Evaluation

profilekumar_469
group5.pptx

Countermeasure plan for Cyber-attacks on Solomon Enterprises

Group 5

Satya Naga Pavan Kumar Achanta

Anilreddy Aleti

Narsa Reddy Aleti

Prasadh Venkatraman Kailat

Phani Monogya Katikireddi

Sweetyben Shah

Yokesh Nanda Vejella

University of the Cumberlands

Caterpillar: Confidential Green

The challenging internet Era

Solomon enterprise

Medium size company located united states

$200 Million revenue

Evaluating security policy that is in place

Introduction

Caterpillar: Confidential Green

2

Administrative controls

Administrative controls to prevent & mitigate potential cyber-attacks

Background verification

Companies worked at (Collatz, 2018).

Titles held (Collatz, 2018).

Employment dates (Collatz, 2018).

Work responsibilities (Collatz, 2018).

Evaluation of job switch, re-hire, or termination (Collatz, 2018).

Credit history evaluation (Collatz, 2018).

Criminal background check (Collatz, 2018).

Caterpillar: Confidential Green

Administrative controls

On-boarding agreements

Confidentiality and non-disclosure agreements (Legagneur, n.d.).

Training & awareness programs (Legagneur, n.d.).

Continuous monitoring & evaluation (Legagneur, n.d.).

Company device use and return policy (Legagneur, n.d.).

Training and bridging programs

Raise awareness (Zoe, 2019)

Monitor & train employees (Zoe, 2019)

Convey significance of employee’s role in cyber-security (Zoe, 2019)

Caterpillar: Confidential Green

Physical Controls

These are the measures that are designed to prevent unauthorized access to facilities, equipment, and the protection of personnel, software, networks and data from malicious physical deeds (Babiceanu & Seker, 2016).

The breach of the physical protection can result to a lot of damage of property, injury or death of employees and loss of important information in an organization

One of the most fundamental aspects to consider in protection and security of an enterprise is its location because this will assist in choosing the security measures or deterrence methods to be applied (DiMase et al, 2015).

It includes CCTV, movement sensors, glass break sensors among others and its purpose it to trigger security response when all other forms or protection have been breached (Kriaa et al, 2015).

Caterpillar: Confidential Green

Technical controls

Firewall - All the IP addresses are in blacklist by default

VERACODE - Source Code Security Analyzer Tool

Splunk for logging

Encryption - Handling CSRF attacks

Caterpillar: Confidential Green

Information security policy, standards and practices

Management should consider policies as the basis for data security measures. (Loader, B., & Thomas, D. 2000).

Procedures, practices and guidelines fully explain on adherence to security policies. (Loader, B., 2000).

Policies direct on address of issues and use of current technology. (Loader, B., & Thomas, D. 2000).

Security policies are cost friendly and easy to use but difficult to implement. (Loader, B., & Thomas, D. 2000).

Shaping of policies is difficult as policies must not conflict with law and should be well administered. (Loader, B., & Thomas, D. 2000).

Caterpillar: Confidential Green

System-specific policy (SysSPs)

SysSPs are defined as standards and procedures used in maintaining or configuring systems. (Lucasik, S., Goodman, S., & Longhurst, D. 2003).

System-specific policies fall into two groups:

Access Control Lists (ACLs) which consists of the access control lists, matrices and the governing tables that give an end user the right and privilege to access a system. (Lucasik, S., Goodman, S., & Longhurst, D. 2003).

Configuration rules which define the configuration codes that should be entered into a security system to access and control the execution of the system. (Lucasik, S., Goodman, S., & Longhurst, D. 2003).

Caterpillar: Confidential Green

Legislation/Regulations or industry standards

Gramm Leach Bliley Act:

It is a United States federal law that requires organization to explain how they share and protect their customers private information (Gian, 2010).

Safeguard deals with companies collecting sensitive information from their customers including names, address and bank details etc..

