Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

security btc hnd asseignment, Study Guides, Projects, Research of Computer Security

Fatih UniversityComputer Security

this is the solution for get m grade in hnd btec asseignment IT

Typology: Study Guides, Projects, Research

2020/2021

Available from 10/04/2022

touatanis1
touatanis1 🇹🇷

5

(1)

12 documents

1 / 35

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT SECURITY
(touat anis)
LO1:
Internal Cyber Threats in the organisations
These are the top internal cyber threats
Unauthorized data sharing: Sharing sensitive data with an external entity that does not have
need-to-know privileges.
Shadow IT: Using unauthorized third-party software.
Unauthorized devices: Using an unsanctioned, unsecure device at work. USB sticks are a
common example of this threat, but it can also include adding personal devices to the
business network, or bringing an unsanctioned device into a secure area.
Theft of property: When sanctioned devices that may contain sensitive information, such as
company laptops or phones, are not returned to the office.
External Cyber Threats in the organisations
These are the top five external cyber threats.
Internet of Things (IoT): Weak passwords, lack of patching, and IoT skill gaps make
this technology extremely vulnerable to an outside attack, according to Thales.
Phishing : When cybercriminals pose as a trustworthy source and contact a user via
email, phone, or text. The goal of phishing is either to directly obtain sensitive
information via social engineering, or to infect the network with malware via
malicious links.
Distributed Denial of Service (DDoS): Attempts to make a computer or network
unavailable by overloading it with fake requests from multiple sources.
Brute-force attacks: When a hacker uses brute-force tools (e.g., Hashcat, L0phtCrack,
or Aircrack-ng) to guess a user’s password. Weak passwords are especially vulnerable
to a brute-force attack.
Advanced Persistent Threat (APT): A sophisticated attack in which a hacker infiltrates
the network for an extended period of time, conducting multiple small attacks or
data thefts over the course of months or years. APTs are often not detected using
conventional cyber security measures.
Malware
What is a malware ?
Malware is the collective name for a number of malicious software variants,
including viruses, ransomware and spyware. Shorthand for malicious software,
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23

Partial preview of the text

Download security btc hnd asseignment and more Study Guides, Projects, Research Computer Security in PDF only on Docsity!

ASSIGNMENT SECURITY

(touat anis) LO1: Internal Cyber Threats in the organisations These are the top internal cyber threats Unauthorized data sharing: Sharing sensitive data with an external entity that does not have need-to-know privileges. Shadow IT: Using unauthorized third-party software. Unauthorized devices: Using an unsanctioned, unsecure device at work. USB sticks are a common example of this threat, but it can also include adding personal devices to the business network, or bringing an unsanctioned device into a secure area. Theft of property: When sanctioned devices that may contain sensitive information, such as company laptops or phones, are not returned to the office.

  • External Cyber Threats in the organisations
  • These are the top five external cyber threats.
  • Internet of Things (IoT): Weak passwords, lack of patching, and IoT skill gaps make this technology extremely vulnerable to an outside attack, according to Thales.
  • Phishing: When cybercriminals pose as a trustworthy source and contact a user via email, phone, or text. The goal of phishing is either to directly obtain sensitive information via social engineering, or to infect the network with malware via malicious links.
  • Distributed Denial of Service (DDoS): Attempts to make a computer or network unavailable by overloading it with fake requests from multiple sources.
  • Brute-force attacks: When a hacker uses brute-force tools (e.g., Hashcat, L0phtCrack, or Aircrack-ng) to guess a user’s password. Weak passwords are especially vulnerable to a brute-force attack.
  • Advanced Persistent Threat (APT): A sophisticated attack in which a hacker infiltrates the network for an extended period of time, conducting multiple small attacks or data thefts over the course of months or years. APTs are often not detected using conventional cyber security measures.
  • Malware
  • What is a malware?
  • Malware is the collective name for a number of malicious software variants , including viruses, ransomware and spyware. Shorthand for malicious software,

malware typically consists of code developed by cyberattackers, designed to cause extensive damage to data and systems or to gain unauthorized access to a network.

  • What are the different types of Malware?
  • Worms. Worms are spread via software vulnerabilities or phishing attacks. ...
  • Viruses. Unlike worms, viruses need an already-infected active operating system or program to work. ...
  • Bots & Botnets. ...
  • Trojan Horses. ...
  • Ransomware. ...
  • Adware & Scams. ...
  • Spyware. ...
  • Spam & Phishing. Cybersecurity policy:
  • What happens without a security policy?
  • Without information security, an organization's information assets, including any intellectual property, are susceptible to compromise or theft. As a result, consumer and shareholder confidence and reputation suffer potentially to the point of ruining the company altogether.
  • Comparing IT security & IT compliance:
  • Security is the practice of implementing effective technical controls to protect company assets. Compliance is the application of that practice to meet a third party's regulatory or contractual requirements.
  • What is bring your own device BYOD concept?
  • Bring your own device (BYOD) refers to the trend of employees using personal devices to connect to their organizational networks and access work-related systems and potentially sensitive or confidential data. Personal devices could include smartphones, personal computers, tablets, or USB drives.
  • Top BYOD risks
  • If your business does decide to allow employees use of their personal mobile devices for work purposes, you should be aware of the following risks:
  • 1. Data theft
  • If you let your employees use their own devices unchecked, it’s likely that some of the personal applications they use may not be as stringent with their security requirements. If an account they have for personal use is hacked, it could ultimately end up exposing corporate data and confidential information.
  • Cybercriminals are always looking for opportunities to steal potentially valuable corporate data, and improperly managed personal devices can provide the perfect opportunity. BYOD software can help MSPs significantly reduce the risk of data theft by allowing technicians to gain visibility into managed devices in order to spot suspicious activity or monitor application usage.
  • ways to protect your organization from these BYOD security risks:
  • Clearly define your Acceptable Use Policy for BYOD
  • Utilize a Mobile Device Management (MDM) solution
  • Provide proper user awareness training
  • Secure your network
  • Formulate a plan when an employee leaves
  • What exactly is the cloud?
  • The cloud refers to software and services that run on the Internet, instead of locally on your computer. ... Some examples of cloud services include Google Drive, Apple iCloud, Netflix, Yahoo Mail, Dropbox and Microsoft OneDrive
  • Is cloud important for cyber security?
  • Cloud computing means outsourcing, trusting a vendor to keep your data and transactions safe. Cybersecurity means keeping it all close, trusting on-site staff, procedures, and protocols to do the job. ... That makes cloud computing a necessary business strategy, and that, in turn, makes cloud security necessary as well
  • Standard Operating Procedures: The following minimum standards are required for any devices connected to or accessing organisation networks and systems:
  • 1. Software patch updates
  • organisation networked devices must install all currently available security patches in a timely fashion. Exceptions may be made for patches that compromise the usability of critical applications.
  • 2. Anti-virus software
  • Anti-virus software must be running and up-to-date on devices connected to the organisation network
  • 3. Host-based firewall software
  • Host-based firewall software such as Windows Firewall must be running and configured to blockunnecessary and unwelcome connections.
  • 4. Passwords
  • organisation systems or services must identify users and authenticate access by means of passwords which meet the minimum password complexity standards and be changed on a regular basis
  • 5. Encrypted communications
  • Traffic across the Internet may be surreptitiously monitored, rendering information vulnerable to compromise. Encryption shall be used when possible and at all times for communications containing personal information.

strategy or take action to deal with the risk, so it’s often a better use of your resources to do nothing for small risks.

