Answer

Running head: THREAT MODELING IN ACME ENTERPRISE 1

THREAT MODELING IN ACME ENTERPRISE 8

Acme enterprise risk assessment using the treat modeling

Student’s name:

Institutional Affiliation:

Date:

Abstract

Acme Enterprise is a private company that is gearing up for an initial public offering (IPO). Before going public Acme must comply with: GDPR, PCI DSS, and SOX. Acme is in the water purification business with new technologies that purify water in any form whether it is sewage, ocean, lake, etc. Part of its IPO process is to show due diligence and due care. Acme identified my team to conduct a threat assessment and analysis of its information technology infrastructure to uncover any threats and exposures and provide mitigations and controls to reduce those uncovered threat/exposures so that it can have a successful IPO.

Threat modeling is a structured technological process used by IT pros to identify potential security threats and vulnerabilities, quantify the seriousness of each threat, and prioritize suitable techniques to mitigate the attack and protect IT resources. Our main focus is assessing the risk of Acme’s:

1. Perimeter Security

2. Network Security

3. Endpoint Security

4. Application Security

5. Data Security

6. Operations

7. Policy Management

Risk is inevitable in the business world. Risk can be split into two: the likelihood of something going wrong and the negative consequences brought by the risk. Risk is made up of two parts: the probability of something going wrong, and the negative consequences if it does. Risks in businesses are hard to spot thus the need to carefully analyze and get to know the risks that can occur to a business. Risk analysis comes in to help in identifying and understanding the risks that could face a company. In turn, it would assist in managing these risks and minimizing their impact on business plans. In the business world, every business or industry is vulnerable to the occurrence of a particular risk(s).Averting the occurrence of these risks can only be done by risk assessment to point out the possibility of a risk occurring and taking the necessary measures to help in avoiding the risk. In carrying out risk analysis, one needs to first identify the possible business threats which can come from human, procedural, reputational, or financial causes. Estimating the business risks identified involves even ascertaining the possible impact of the risk occurring. After identifying the value of risk, you can start accessing ways of managing it. Cost-effective approaches are highly recommended. The difference between a successful company and those that fail is the application of risk and crisis management. It is paramount that for a company to be successful it should incorporate a good crisis management plan in its operations. This ensures that it analyses the potential risks and confine effects if these risks occur. Risk analysis helps in examining the risk involved and deciding on whether or not to move forward with a certain decision Occurrences of risks often send businesses into crises which threaten the survival of the businesses. Therefore, risk assessment in any business is very essential to help in avoiding certain risks and thus preventing the business from falling into a crisis (Subriadi & Lukitosari, 2018).

Acme Perimeter Security

Perimeter security is constituted with integrated elements and systems, both mechanical and electronic, which protect a given physical area such as an airport or company premise. The system and integrated elements dissuade and detect intruders around the business premise. The equipment of the perimeter security system includes video sensors, tactical radars, fences with sensors, microwave, sensor cables, concertinas and infra-red barriers. The main risks facing the perimeter security are:

· The unresponsive behaviour of devices during adverse weather conditions. Harsh weather conditions affect the functionality of the devices thus the organization may be exposed to the risks as the security may be weak during that time.

· Poor detection ability. The detection components of the security system may be weak deterring them from detecting other risks.

· Unstable signal transmission. Signal transmission may be affected by networks making it difficult to transmit the signals as required.

· False alarms rate. Poor detection may result to false alarm as the system may not have clearly detected a risk.

Solutions

Using video analytics systems combined with visible cameras and thermal, which make the most effective and efficient technologies because they are easy to check and so versatile. Effective protection of complex facilities requires a range of video analytics systems. They provide the most effective detection and helps to cut operation costs. The equipment provides highly precise, most effective security even in critical locations (Ma, P., Liu, K., Jiang, J., Li, Z., Li, P., & Liu, T. (2018)..

Network Security

Network security is a general term used to cover a multitude of technologies, processes and devices. It is simply a set of configurations and rules designed to protect the accessibility, confidentiality and integrity of computer networks and data using the hardware and software technologies. The network security consists of three different controls: technical, physical and administrative. Every organization requires a certain degree of network security regardless of their size, infrastructure or industry. The network security put in place would help in protecting the ever-growing cyber threats in today’s wild world. The current network architecture is very complex and is always faced with a threatening environment that keeps changing and the attackers who always find and exploit vulnerabilities. These vulnerabilities may exist in a number of areas:

· Poor data applications. The system applications used may be poor in terms of conveying data from one point to another.

