PricingBlogAbout Us

Developing a Cyber Security Improvement Plan Proposal: PureLand

Verified

Added on  2023/04/26

|5
|928
|93
Case Study
AI Summary
This document presents a cyber security improvement plan proposal for PureLand Wastewater Treatment Inc., focusing on addressing vulnerabilities identified by the Department of Homeland Security (DHS) concerning their Industrial Control System (ICS). The proposal highlights the current state of PureLand's cybersecurity, noting the absence of comprehensive security mechanisms, inadequate protection for chemicals and trade secrets, lack of antivirus software, and insufficient asset tracking. It identifies weaknesses in the network architecture, such as a single firewall and the absence of intrusion detection systems. The proposal outlines potential threats, including external attacks and internal misuse, categorizing vulnerabilities into platform, network, and policy/procedural issues. It references applicable regulations and compliance standards, including NIST guidelines and RBPS metrics. The desired future state involves implementing additional firewalls, strengthening defense strategies, involving stakeholders, and establishing a Demilitarized Zone to segregate control and corporate networks, aiming to enhance the overall security posture of PureLand's ICS system. The document concludes by emphasizing the urgency for PureLand to address these cybersecurity issues to meet DHS requirements.
Document Page
Running head: CYBER SECURITY IMPROVEMENT PLAN PROPOSAL
Cyber Security Improvement Plan Proposal
[Name of the Student]
[Name of the University]
[Author note]
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
2CYBER SECURITY IMPROVEMENT PLAN PROPOSAL
Introduction:
PureLand is one of the Wastewater Treatment Plant which employs the ICS or the
Industrial Control System. The organization has been associated with finding the fact that
they are present in the wrong side after the DHS or the Department of Homeland Security
find out the ICS is not adequately protected against any kind of cyber security threats and
vulnerabilities. DHS also found out that the organization is not enough cybersecurity for the
chemicals as well in order to make the trade secrets secure.
Current status:
Currently the organization is not having any type of comprehensive mechanism for
cybersecurity. This initially opens up the door for the attackers to gain an entry and stole their
secrets. Besides this the organization also lacks a strong cybersecurity for the chemicals
which initially makes their trade secrets prone to cyber-attack. Additionally, there is no
antivirus for protection and the network is not having suitable asset tracking and management
capability. This give rise to numerous security related loopholes.
Weakness in the network:
There exist several weaknesses in the network of the system. For example, in front of
the router there exist only one firewall. There should exist at least two firewalls. The network
also lacks a network intrusion detection or prevention system which makes eth network
incapable of detecting any kind of suspicious activities. Other weaknesses include the
absence of proper protection for he critical systems like the servers. Besides this there also
exist the possible threats like access to the network by anyone internally as well as remotely.
Document Page
3CYBER SECURITY IMPROVEMENT PLAN PROPOSAL
Threats and vulnerabilities:
are different sources of threats that might be faced by the ICS for example the failure
of the equipment, attacks from external sources, disastrous events and many more can act as
the source of threat for the network security. Threats can be divided into external and internal
threats. Internal threats include the misuse of the resources, causing data leakage and many
more, whereas the external threats include the virus attacks, malwares, hacking and many
more.
The vulnerabilities that the ICS systems face can be categorized into three major
sections and this includes the platform, network and policy and procedural vulnerabilities.
Platform vulnerabilities mainly includes the protection vulnerabilities to the hardware,
software platforms, configuration, and platform malware. The policy or procedural
vulnerabilities mainly includes the absence of adequate and proper procedures or policies for
protecting the ICS system. The network vulnerabilities mainly include the configuration of
the network which might be vulnerable to different type of attacks.
Applicable Regulations and Compliance
The security policies and procedure guidelines provided in NIST SP 800-12
The NIST 800-53 security guidelines for network perimeters and software for an ICS
network.
RBPS Metrics 8.2.5 containing regulations for protecting the passwords and out
righting the critical information

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
4CYBER SECURITY IMPROVEMENT PLAN PROPOSAL
Desired future state:
In the future it is expected that in order to protect the network an extra firewall and
router would be installed in between the corporate network and the control network. The
defense strategy is to be strengthened in the future for protecting the ICS system, along with
the usage of various security systems and devices from numerous vendors can help the
organization strengthen their security. Another desire includes the involving of all the
stakeholders who are responsible for the security. Users are to be trained and they should
understand the importance of the security of the system. One of the major desires includes,
having a Demilitarized zone which would be responsible for dividing the control and the
corporate network.
Conclusion:
The current state of PureLand depicts the fact that they need to move swiftly so as to
take actions related to cyber security for their ICS system. DHS has been associated with
identifying various security issues and has provided the organization with a time period so as
to solve the issues in the system. This paper has highlighted the various threats and
vulnerabilities along with the future desire.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
5CYBER SECURITY IMPROVEMENT PLAN PROPOSAL
Bibliography:
Baggett, R. K., & Simpkins, B. K. (2018). Homeland security and critical infrastructure
protection. ABC-CLIO.
Bowerman, S. K. (2017). Cybersecurity Threats and Technology Applications in Homeland
Security. Homeland Security Technologies for the 21st Century, 135-148.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of
cyber security management in industrial control systems. International journal of
critical infrastructure protection, 9, 52-80.
Lee, J. W., Lee, J. K., & Jung, H. Y. (2017). Introduction of Regulatory Standards for Cyber
Security in Nuclear Power Plants.
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon