Lockdown

Running Head: CYBER OPERATION AND RISK MANAGEMENT 1

CYBER OPERATION AND RISK MANAGEMENT 2

Cyber Operations and Risk Management

Dept of Cybersecurity, University of Maryland Global Campus

CYB 670: Capstone in Cybersecurity

Professor Karl Olson

June08, 2022

Introduction

The world has longedfor advanced technology for a long time, and finally, it is now available. With the help of modern technology, software developers can design new systems that can solve complex problems within a short time. Other than the great processing speed, the output we get from these software systems is excellent. They are capable of delivering and presenting the output in an orderly manner andthe required format. These capabilities have positively impacted business growth allowing most organizations to handle their clients' needs on time, giving them an excellent reputation. Despite the great things technology has brought, there are various emerging problems that can negatively impact businesses andorganizations using the systems. Security status is a challenge that everyone should be careful about.

There are many emerging threatscapable of affecting system integrity, confidentiality, and availability (Lord, 2018). Threats such as malware are the main and the most common problem. Currently, many businesses are losing millions of cash due to these malware threats. Malware exists in various forms; the most common form is Spyware which allows attackers to spy on what system users are doing, steal critical information, and send it to attacks. The malware is designed to exploit vulnerabilities in the system code, making it possible for the attackers to illegally access system resources without being noticed.

In most cases, Spyware leads to ransomware attacks.Recently, attackers have been using ransomware attacks to illegally conduct sophisticated attacks and forcing system owners to pay them a certain amount of money to access the attacked systems and files (Lord, 2018). Since security is the main key, software assurance must be considered.

Software assurance needs

Software assurance refers to guaranteeing confidence that all software services and processes are free from unintentional and intentional exploitable vulnerabilities and also the software works effectively. The processes that software handles are essential and critical; hence its security features must effectively prevent threat attacks (Lord, 2018). Robust security feature helps maintain the integrity of every process conducted by the software and ensures output is great. The summit expects each nation to have well-secured software that can securely and reliably carry out processes within the summit.

Our team has various software assurance expectations: Avoid using unrecommended software development tools and techniques; this will help minimize software vulnerabilities. Any software suspected to have unwanted behavior should never be used. Check if the software has malware code or suspicious features before installing to avoid risks (SafeCode, 2018). The software should be easy to update, allowing easy fixing of bugs. There should be clear instructions on how the software works and conduct each task; the instructions should be clear and specific to ensure each user can follow them easily. All security features of the software must be working effectively.

Current SDLC Key Attributes

Everyone aims to get perfect,efficient, reliable, and secure software. We all know that software systems are designed to help us solve complex problems, to help us obtain a great output. Software Design Life Cycle (SDLC) plays a great role in ensuring we get well-designed software that can handle every process as expected. SDLC is a systematic software design approach that software developers use to produce high-quality software that is easy to maintain.It has well-organized steps that every software developer should be aware of. If all the steps are followed, we get great software free from critical vulnerabilities andperform great.

SDLC steps help us guarantee software assurance that software is designed without intentional or unintentional exploitable weak points and has great performance (Jarzombek, 2012).SDLC has sevenessential steps: the planning phase; deals with cost estimation and requirement definition, making it a vital step. The next step is system analysis; it deals with requirement gatherings from the intended clients. Some of the requirements that need to be analyzed by the development team are hardware specification, security needs, and operating system. The next step is the design step; the step deals with determining the most effective design approach and the language. After the design, other steps are the coding phase, testing phase, deployment, and finally, the Maintenance phase.

Software Supply chain

A software application has various components such as libraries and tools (NIST 2019). This list of components is essential when building software. If one of the components is unavailable, the software will not be complete. These components come from different vendors and sources, making the supply chain process risky. Supply chain risks can come from unethical third parties interfering with software assurance (NIST 2019). These parties can introduce defects to a softwarecomponent, affecting the integrity of the whole software. Some of these defects are introduced during the delivery process, creating vulnerabilities that attackers will later exploit.

Also, some defects can be introduced during the development of these components, making them less secure. The vendors should have a well-documented document showing how a defect can be fixed if identified to minimize these risks. Also, they should have a product assurance, secure static analysis showing how the software component works in different conditions, have testing showing how the component will work if malformed input is used. Have malware analysis showing the component behavior in case of a malware attack. Have remote control testing showing how the component will behave if a remote-control request is made to ensure the component has no defect allowing remote control request without authorization (NIST 2019). Finally, the vendor should have counterfeit avoidance to ensure the component is genuine and from a trusted source.

