Evaluation
Cyber Security Laws & Regulations
Solomon enterprises
7/20/2019
1
Emerging Threats and Counter Measures (ITS-834-23)
Agenda
Introduction
Administrative Controls
Physical Controls
Technical Controls
Security Policies
Legislation/Regulations or industry standards
Network Security Tools
Conclusion
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
2
1.Introduction (Swapna Mallireddy)
Business transactions have been made easier through IT and Technology has made it possible for people to infiltrate organizations and steal their secrets.
Data security is important because any form of data breaches may lead to serious consequences such as data loss.
To mitigate the possible treats unauthorized use, deleting of the data, service provider checks through a third party, control data access to its employees based on project role and position are needed.
Though, hardware and software are expensive, they are the best way to counter all the attacks.
Solomon's business should control the virtual users using the remote access as it increases the chances of cyber attackers. To minimize this educating the employees in terms of how it happens and the right measures to undertake in case of an attack.
All devices should be up to date with all the safety measures put in place such as updated antivirus.
Need to ensure appropriate access rights are given to access the data for effective data protection.
To minimizes the chances of password cracking, ensure to use strong passwords and changing the passwords often thus making it hard to be cracked by hackers.
Protection has, therefore become a necessity for any organization.
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
3
2.Administrative Control (Harshavardhan Dasara)
Updating its widows and operating systems- using outdated operating systems and widows exposes Solomon's business to adverse data bleaches threats.
First, there are no more supports from provider meaning the systems a re much exposed to hacking and other data bleaches and second, it is faced with a lot of compatibility issues.
This can be achieved through ensuring that it establishes access rights and only the right person is around to access certain data from the organization.
To minimize chances of data cyber-attacks, the organization should ensure to educate its employee about cyber-attacks in terms of how it happens and the right measures to undertake in case of an attack.
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
4
3.Physical Controls (Vikram Goud)
5
Emerging Threats and Counter Measures (ITS-834-23)
7/20/2019
CCTV
Biometric
Motion Sensors
Security Alarms
Guards
4. Technical Controls (Kalyan Koppolu )
Classic model of information security defines in three objectives
Confidentiality
Integrity
Availability
Tools
Authentication
Access control
Encryption
Password security
Backups
Firewalls
Intrusion Detection System (IDS)
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
6
5.Security policies (Vijay Cherukupalli)
Three main types of policies exist
Organizational (or Master) Policy.
System-specific Policy.
Issue-specific Policy.
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
7
The master security policy can be thought of as a blueprint for the whole organization’s security program. It is the strategic plan for implementing security in the organization.
A System-specific policy is concerned with a specific or individual computer system. It is meant to present the approved software, hardware, and hardening methods for that specific system.
An Issue-specific policy is concerned with a certain functional aspect that may require more attention. For this reason, a separate policy is prepared for that issue to explain with details the required level of security, and the instructions that all staff in the organization must abide by to achieve this level
7
6.Cyber Security Laws & Agencies (Venkateswara Reddy Tallapu Reddy)
FISMA, NIST, GPEA, C&A, ECPA, OMB, HSA and many more
Each State will have a governing body to enforce these laws
Solomon Enterprises is in 5 different states, Florida(Agency for State Technology),Texas (Statewide Data Coordinator), Arizona(Statewide Information Security and Privacy Office), Montana(State Agency for Security),Missouri (Chief Information Security Office)
These laws enforces key features like
1. Personal Information Definition
2. Persons Covered
3. Encryption/ Notification Trigger
4. Specific Content Requirements
5. Timing
6. Penalty/Private Right of Action
7. Other Provisions
Personal Information Definition, Penalty/Private Right of Action
7.Networking Security Tools – Snort (Sriteja Thuraka)
Networks are very important for any organization because they help to communicate with other devices, and this is how large networks are generated.
There are a variety of tools which are currently available in the market and Snort is just one of it.
The Snort toolkit is free Intrusion Detection System and runs on any modern operating system and any old hardware we have and the real investment in the Snort IDS is your time and effort.
One of the best and most overlooked things about Snort IDS rules is that they are open source.
Rule syntax has evolved to provide better ways to accomplish certain goals, such as the "established" keyword that replaces the older method of looking at TCP flags in many circumstances.
You can manually check Snort using some simple test rules. For this test to work, you'll need to add one or more of these rules to your setup.
7/20/2019
9
Emerging Threats and Counter Measures (ITS-834-23)
8.Conclusion (Srinath Reddy Anumasu)
Solomon company works using a VPN connection which needs careful connections to reduce the chances of vulnerabilities through intrusion forms.
Failure to use a careful connection of VPN connections the VPN connection exposes the company data to bleaches because it uses the public network which may be vulnerable to external attacks and usually have high operating costs due to less bandwidth.
Finally, Solomon company should ensure that it deactivates all disposable accounts of which employees have been laid off or left (Williams, 2007). This ensures that employee who is no longer working have no access to important company information and thus not risking the business data
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
10
THANK YOU
7/20/2019
Emerging Threats and Counter Measures (ITS-834-23)
11