· Faulty devices. Devices having technical issues may not work in the manner intended by the developers.

· Users and locations. Different users in different locations may result to the risk of exposing data to unwanted people.

Solutions

In trying to avert data security related risk. A number of measures and strategies can be applied to help in safeguarding the organization’s data.

This reason has led to emergence of network security management tools and applications that are used today in addressing individual threats and exploits and the regulatory non-compliance.

Network security should be highly prioritized for any organization working with networked data and systems. Besides protecting assets and data integrity from external exploits, it also manages network traffic in a more efficient way, enhancing network performance and ensuring secure data sharing between the data sources and employees (Kang & Kang, 2016)

Endpoint Security

Endpoint security is the practice of securing entry points or endpoints of end –user devices. Endpoint security protects the endpoints on a network or in the cloud from cyber security threats. Endpoint protection is a crucial part of enterprise cyber security for several reasons. First, in today’s business world, data is the most valuable company asset. Losing the company asset or access to the data, could risk the entire business to insolvency. The threat landscape is getting more complicated. The hackers are always on the run to in finding new ways of accessing, stealing information or manipulate employees into giving out more sensitive information. Endpoint security is often viewed as cyber security’s frontline, and represents one of the first places organizations tend to secure their enterprise network (Tedeschi & Roy, 2019).

The following are some of the risks in endpoint security:

· Phishing Attacks. These kinds of attacks help the hackers in gaining access to the network of the organization and steal crucial information and sensitive customer data. Customers tend to avoid using commodities and services that are incapable of their sensitive information.

· Malvertising. The organization’s site is infected by a malware that may compromise users of the organization’s site and even redirecting them to sites with further attacks. After breaching of a organization’s endpoint security, malvertising slows the productivity of the organization.

· Drive-By Downloads. Hackers can gain access to an organization’s network through a drive-by download. Once they have gained access, they may extract sensitive information and expose it to the organization’s enemies.

· Data Loss and Theft. This would impact negatively through ransom attacks that can lead to financial losses to company and eventually fall into a crisis

Solutions

As the number and sophistication of cyber security threats grows, the need for more advanced endpoint security solution also grows. The following are some solutions to risks in endpoint security:

· Patch management helps the organization in syncing the most recent and up-to-date software versions.

· The drive-by download threat can be averted by use of updated software, installing ad blockers and removing unnecessary plugins.

· Securing sensitive data in locked secure storage.

· Regular backing up of data. This is more effective against ransom ware attacks, since paying the ransom is discouraged.

· Properly disposal of outdated data and information.

· Secure access of data through encrypted media to thwart hackers.

Application Security

Application security describes measures at the level of application that aim to prevent code or data in the app from vandalism. The procedures can entail application security routine that includes security protocols such as regular testing. Application security includes software, hardware and procedures that minimize security vulnerabilities.

The following are the security risks discussed:

· Injection – it entails the user breaking out of data framework and changing to a cryptogram framework by applying unique ciphering typesets.

· Insecure Direct Object References – A danger of being uncovered can happen whenever there exists a reference to objects in a URL or form parameter since a user could modify the straight forward object references and try to contact a dissimilar, illegal file, or record.

· Cross-Site Request Forgery (CSRF) – it is whereby a browser is hoaxed into logging to a site using another person’s identity.

· Broken Authentication and Session Management – it entails the user thieving or using the personality of the insecure verification identity of an individual.

· Malfunction in Restricting URL Access – Applications which don’t have access control checks every moment a page is accessed may let attackers to counterfeit URLs to access pages that are presumed to be concealed.

Solutions

Application risk examination can be done as applications are invented, improved, and sustained. It consequences in the real-time enhancement of the general system, decreasing jeopardy to the company whilst driving down rework, and fix efforts downstream. computerized methods are capable of precisely and constantly examining large, multifaceted applications by permitting businesses to notice errors early on and take measures to get rid of possible threats. Finding the correct examination software is vital since a lot of given resolutions aren’t able to assess numerous technologies or hefty applications within multi-tier environments

CAST Application Intelligence Platform (AIP) is an application risk evaluation solution which can assess several technologies and identify possible vulnerabilities for software. AIP conveys an objective, repeatable standard dimension for constant application risk assessment. It furthermore serves as a supervising device for developer efficiency, eminence, vendor value, technical debt, and complication as the company needs transformation.

Application security is essential because most of today’s applications are often available over several networks and connected to the cloud, thus increasing vulnerabilities to data breaches and security threats. There is increasing incentives and pressure to ensure security at the network level and at the application level. The reason behind this is because hackers are after applications with more frequent attacks than in the past.

Data Security

Data security protects data from unauthorized access and data corruption in its lifecycle. Data security includes tokenization, hashing, data encryption and other key management practices that are involved in data protection across all platforms and applications. Data security is usually faced with the following security risks:

Password-Related Threats. In hefty systems, users should memorize numerous passwords for the diverse applications and services utilized. They might pick easy-to-guess passwords, for instance, a name or a word in the dictionary. They might likewise opt to normalize passwords so that they are similar on all Web sites or machines. It results in a possible considerable disclosure in the event of a modified password.

Data interference. In a data alteration attack, an unofficial party on the network interrupts information in transfer and alters portions of that information before retransmitting it. In a repeat attack, a whole set of official data is frequently interrupted onto the network.

Data Theft. Information should be stored and broadcasted protectively, so that data can’t be stolen. In Wide Area Network (WAN) environments and Over the Internet, private network proprietors and public carriers regularly route pieces of the network by means of unsafe landlines, particularly susceptible microwave and satellite links, or some servers. This condition leaves precious information open to any fascinated party.

Lack of responsibility. If the system administrator is not capable of tracking users' actions, then users can’t be held accountable for their activities. There must be some dependable means of monitoring who and how operations are performed on the data. Solutions

In protecting the organization’s resources and information from violation, the following tips can be used to avoid data breach:

• Seal the company’s loopholes to malware. Installing and utilizing efficient anti-malware resolutions in devices and systems that have or contain access to receptive information is vital.

• Consider passwords as keys. The complex the passwords to accounts are, the more difficult they are to crack.

• Patch holes in the company’s walls. recognize the vital information, who could and should have the permission to access it, then examine the finest methods to guard it with the help of a reliable IT consultant.

Businesses and organizations are stepping up their information technology (IT) cyber security capacity to protect their critical assets through heavily investing in the field. Cloud data security allows users to securely move to the cloud while protecting data in cloud applications (Zhang, 2018)

Operations Security

Operations security is an analytical process and strategy used in risk management in identifying information that is vulnerable to exploitation by attackers and can be used in collecting critical information that could adversely affect an organization’s plans and reputation. Operations security uses countermeasures in reducing or eliminating adversary exploitation. Operations security is popular among cyber security data protection, risk management, information security professionals and corporate espionage.

The common technical countermeasures used by operations security include protecting against malwares like email spoofing, domain hijacking, vulnerabilities, phishing and other cyber-attacks that may lead to data breaches and leaks. Phishing Attacks may occur.These kinds of attacks help the hackers in gaining access to the network of the organization and steal crucial information and sensitive customer data. Customers tend to avoid using commodities and services that are incapable of their sensitive information (Li & Oprea, 2016)

Solutions

Implementation of an effective operational security program prevents exposure of sensitive information concerning the organization’s intentions, activities and capabilities. Operations security has a plan with a five-step risk assessment procedure that assists an organization in identifying information that needs protection and the security measures to be deployed in protecting them. First, clearly understanding the kind of data that could cause harm to the organization. The data identified could be intellectual property or financial records. Second, identifying the people who are likely to target the organization and harm it. These people can be competitors to the in the industry or hackers who may want to hold the company at ransom. Knowing the people posing a cyber thereat to the organization can help in making assessment of the risk based on the prospective adversary’s ability. Third, analyzing vulnerabilities helps in identifying the type of security measure to be taken in mitigating the potential attack. Fourth, examining the threat level and the extent of risk each threat poses. This examination helps in prioritizing on the threat to focus on first. Lastly, development of a security program prescribing specific countermeasures that account for the risks and ways of guarding against them. Also, it is very important to have an incident response plan that would efficiently respond to any form of data breach or data leak. An incident response plan may include counterintelligence or digital forensic. Automating vendor questionnaires and monitoring vendors’ security posture over time would greatly reduce the time an organization spends managing its third-party relationships.

Policy Management

Security policy management in an organization involves identifying, implementing, and managing the procedures and rules that all individuals must adhere to when accessing and using organization’s resources and IT resources. The main goal of the policy management is addressing security threats and implementing strategies to mitigate the security threats, and also defining the recovery mode when a network intrusion occurs. Nevertheless, the policies give guidelines to employees on the course of action to take and what not to do. They also define the roles played of each employee in accessing the organization’s assets and resources and the consequences of not adhering to the rules.

Solutions

It is important for the organization to have well documented IT security policies to help in protecting data and other valuable assets. An organization should have a minimum set security standard that must be implemented to ensure integrity and privacy their data. This should be more emphasized with organizations that handle data with sensitive personal information.

· Complex organizations often face the risk of reviewing their policies as they are too many and they have less time to review and ascertain their policy compliance.

· Security policy is meant to provide control and visibility into user activity and system settings. This purpose can only be achieved if there is an effective security management policy.

· Solutions that automate the security policy management are more efficient as they ensure the policies are up to date and that certain policy mistakes are identified and corrected on time.

Acme enterprise should always strive to have a comprehensive risk assessment and management policies that would greatly assist them in preventing occurrence of any risk and if it occurs they can be in a good position of handling it (Zio, 2018). Network security should be highly prioritized for any organization working with networked data and systems. Besides protecting assets and data integrity from external exploits, it also manages network traffic in a more efficient way, enhancing network performance and ensuring secure data sharing between the data sources and employees. Implementation of the suggested solutions should be given a priority to ensure survival and growth of the company. Businesses and organizations are stepping up their information technology (IT) cyber security capacity to protect their critical assets through heavily investing in the field (Sengan et al., 2020). Cloud data security allows users to securely move to the cloud while protecting data in cloud applications. Through risk management, crisis can be averted. Risk analysis and assessment should never be ignored in any organizational structure as they highly contribute to the success of any organization. The government should also create policies that would help in curbing the rising cases of cyber-crime to ensure businesses run smoothly without any fear or threat. Laws prohibiting cybercrimes should also be strengthened to assist in punishing the cyber-crime criminal who are increasing every day.

Conclusion

The company is considered to have a large operational base more so in Europe and North America. Besides, it is considered to have a number of operational markets in developing continents such as Asia. For it to attain its goals, there is need for it to ensure that it has a catalogue of its customers. Another thing that the company needs to ensure that it is in a position to maintain its services and products that are up to date so as to meet the current expectations of their customers. In order to attain that goal, there is need for the company to have an updated Information Technology infrastructure which is quite crucial when it comes to processing of the company’s information as well as that of its client and customers

References

Zio, E. (2018). The future of risk assessment. Reliability Engineering & System Safety, 177, 176-190.

Stevenson, M. (2018). Assessing risk assessment in action. Minn. L. Rev., 103, 303.

Sengan, S., Subramaniyaswamy, V., Nair, S. K., Indragandhi, V., Manikandan, J., & Ravi, L. (2020). Enhancing cyber–physical systems with hybrid smart city cyber security architecture for secure public data-smart network. Future Generation Computer Systems, 112, 724-737.

Ma, P., Liu, K., Jiang, J., Li, Z., Li, P., & Liu, T. (2018). Probabilistic event discrimination algorithm for fiber optic perimeter security systems. Journal of Lightwave Technology, 36(11), 2069-2075.

Zhang, D. (2018, October). Big data security and privacy protection. In 8th International Conference on Management and Computer Science (ICMCS 2018). Atlantis Press.

Tedeschi, S., Emmanouilidis, C., Mehnen, J., & Roy, R. (2019). A design approach to IoT endpoint security for production machinery monitoring. Sensors, 19(10), 2355.

Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-vehicle network security. PloS one, 11(6), e0155781.

Li, Z., & Oprea, A. (2016, November). Operational security log analytics for enterprise breach detection. In 2016 IEEE Cybersecurity Development (SecDev) (pp. 15-22). IEEE.

Subriadi, A. P., Najwa, N. F., Cahyabuana, B. D., & Lukitosari, V. (2018, November). The consistency of using failure mode effect analysis (FMEA) on risk assessment of information technology. In 2018 International Seminar on Research of Information Technology and Intelligent Systems (ISRITI) (pp. 61-66). IEEE.