Vulnerabilities identification

A vulnerability refers to a weakness in the system that attackers can exploit to illegally access the system, corrupt files, and delete and steal critical data (Lord, 2018). Once a system is attacked, data and process integrity are affected, which means the system users will get inaccurate output. To eliminate risksled by vulnerabilities, a vulnerability identification process must be conducted; the process helps us identify system weaknesses and understand them to have an effective way of eliminating them.

In most cases, attackers target systems that carry critical information with various new malware, making it hard to detect their next move. Hence the only way to prevent these attacks is to ensure we have eliminated all found vulnerabilities. In this case, the existing software had weaknesses such as downloading files without properly scanning them to check the presence of malicious codes and SQL injection vulnerability. Due to these vulnerabilities, the system was exposed to various threats such as ransomware, (DDoS) Distributed Denial of Service and many more forms of malware.

Alternate software option

We all know that it can be challenging to develop a perfect software that exceeds or meets the intended stakeholder's needs. This is due to various factors such as changes that keep emerging, especially if the software is for a big company. These changes may affect software security features creating vulnerabilities if an update is not done. Fixing bugs every time in a large company can be challenging and may require extra resources and time. Endpoint security systems can beimplemented to help raise the security level to solve this problem. These security systems have various features and tools such as whitelisting, logging, and patching that prevent various threats from attacking the critical software (Arora, 2012). The security systems ensure firewalls in all devices are running as expected; hence invalid packets from unknown sources are blocked. Another software option is software assurance which also raises security levels (Lord, 2018).

Evaluations

We have discussed various software options that will help solve the security challenges. These options aim to ensure data integrity, confidentiality and availability are maintained. The software assurance option ensures the software is safe; hence it must be used in the SDLC steps. Also, there should be clear instructions showing what the software can do and how each process should be conducted securely to support software assurance. Security systems aim to ensure the software being used is free from malware; hence, it should only be bought from reliable and trusted vendors to avoid using systems thatcan attract more threats. Using a system from untrusted sources is risky and can lead to severe attacks.

The software requires various parts to be fully complete. Different nations design these components; hence, some may have defects creating vulnerabilities. When a defective component is used to design software, the created software may have exploitable weaknesses. An incident report must be shared with the software vendors and suppliers to prevent this. All stakeholders must be involved when analyzing supply chain risks to get the best ideas. Software product assurance must be available to ensure all the components are effectively working and secure (Lord, 2018). Product assurance is essential to understand component security status and how they will behave when used in the software development process.

Cost Explanation

Resources will be needed to ensure the new recommendations are met. It is clear that new threats emerge every day; hence if we are not careful, the systems will face severe attacks leading to critical data losses and data leakages. To mitigate risks related to threats, security software must be implemented. Implementing this software will need resources, time, and expenses. There will be a cost of testing whether components from various vendors are genuine and working as expected. Another cost will be needed to eliminate identified vulnerabilities, helping minimize the chances of system exploitation. A system can be secure, but if users are unsure how to operate it securely, attackers can trick them and steal critical credentials. Hence, the cost of training users must be considered.

Recommendations

To ensure security standards are fully met, auditing should be done weekly on the software supply chain, network status, and system status. In supply chain areas, auditing should ensure security measures are being observed to help prevent inherited risks that threats can later exploit. System auditing should be done to check whether the system is working as expected and check the security status. If suspicious activity is detected, further investigation should be done to avoid risks. Network auditing is essential since suspicious packets used by attackers are easily identified before causing damage. These audits ensure exploitable vulnerabilities are identified and eliminated before attackers exploit them.

References

NIST. (2019). Cyber supply chain risk management. Retrieved from https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management

Lord, N. (2018, September 11). What are Indicators of Compromise? Retrieved from https://digitalguardian.com/blog/what-are-indicators-compromise.

Arora, Himanshu (2012, July 18). Introduction to Cryptography Basic Principles. Retrieved from ttps://www.thegeekstuff.com/2012/07/cryptography-basics/

SafeCode. (2018). Software assurance: an overview of current industry best practices. Retrieved from https://safecode.org/wpcontent/uploads/2018/01/SAFECode_BestPractices0208.pdf

Jarzombek, J. (2012). Software Assurance: Enabling Security and Resilience throughout the Software lifecycle. Retrieved from

https://csrc.nist.gov/csrc/media/projects/forum/documents/2012/october-2012_fcsm-jjarzombek.pdf