input and identifying and using only the trusting input is the way out.
The important aspect in it is that all the input must be filtered effectively and properly to use.
The input whose trust factor is high should only be allowed unrestricted access. If the company
is getting 500 inputs then filtering 499 is not the solution. The last one remaining can cause the
issue the company never anticipated. Therefore, effective filtering of the entire inputs is
mandatory for efficient security.
Framework for Authentication issue
The web security challenge can be handled by the use of framework. The implementation of the
framework is more effective. However, if the company is not prepared to develop its own
framework then it has to learn all the possible pitfalls that are associated with the current code.
Proper Security Configuration
The system installation procedures should be well defined and must go through rigorous testing
processes. Moreover, the build and deploy procedure should be good and it should be able to run
tests at each deployment. The security modules should be there which can prevent system to
release passwords in open.
Hiding Sensitive Data
The sensitive information can be hidden using the web-encryption. If the data is in transit, then
the use of HTTPS is suggested to ensure the security. The company must stop accepting anything
that is on the non-HTTPS connections. If the data is in storage, then the first aspect is reducing
the exposure of the data. The data that are not required must be completely removed from the
server (Zhang et al, 2013). The encrypted form of stored data is less vulnerable to external
threat.
There are some steps company can take to make improvements and ensure that such incident
never take place in the coming days. Mentioned below are some of the recommendations that
have been made for the company:
Protection against Injection Flaws
The proper filtering of the input and identifying and using only the trusting input is the way out.
The important aspect in it is that all the input must be filtered effectively and properly to use.
The input whose trust factor is high should only be allowed unrestricted access. If the company
is getting 500 inputs then filtering 499 is not the solution. The last one remaining can cause the
issue the company never anticipated. Therefore, effective filtering of the entire inputs is
mandatory for efficient security.
Framework for Authentication issue
The web security challenge can be handled by the use of framework. The implementation of the
framework is more effective. However, if the company is not prepared to develop its own
framework then it has to learn all the possible pitfalls that are associated with the current code.
Proper Security Configuration
The system installation procedures should be well defined and must go through rigorous testing
processes. Moreover, the build and deploy procedure should be good and it should be able to run
tests at each deployment. The security modules should be there which can prevent system to
release passwords in open.
Hiding Sensitive Data
The sensitive information can be hidden using the web-encryption. If the data is in transit, then
the use of HTTPS is suggested to ensure the security. The company must stop accepting anything
that is on the non-HTTPS connections. If the data is in storage, then the first aspect is reducing
the exposure of the data. The data that are not required must be completely removed from the
server (Zhang et al, 2013). The encrypted form of stored data is less vulnerable to external
threat.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Restricting use of Vulnerable Components
The components that are vulnerable to the security threats must never be entertained at any cost.
The use of vulnerable components for even a while may pose threat that can be unprecedented,
specifically in the case of this company.
Employee Education and Awareness
The policies should be there that can help the system users learn the security aspects in a through
manner. The users of the employees of the company should be aware about the methods that can
help reduce the vulnerability to the system security.
Removable Media Controls
There should be policy that can prevent the employees from using the removable media in open.
The types of media that can be used with the system should be limited. The entire access to the
use of external media must be restricted. Moreover, the media that are necessary to be used
should be tested for the possible malware prior to transferring the data.
Managing User Privileges
The user access should be managed and not everyone should be given access to everything. The
access of information to all the employees within the organization might give some insider threat
access to the information that can make the entire system vulnerable. The access to audit logs
should be restricted.
Incident Management
The company should manage proper documentation. The documentation should have incident
response and disaster recovery plan. The presence of such plans will help the company in getting
out quickly of the incidents that happens in the future and they don’t have to continuously look
for consultants every time the system fails.
Monitoring
There should be a monitoring strategy within the organization which can monitor all the
activities of the employees. The policies should also be there that supports such activities. The
The components that are vulnerable to the security threats must never be entertained at any cost.
The use of vulnerable components for even a while may pose threat that can be unprecedented,
specifically in the case of this company.
Employee Education and Awareness
The policies should be there that can help the system users learn the security aspects in a through
manner. The users of the employees of the company should be aware about the methods that can
help reduce the vulnerability to the system security.
Removable Media Controls
There should be policy that can prevent the employees from using the removable media in open.
The types of media that can be used with the system should be limited. The entire access to the
use of external media must be restricted. Moreover, the media that are necessary to be used
should be tested for the possible malware prior to transferring the data.
Managing User Privileges
The user access should be managed and not everyone should be given access to everything. The
access of information to all the employees within the organization might give some insider threat
access to the information that can make the entire system vulnerable. The access to audit logs
should be restricted.
Incident Management
The company should manage proper documentation. The documentation should have incident
response and disaster recovery plan. The presence of such plans will help the company in getting
out quickly of the incidents that happens in the future and they don’t have to continuously look
for consultants every time the system fails.
Monitoring
There should be a monitoring strategy within the organization which can monitor all the
activities of the employees. The policies should also be there that supports such activities. The
logs should be regularly analyzed which can give indication on the future possibility of the
attack.
Malware Protection
Proper anti-malware system should be in place that can prevent malware from entering into the
system. There should be policies and documentation in place that can help the users in
understanding the nature and types of mails and sites that can contract malware (Rajab et al,
2013).