  • 2. Avoid The Risk
  • You can also change your plans completely to avoid the risk. avoid riskThis is a good strategy for when a risk has a potentially large impact on your project. For example, if January is when your company Finance team is busy doing the corporate accounts, putting them all through a training course in January to learn a new process isn’t going to be a great idea. There’s a risk that the accounts wouldn’t get done. It’s more likely, though, that there’s a big risk to their ability to use the new process, since they will all be too busy in January to attend the training or to take it in even if they do go along to the workshops. Instead, it would be better to avoid January for training completely. Change the project plan and schedule the training for February when the bulk of the accounting work is over.
  • 3. Transfer The Risk
  • Transference is a risk management strategy that isn’t used very often and tends to be more common in projects where there are several parties. Essentially, you transfer the impact and management of the risk to someone else. For example, if you have a third party contracted to write your software code, you could transfer the risk that there will be errors in the code over to them. They will then be responsible for managing this risk, perhaps through additional training.
  • Normally transference arrangements are written up into project contracts. Insurance is another good example. If you are transporting equipment as part of your project and the van is in an accident, the insurance company will be liable for providing new equipment to replace any that was damaged. The project team acknowledges that the accident might happen, but they won’t be responsible for dealing with sourcing replacement kit, moving it to the right location or paying for it as that is now the responsibility of the insurance company.
  • 4. Mitigate The Risk
  • Mitigating against a risk is probably the most commonlymitigation of risk used risk management technique. It’s also the easiest to understand and the easiest to implement. What mitigation means is that you limit the impact of a risk, so that if it does occur, the problem it creates is smaller and easier to fix.
  • For example, if you are launching a new washing machine and the Sales team then have to demonstrate it to customers, there is a risk that the Sales team don’t understand the product and can’t give good demonstrations. As a result, they will make fewer sales and there will be less revenue for the company.
  • 5. Exploit The Risk
  • Acceptance, avoidance, transference and mitigation are great to use when the risk has a negative impact on the project. But what if the risk has a positive impact? For example, the risk that the new washing machines are so popular that we don’t have enough Sales staff to do the demonstrations? That’s a positive risk – something that would have a benefit to the project and the company if it happened. In those cases, we want to maximize the chance that the risk happens, not stop it from happening or transfer the benefit to someone else!
  • Exploitation is the risk management strategy to use in these situations. Look for ways to make the risk happen or for ways to increase the impact if it does. We could train a few junior Sales admin people to also give washing machine demonstrations and do lots of extra marketing, so that the chance that there is lots of interest in the new machine is increased, and there are people to do the demos if needed.
  • These are the 5 risk management strategies that you can use to manage risk on your project. You’ll probably find yourself using a combination of techniques, choosing the strategies that best suit the risks on your project and the skills of your team. However you decide to approach risk, make sure that you log the action plan in your risk log and keep it up to date with the latest progress towards managing your risks.
  • LO2:
  • Firewall and third party vpn’s
  • What are the impacts to IT security of incorrect configuration of firewall policies and third-party VPNs?
  • Breach avenues: A firewall misconfiguration that results in unintended access can open the door to breaches, data loss and stolen or ransomed IP. Unplanned outages: A misconfiguration could prevent a customer from engaging with a business, and that downtime leads to lost revenues

Mode description Block inbound and outbound traffic Default level. Offers the highest security. Only allows essential traffic through the firewall and authenticates the identity of applications using checksums. To allow applications commonly used in your organization to communicate through the firewall click Trust Block inbound and allow outbound traffic Offers a lower security level than Block inbound and outbound traffic. Allows your computers to access the network and internet without you having to create special rules. All applications are allowed to communicate through the firewall Monitor Applies to network traffic the rules that you have set up. If traffic has no matching rule, it is reported to the console, and only allowed if it is outbound. Enables you to collect information about your network, and to then create suitable rules before deploying the firewall to your computers After you have set up the firewall, you can view firewall events (for example, applications blocked by the firewall) in the Firewall - Event Viewer The number of computers with events over a specified threshold within the last seven days is also displayed on the dashboard

