assignment 2

This report is based on the based on the scenario where I as a head of the security department needs to plan for various security processes so that the data are safe and secure. This report briefly talks about the cyber security and crime then proceeds to the planning process and the security countermeasures where we discuss different mitigation plan for various attacks. This report gives details on how we can train the employees of the organization and gives the security policy that needs to be followed by the employees of my company so that to maintain the security. In order to overcome the cyber crimes, we have discussed various methods and processes that can be used to prevent from theft and damage of the information.

Data are all the vital information of an organization stored in a certain place such as here in the computer or the cloud storage. These data are the information that shape the organization, that helps the organization to grow and overcome various obstacles. As it is a valuable possession of the organization, it should protect the information at all means. Theft of such important information may lead to demolish of the organization or may hamper the organization critically. There have been various cases where data are stolen and in exchange for the data crypto currency or huge amount of money is asked by the hacker. Some examples are, in September 2018 a group of hackers hacked about 90 million Facebook user accounts as they found the vulnerable part of Facebook from the “View As” tool which showed users what their profile looked like to other people. This helped the hackers to steal Facebook access tokens and with that help they overtook 50 million profiles. This caused Facebook about 1.63 billion dollars. Another example we can take is when Yahoo was hacked in 2014 where the hacker stole real names, email addresses, date of birth and telephone numbers, passwords of 500 million users and in 2013, Yahoo was hacked by different groups for the same purpose and stole details of about 1 billion users. This caused Yahoo about $350 million and Verizon paid about $4.48 billion for Yahoo’s core Internet. Thus, security of such data is very important.

Security is a certain factor in a company that can build the organization or downgrade the organization. It is a major task of the company to secure the data. Security is the responsibility of every members of the company. There should be certain rules and plans to help secure the company from theft, or other harmful attacks. Failure to meet these rules and plans will and surely have a huge impact on the growth of the business. Security plan is a planning made by the security group and the top members of the organization to secure their information within the company, how they can avoid various attacks and what will be the next step to manage if they have been attacked by some malwares or have been breached. In the organization, as a head of the security department, it is my responsibility to take care of all the required action in order to save from security breaches. There are various defects in the company’s security so it is our duty to overcome those defects and have a strong security system where uncertified party cannot breach our system to steal or install a harmful software. Here, we need to protect the hardware and the software so that no one can breach into our system. The security should look into all the areas where they can secure all the areas and should be planned ahead if there will be and breaches in the system. The security plan that should be followed are as follows:-

1. Identifying the risks:

The first and foremost step in every organization is to identify the risk. We need to identify which part of our system is very vulnerable to be breached and what kind of actions are required to make the system strong. Identifying the risk will help a lot to secure the data and plan. Identifying risks according to its category such as software and hardware will help security team to take measures to secure it by installing anti-viruses and firewalls, securing the network etc. or for the physical items by installing security cameras and guarding the items. We can plan ahead for the actions we can take when we need to face an attack too.

2. Risk assessment:

Risk assessment helps a lot in planning the security for the organization. To conduct a risk assessment first we can discuss all the risks and identify them according to its priority and risk level. Higher the level, higher will be the security and intense planning and vice versa. Anything that has a higher level of threat should be overcome first and as soon as possible as it will have very high impact on the organization and gradually planning for other threat levels. This way we can plan accordingly and save time which is the most essential factor in security.

3. Identifying the threats and attacks:

A threat refers to anything that can have serious harmful impact on the computer system. Threats leads to attack on computer system which may cause stealing or destroying of data in the computer system. Attacks on computer are done usually on the vulnerable parts of the system and using various software and malwares. On the physical goods threat means of breaching the organization’s area and stealing the hardware, destroying the computer and its components. Whereas, for the abstract goods such as data and computer system, threats include installing of various harmful software and malware which in return steals the data from the computer storage, destroys them and blackmails users for certain monetary value in order to retrieve he stolen data. Some malwares and viruses used to attack in a system are Trojan, worms, virus, ransomware, etc. These hackers lures users to install their software and steal various vital information of the organization and ask for huge amount of money in return. Nowadays, the hackers ask in money in the form of cryptocurrency which has a very high value and this currency is encrypted so there is no way one can catch the hacker. The attacks damages the data and to bring back the system as usual needs a huge amount of money too. Thus, securing the system is a must to prevent from such loses. The security team should be active and should keep updating with their anti-viruses and other security software so that there are no breaching of the system. There should be guarding their hardware thoroughly and should be prepared for attacks any time as it is very crucial to act upon it to save the organization from loss.

Attackers attack the computer system in various ways. Cyber attack has been increasing day by day with new methods to attack and harm the system. It has become more tough to secure the system and data from attackers. Various new measures should be taken into consideration in order to protect the computer system and its data. To come up with new measures and solutions to protect the data, the organization will sum up more resources and better planning so that the threats may not harm the organization. Some data are stored in hardware and some are stored in the virtual storage system. There should be planning where these both can be secured. Some of the countermeasures are:-

1. Installation of Security cameras in various places of the organization: This is done usually for hardware of the organization. Many information are stored in the computer’s hardware of the organization. Thieves tend to steal important data from the organization by stealing the physical storage of the computer. Security cameras in different corners of the organization’s building will help detect the thief trying to steal the hardware or even if they succeed to steal the hardware, we can tract the thief through facial recognition and retrieve the lost data.

