3 part assignment (total 3.5 pages, approx 1000 words)
re.bertyh.elpsfuben.t
CYB110Week1IndividualProtectingData.docx
1 page table is required, you can use all tables to make one
Create a 1-page table in Microsoft® Word or Excel® listing a minimum of five threats using the column headers Threat to Data-at-Rest, Confidentiality/Integrity/Availability, and Suggestion on Countering the Threat.
In the Confidentiality/Integrity/Availability column, identify whether each of the following are affected:
· Confidentiality
· Integrity
· Availability
· Some or all of the three (Confidentiality, Integrity, and/or Availability)
Include suggestions on how to counter each threat listed.
Place your list in the 3 columns of a table in a Microsoft® Word or Excel® document.
Submit your assignment using the Assignment Files tab.
Protecting Data
|
Threat to Data-at-Rest |
Confidentiality Affected? |
Integrity Threat |
Availability Threat |
Suggestions on how to counter Threat |
|
Denial of Service (DoS) to company website (not accessible), or to computer software / hardware (power failure) / Temporary loss of data or services that may or may not be restored (Smith, 2016). |
|
|
Yes |
Risk can be countered for website transactions by implementing an alternative method of accepting payments (in-store); or for computer hardware/software by installing an uninterruptable power supply (UPS) to allow systems to function without power. |
|
Identity Theft / Threat to customers regarding identity theft, fraud, theft of funds, etc. and threat to organization storing the data regarding lawsuits, exposure to loss, etc. |
Yes |
Yes |
|
Risk can be countered by encrypting data, educating consumers to keep account numbers secure, and identifying any vulnerability in the system where data can be accessed. |
|
Disclosure / Threat of confidential company data being exposed to others who are not authorized to view it. |
Yes |
|
|
This type of threat can be countered by implementing complex passwords on laptops and desktops to protect company data exposure. |
|
Masquerade / Access to company network via user who pretends to be the real user and sends messages or manipulates electronic data. Risk of Identity theft. |
Yes |
Yes |
|
Response to counter this type of threat is to implement a layered security structure. Limiting access via Least Privilege Controls would be a good defense. |
|
Physical Damage to Data or Hardware / According to TrustedComputingGroup.org (2017), “Data backup, off-site mirroring, and other data replication techniques may increase the risk of unauthorized access” or loss. (p. 1, Solutions Guide for Data at Rest). |
|
Yes |
Yes |
Data stored off-site should definitely be encrypted. If possible, using several layers of encryption is a viable solution. Backups are a critical factor in recovering from this type of threat. |
|
Ransomware / Liability would be greater and damages can be extreme, if no backups exist then company will have to pay a ‘ransom’ to get the encryption key to unencrypt their data files and restore them. |
Yes |
Yes |
Yes |
The best defense of this type of threat is to have a service such as Datto and a Datto backup continuity device installed so that the entire company’s data is backed up on scheduled intervals. This would alleviate the need to pay cyber criminals a monetary ransom to get the encryption key to unlock a company’s data. |
|
Physical Loss / Stolen/Lost mobile devices containing sensitive company data. |
Yes |
Yes |
Yes |
Applications are available to install on mobile devices that allow users to wipe their device remotely. This would help secure stored data at rest on mobile devices. |
|
Subversion / Viruses, Worms, and Botnets can infiltrate company website and download malware through company network/files/database. |
Yes |
Yes |
Yes |
Periodic updates to anti-virus software will be a necessity in keeping the system free of potential security breaches. |
Table 1. Cyber Threats and Risks for CIA (2017).
References
Smith, R. (2016). Elementary information security (2nd ed.). Jones & Bartlett Learning.
EC-Council Official Curriculum (2016). Certified secure computer user: EC Council courseware. EC-Council.
TrustedComputingGroup.org (2017). Solutions Guide for Data at Rest. Retrieved from https://www.trustedcomputinggroup.org/wp-content/uploads/SSIF_Solutions_Guide_for_Data-at-Rest.pdf
Table 2
CYB/110 Week 1 Assignment
Protecting Data Table
|
Threat to Data-at-Rest |
Confidentiality/Integrity/Availability |
Suggestion on Countering the Threat |
|
Unauthorized access to unused data while on Database. |
Confidentiality, as unauthorized access to the data will compromise user’s privacy. |
The simple suggestion would be to take great steps on who is authorized to access the database and investing extra money to ensure the data is well secured while not being active. |
|
Loss of inactive data from a corrupted HDD. |
Availability since the loss of data means it won’t available when it is needed |
The suggestion to counter corrupted issues would be to set up at least a RAID 1 configuration to decrease the possibility of Data Loss. |
|
Data-at-Rest becoming unreadable from changing programs or different updates |
Availability as incorrect updates or a change of program can compromise availability to said data |
Performing Software testing before rolling out new software updates or converting to a new program to ensure the older data is still accessible with new software. |
|
Insufficient amount of Bandwidth to access the Data-at-Rest when needed |
Availability as an insufficient amount of bandwidth and prevent users from access the inactive data when needed. |
Perform regular tests to ensure proper network speed. This will guarantee the data will be efficiently accessible if needed instead of worrying about slow load times. |
|
Out of date security which compromises the Data-at-Rest if not properly current in security standards. |
Confidentiality since out of date security standards can compromise the privacy of the confidential Data-at-Rest. |
While updating the more used software, the company must also consider the data that is less used but still important. They need to routinely compare the network security of the data-at-rest to the most current security standards. |
Table 1. Protecting Data (2017).
Reference Page
Smith, R. (2016). Elementary information security (2nd ed.). Jones & Bartlett Learning.
Table 3
CYB/110 Week 1 Assignment
Protecting Data Table
STUDENT NAME
Protecting Data
|
Threat to Data-at-Rest |
Confidentiality Affected? |
Integrity Threat |
Availability Threat |
Threat Mitigation |
|
Database of Account Numbers / Threat to customers regarding identify theft, fraud, theft of funds, etc. and threat to organization storing the data in regard to lawsuits, exposure to loss, etc. |
Yes |
Yes |
Yes |
Risk can be countered by encrypting data, educating consumers to keep account numbers secure, and identifying any vulnerabilities in the system where data can be accessed. |
|
Employee Database / Threat to company from cyber criminals who can steal this information and commit identity theft using the employee’s information such as social security #’s, address, salary, etc. |
Yes |
Yes |
Yes |
Risk can be countered by enacting authentication controls thereby limiting access to this data and strong security to protect data from outside threats. |
|
Customer Database / Similar threat as employee database, only more exposure for companies because liability would be greater and damages can be extreme. |
Yes |
Yes |
Yes |
Database encryption seems to be the number one protection for data at rest. |
|
Student Database / Threat of cyber-attack whereas student identifying information could be stolen and/or if threat coming from students themselves, risk of grade changes, etc. |
Yes |
Yes |
Yes |
Authentication controls, encryption, |