Third party vpn A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted

  • incorrectly configuring VPN impacts
  • A virtual private network (VPN) operates pretty much in binary mode: Either the secure connection is established or it isn't. If the secure connection does not successfully complete, it is not possible to send traffic to the secured resources. So there is little room for security breaches. However, VPN security breaches could still occur in subtle ways.
  • Here, I will focus on the IPsec VPN, which is the most secure VPN technology in deployment today. The SSL VPN has a complete set of separate challenges, particularly in conjunction with the use of Web browsers. Despite the perceived notion of the clientless SSL VPN, the Web browser is a critical client component of SSL VPNs. The convenience that comes with the proliferation of Web browsers has major security implications in the way the actual browser is being utilized and where -- which can lead to significant security breaches.
  • Returning to the classic client-based IPsec VPN, keep in mind that each VPN connection has two parties: the VPN client and, on the terminating end, the VPN gateway. Misconfiguring VPN clients to compromise security can occur in the manipulation of Phase 1 and/or Phase 2 proposals of the IPsec connection. If the client is configured to work withAES128, for example, and the user changes the encryption algorithm to DES (assuming the gateway allows DES as a valid security proposal), this would constitute a severe reduction in overall security because DES has much lower encryption strength and can be easily compromised. Thus, some control can already be exercised from the gateway end to not allow security protocols that do not meet state-ofrt VPN security.
  • Cons
  • No split tunneling on iOS
  • Apple product apps are slightly weaker
  • Weak Social Media Presence
  • How implementing a DMZ improve of security:
  • A network DMZ likely houses some of the highest-risk servers in an organization: those that provide direct connections to the Internet and are at significant risk of attack. An organization should do everything it can to lock down the DMZ and protect it from threats.
  • The term “DMZ” comes from the military concept of a demilitarized zone, a neutral area that separates warring parties. Instead of separating armies, a network DMZ is designed to separate the general public — and hackers — from an internal network. In the most common DMZ scenario, a firewall separates the network into three segments: the internal network housing critical resources, the DMZ and the Internet. Any communication between servers in different zones must pass through the firewall and is subject to network security policies.
  • The typical DMZ houses web servers, e-mail servers, DNS servers and other systems that must have some level of accessibility from the outside world. The DMZ is set up so that an attacker who is able to compromise one of these servers is able to leverage that server to gain access only to other systems in the DMZ, isolating the internal network from the attack. For this reason, it’s critical to design added layers of security control around the DMZ. - Here are four tips to help ensure that a DMZ is secure:
    1. PRESERVE ISOLATION AS MUCH AS POSSIBLE.
  • Keep the rules that allow traffic between the DMZ and an internal network as tight as possible. Too often, administrators seeking to troubleshoot a problem create a rule allowing full access between a DMZ system and a back-end server on the internal network (or the entire internal network). This defeats the purpose of the DMZ and effectively merges it with the internal network. Instead, create specific firewall rules that allow communication only between specific servers on specific ports required to meet business requirements.
    1. PRACTICE GOOD VULNERABILITY MANAGEMENT.
  • DMZ servers are exposed to the world, so take extra steps to ensure that they are fully patched to deal with the latest security vulnerabilities. Many security professionals recommend daily, automated vulnerability scans of DMZ systems that

provide rapid alerts of newly detected vulnerabilities. In addition, consider patching DMZ systems on a much more frequent basis than protected systems to reduce the window of vulnerability between the time when a patch is released and its application to DMZ servers.

    1. USE APPLICATION LAYER DEFENSES FOR EXPOSED SERVICES.
  • Choose a network firewall that has strong application layer protection, rather than just a port filter. A firewall should have the ability to inspect the content of traffic and block malicious requests. One common example of this is screening inbound web requests for signs of embedded SQL injection attacks, preventing them from even reaching the web server.
    1. MONITOR
  • The DMZ should be one of the major focuses of an organization’s network monitoring efforts. Use intrusion detection systems, security incident and event management systems, log monitoring and other tools to remain vigilant for signs of an attack.
  • DMZ systems are at the pointy end of the network security spear and are subject to external attack on a daily basis. For this reason, it’s important to take the time to ensure that they are among the most secure servers in an organization and are rigorously maintained.

country and saying "Call me back at 123456." Without an area code, this information is useless.