2. Technical measures:

Technical measures refers to preventing, detecting, mitigating and responding the cyber attacks through various technological tools for software and hardware. These measures include installation of internationally recognized security standard within the company where critical places needs more attention and need better infrastructure. This also includes installation of different security tools such as firewalls, Anti-viruses, Anti- malwares, Intrusion Detection System and Intrusion Prevention system. The anti-viruses and other system should be updated time and again and should be checked regularly and should be fixed as soon as possible if there is any bug.

3. Organizational measures:

Organizational measures refers to regular check if the rules and initiative policies are being followed properly or not. This measures include establishing national critical infrastructure protection policy, creating a framework for proper implementation, evaluation and maintenance of the cyber security, hosting various information security related programs for the organization and regularly conducting audits to check the security system.

4. Following the cyber threat intelligence:

Cyber threat intelligence can be referred as the accumulated intelligence before a attacker can target and attack the organizations system. This will help the organization to understand and mitigate the risks of internal and external threat actor. This enables organizations to take proactive cybersecurity approach and to take preventive actions before the attacker can attack the system and steal the data. There are 4 different cyber threat intelligence. They are as follows: a. Tactical Cyber threat intelligence: The data is acquired through real-time monitoring of systems with information related to adversary’s actions inside the organization. b. Technical Cyber threat intelligence: The data is acquired through technical means such as malicious IP addresses which helps the organization to take preventive measures such as blocking the unidentified IP address. c. Operational Cyber threat intelligence: The data provides details about the incoming attack such as malwares and guides and supports the organization to response to the specific attack. This will also help the organization to determine future threat. d. Strategic Cyber threat intelligence: The high level information is represented by this data where cyber threat warning is scanned frequently. This data gives information about the malicious cyber actor and the impact caused on the higher level of the business.

5. Backup storage: Data that are important should be backed up so that even when attacker succeeds to destroy the data, we are not impacted by the loss. Every information relating to the strategy of the company, the financial data, the past data etc. should all be backed up. There are various back up storage where one can use such as cloud services or even on various other devices.

Employees are the people who build the company and take the company to the top. They are very important assets of the organization and skillful and hardworking employees will lead to the growth of the company. They are the ones who continually are attached with the system of the organization. They are the ones who can bend the company to the growth if treated good and well. Not only the security department but all the employees in the organization should be trained properly incase to prevent from breaching by outer enemies. Threat levels are always there if the employees don’t take security measures or ignore the procedures. Untrained employees may lead to vulnerable openings for the hackers to hack the computers such as when the password is weak of the employees login profile, if they use corrupted external devices in the organization’s system like pen-drives or external hard-drives, or if the employees open an unauthorized emails containing malwares and viruses or downloading unauthorized software. There is risk in each step if the employees aren’t properly trained in the matter of security. Training should be provided to the employees from time and again relating to different aspects of security. They should be given knowledge about what we should do and what we shouldn’t do that may harm the organization’s system. They should provide proper and strong passwords and should be trained to change them every 6 months for strong security. They should be trained to be careful when they receive scams and unauthorized emails and should be given knowledge to use office devices only for office use. If proper training is provided, then there won’t be problem relating to security. For the security department, employees should be educated time and again about the new malwares or viruses and how the attackers can attack the system. They should be taught to overcome various malwares and prepared to restore data if they are in attack. The security department are the main employees who look after the security of the organization so very skilled training should be provided otherwise the company may fail to secure from breaching or stealing costing the company a fortune.

Security policies are the rules and regulations that is provided by the organization and the security team regarding the security and should be followed by each and every employees of the organization. It is the written policy from which organization make sure that the data in the organization are safe and protected. If failed to meet these rules and regulations even by one employee may lead to vulnerable paths where the hackers can easily pin point and steal the data or damage them. The security policies are as follows:

i. The password and login details of the employees should be kept confidential.

ii. Important data and information should be kept confidential and should not reach to the outer world.

iii. Only authorized person should have authority to see the higher level information.

iv. External devices provided by the organization such as pen drives and external hard drives should be used for office purpose only and should be scanned every now and then.

v. Every information should be properly backed up.

vi. Employees should not go to restricted sites and should not download anything unauthorized.

vii. Employees should follow all the given rules or serious punishment may be given to them.

Cyber security is a very crucial part in every organization. This report analyses every aspect of cyber security. It has been seen from the analysis that cyber security has increased every day and every organization based on the internet are vulnerable to theft. There are various measures that needs to taken into considerations so that there won’t be any hacking. This report shows that various security plan needs to made and with time should be updated where, various mitigation process should be followed and this report also has various counter measures to overcome various cyber crimes. This report also discusses that training the employees of the organization is very important for security and being the head of the security department, various policies has been made which needs to be followed by each employee of the organization in order to secure the data of the organization. Even though we take every measures to secure the system, breaching can happen anytime and with new software so the company should be prepared 24/7 to tackle the attack. Thus, this report shows how we can overcome the cyber attacks and how to prevent from those attacks.

Maglaras L., Ferrag M. A., Derhab A., Mukherjee M., Janicke H., Rallis S., “EAI Endorsed Transactions on Security and Safety: Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures.” 2018