Network Security
The network should be protected against the external threats and internal threats also. The
perimeter of the network should be analyzed and security measure should be kept in place.
Moreover, the test controls should be there in place.
These are some of the recommended actions, PeopleSharz can utilize to ensure that the system
stay secured for longer period.
attack.
Malware Protection
Proper anti-malware system should be in place that can prevent malware from entering into the
system. There should be policies and documentation in place that can help the users in
understanding the nature and types of mails and sites that can contract malware (Rajab et al,
2013).
Network Security
The network should be protected against the external threats and internal threats also. The
perimeter of the network should be analyzed and security measure should be kept in place.
Moreover, the test controls should be there in place.
These are some of the recommended actions, PeopleSharz can utilize to ensure that the system
stay secured for longer period.
References
Bhanu, K. S., & Divya, K. V. (2016). Leakage Detection in Sensitive Data Exposure with
Privacy Preservation: A Survey. International Journal for Innovative Research in Science and
Technology, 2(11), 161-163.
Bhasin, S., Danger, J. L., Guilley, S., Ngo, X. T., & Sauvage, L. (2013, August). Hardware
Trojan horses in cryptographic IP cores. In Fault Diagnosis and Tolerance in Cryptography
(FDTC), 2013 Workshop on (pp. 15-29). IEEE.
Choo, K. K. R. (2014). A conceptual interdisciplinary plug-and-play cyber security framework.
In ICTs and the Millennium Development Goals (pp. 81-99). Springer US.
Corona, I., Maiorca, D., Ariu, D., & Giacinto, G. (2014, November). Lux0r: Detection of
malicious pdf-embedded javascript code through discriminant analysis of api references. In
Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop (pp. 47-57).
ACM.
Grossman, S. A., & Roy, P. (2016). Learn the 5 keys to boosting effectiveness of your
cybersecurity program. Campus Legal Advisor, 16(8), 1-6.
Kim, S. J., & Kim, B. H. (2013). Vulnerability Analysis for Privacy Protection in Secure-NFC
service. International Journal of Advancements in Computing Technology, 5(13), 257.
Nagpal, N. B., & Nagpal, B. (2014). Preventive measures for securing web applications using
broken authentication and session management attacks: A study. In International Conference on
Advances in Computer Engineering and Applications (ICACEA) (Vol. 2014).
Rajab, M. A., Ballard, L., Lutz, N., Mavrommatis, P., & Provos, N. (2013, February). CAMP:
Content-Agnostic Malware Protection. In NDSS.
Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M., Bouard, A., Harris, W. R., ... &
Chakraborty, S. (2013, March). Security challenges in automotive hardware/software
architecture design. In Proceedings of the Conference on Design, Automation and Test in Europe
(pp. 458-463). EDA Consortium.
Bhanu, K. S., & Divya, K. V. (2016). Leakage Detection in Sensitive Data Exposure with
Privacy Preservation: A Survey. International Journal for Innovative Research in Science and
Technology, 2(11), 161-163.
Bhasin, S., Danger, J. L., Guilley, S., Ngo, X. T., & Sauvage, L. (2013, August). Hardware
Trojan horses in cryptographic IP cores. In Fault Diagnosis and Tolerance in Cryptography
(FDTC), 2013 Workshop on (pp. 15-29). IEEE.
Choo, K. K. R. (2014). A conceptual interdisciplinary plug-and-play cyber security framework.
In ICTs and the Millennium Development Goals (pp. 81-99). Springer US.
Corona, I., Maiorca, D., Ariu, D., & Giacinto, G. (2014, November). Lux0r: Detection of
malicious pdf-embedded javascript code through discriminant analysis of api references. In
Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop (pp. 47-57).
ACM.
Grossman, S. A., & Roy, P. (2016). Learn the 5 keys to boosting effectiveness of your
cybersecurity program. Campus Legal Advisor, 16(8), 1-6.
Kim, S. J., & Kim, B. H. (2013). Vulnerability Analysis for Privacy Protection in Secure-NFC
service. International Journal of Advancements in Computing Technology, 5(13), 257.
Nagpal, N. B., & Nagpal, B. (2014). Preventive measures for securing web applications using
broken authentication and session management attacks: A study. In International Conference on
Advances in Computer Engineering and Applications (ICACEA) (Vol. 2014).
Rajab, M. A., Ballard, L., Lutz, N., Mavrommatis, P., & Provos, N. (2013, February). CAMP:
Content-Agnostic Malware Protection. In NDSS.
Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M., Bouard, A., Harris, W. R., ... &
Chakraborty, S. (2013, March). Security challenges in automotive hardware/software
architecture design. In Proceedings of the Conference on Design, Automation and Test in Europe
(pp. 458-463). EDA Consortium.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Zhang, X., Liu, C., Nepal, S., Pandey, S., & Chen, J. (2013). A privacy leakage upper bound
constraint-based approach for cost-effective privacy preserving of intermediate data sets in
cloud. IEEE Transactions on Parallel and Distributed Systems, 24(6), 1192-1202.
constraint-based approach for cost-effective privacy preserving of intermediate data sets in
cloud. IEEE Transactions on Parallel and Distributed Systems, 24(6), 1192-1202.
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.