Protecting employer Information inside organization and selecting organization

Caterpillar: Confidential Green

Invaluable Feature of Wireshark

Wireshark is a reliable conglomeration of cybersecurity system applications that features an impregnable firewall system and a host of shields capable of covering all types of Solomon’s ICT system networks such as VPN, LAN, WAN, and WLAN just to mention a few (Perlman, Kaufman & Speciner, 2016)

Important Wireshark Features 

Wireshark will be very useful in capturing the data of Solomon Enterprises as it “deciphers” the makeup (encapsulation) of multiple networking protocols (Lin, 2015). 

Live feeds of information can be garnered and interpreted from different network types, inclusive of IEEE 802.11, Ethernet, loopback, and PPP. 

Network Security Tools

Caterpillar: Confidential Green

Network Security Provisions

Wireshark sees to it that all customers have the latest possible technologies to deal with security challenges (Stallings, 2017). 

With Wireshark elevated privileges are not required for all operations. For instance, an option is to run tcpdump or the dumpcap utility that comes with Wireshark  with super end user advantages to capture packets to a single file and then conduct an analysis of the packets through  running Wireshark with limited advantages.

Network Security Tools

Caterpillar: Confidential Green

Conclusion

Veracode

Wireshark

Splunk

Caterpillar: Confidential Green

References

Babiceanu, R. F., & Seker, R. (2016). Big Data and virtualization for manufacturing cyber-physical systems: A survey of the status and future outlook. Computers in Industry, 81, 128-137

Collatz, A. (2018). What Shows Up on An Employment Background Check.

DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), 291-300

DuPaul, N. (2013). Retrieved from: https://info.veracode.com/vast-soss.html

Federal Trade Commission, protecting America Consumers. (2006). Retrieved from:

https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying

Gian, S. (2010). Federal Information Security and Data Breach Notification Laws. Retrieved

from https://fas.org/sgp/crs/secrecy/RL34120.pdf

Jolina, C. C., (2002). The Gramm-Leach-Bliley Act, 17 Berkerley Tech L.J

Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., & Halgand, Y. (2015). A survey of approaches combining safety and security for industrial control systems. Reliability engineering & system safety, 139, 156-178

Legagneur, J. G. (n.d.). How to Protect Company Property in an Employee Separation Agreement. Retrieved July 20, 2019, from https://www.nolo.com/legal-encyclopedia/how-to-protect-company-property-in-an-employee-separation-agreement.html

Caterpillar: Confidential Green

13

References

Legagneur, J. G. (n.d.). How to Protect Company Property in an Employee Separation Agreement. Retrieved July 20, 2019,  

Lin, D. (2015). U.S. Patent No. 9,112,895. Washington, DC: U.S. Patent and Trademark Office

Loader, B., & Thomas, D. (2000).  Cybercrime.  London: Routledge

Lucasik, S., Goodman, S., & Longhurst, D. (2003).  National strategies for protection of critical infrastructures from cyber-attack.  London: Oxford

Lu, S. (2015, March 9). Employment Verification: A Crucial Check. Retrieved July 20, 2019, from

 

Mohammed, Z. H. S. (2010). Authentication and Authorization: Security Issues for Institutional

Digital Repositories

Moore, R. (2005). Cyber Crime: Investigating High-Technology Computer Crime. Cleveland

Warren, G.K., Jay, G. H., (2002). Computer forensics: incident response essentials.

Addison-Wesley

Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education, India

Pfleeger, C., & Pfleeger, S. (2002). Security in computing, third edition.  Upper Saddle River, NJ: Prentice-Hall PTR

Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and

Prevention Systems (IDPS), National Institute of Standards and Technology (NIST)

Stallings, W. (2017). Cryptography and network security: principles and practice (pp. 92-95). Upper Saddle River: Pearson

Wack, J., Cutler, K., & Pole, J. (2002). Guidelines on Firewalls and Firewall Policy

Zoe, E. (2019, March). Cyber security training for employees: The What, Why and How. Retrieved July 20, 2019,

Caterpillar: Confidential Green

14

Question???

Caterpillar: Confidential Green

Thank You!

Caterpillar: Confidential Green

16