  • (Actually, the Internet takes this one step further: if you use one of these reserved internal IP addresses to make your request, most routers handling Internet traffic will completely ignore, or "drop" the message.) In order for this traffic to get through, these addresses need to be translated from the internal IP address to a valid IP address. When a response is received, your ISP "remembers" where it came from and sends it back to you. This also helps secure your network by hiding the true IP addresses of your computers.
  • What is DNS? When your computer needs to locate another computer on the Internet, it contacts a Domain Name Server (DNS) to find out the IP address, so the two computers can communicate directly. If that DNS server doesn't know, it contacts other DNS servers until the IP address is located. The address is passed back down to your computer, and it uses the correct IP address to communicate directly. Wireless networking operates on many of the same principles as conventional networking.
  • Benefits of Network Monitoring
    1. Stay ahead of outages
  • What causes IT outages? Human error, configuration issues, and environmental factors can all contribute. Implementing network monitoring is one of the most basic and simple ways to prevent these outages from happening in the first place.
  • Network monitoring gives you the visibility you need to stay one step ahead of potential issues. By showing live network performance data in an easy-to-read interface, network monitoring software helps you identify outages that could cause bottlenecks.
  • 2. Fix issues faster
  • In a down situation, time is money. Network monitoring makes problem-solving easier and faster for time-strapped network professionals.
  • Whether you're dealing with a configuration error or an abnormal traffic fluctuation, network monitoring software helps you get to the bottom of issues once and for all. Live network maps lead you to the origin of problems, and status windows give you performance metrics over time.
  • Also, network automation tools help you go one step further. Not only can you identify problems via network monitoring, but you can fix them automatically, without having to get a person involved.
  • 3. Gain immediate ROI
  • IT teams face heavy workloads and increasingly complex projects, often without the ideal time, staff, or budget needed to complete them. The right network monitoring tool can deliver immediate ROI. Without the need to manually dig into network performance, staff have time back in their day to work on more critical projects. Seeing the source of issues cuts down on tedious troubleshooting time. And getting ahead of IT outages reduces the costs of outages to your organization
  • LO3 & L04:
  • What are the five steps to risk assessment?
  • Step 1: Identify hazards, i.e. anything that may cause harm.
  • Employers have a duty to assess the health and safety risks faced by their workers. Your employer must systematically check for possible physical, mental, chemical and biological hazards.
  • This is one common classification of hazards:
  • Physical: e.g. lifting, awkward postures, slips and trips, noise, dust, machinery, computer equipment, etc.
  • Mental: e.g. excess workload, long hours, working with high-need clients, bullying, etc. These are also called 'psychosocial' hazards, affecting mental health and occurring within working relationships.
  • Chemical: e.g. asbestos, cleaning fluids, aerosols, etc.
  • Biological: including tuberculosis, hepatitis and other infectious diseases faced by healthcare workers, home care staff and other healthcare professionals.
  • take account of any new working practices, new machinery or more demanding work targets. data protection processes and regulations in organisation
  • Raise awareness across your business. ...
  • Audit all personal data
  • Update your privacy notice
  • Review your procedures supporting individuals' rights
  • Review your procedures supporting subject access requests
  • Identify and document your legal basis for processing personal data.
  • Review how you seek, obtain and record consent
  • Review the data you hold on children
  • Establish procedures to detect, report and investigate a personal data breach
  • Review your processes around Data Privacy Impact Assessments
  • Appoint a Data Protection Office (DPO)
  • ISO 31000: OVERVIEW
  • ISO 31000 is an international standard published in 2009 that provides principles and guidelines for effective risk management. It outlines a generic approach to risk management, which can be applied to different types of risks (financial, safety, project risks) and used by any type of organization. The standard provides a uniform vocabulary and concepts for discussing risk management. It provides guidelines and

principles that can help to undertake a critical review of your organization’s risk management process.

  • The standard does not provide detailed instructions or requirements on how to manage specific risks, nor any advice related to a specific application domain; it remains at a generic level.
  • Relative to older standards on risk management , the 31000 standard innovates in several areas:
  • it provides a new definition of risk as the effect of uncertainty on the possibility of achieving the organization’s objectives , highlighting the importance of defining objectives before attempting to control risks, and emphasizing the role of uncertainty
  • it introduces the (sometimes controversial) notion of risk appetite , or the level of risk which the organization accepts to take on in return for expected value
  • it defines a risk management framework with different organizational procedures, roles and responsibilities in the management of risks
  • it outlines a management philosophy where risk management is seen as an integral part of strategic decision-making and the management of change
  • The risk management process outlined in the ISO 31000 standard includes the following activities:
  • Risk identification : identifying what could prevent us from achieving our objectives.
  • Risk analysis : understanding the sources and causes of the identified risks; studying probabilities and consequences given the existing controls, to identify the level of residual risk.
  • Risk evaluation : comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable.