SlideShare a Scribd company logo

Ass3201 cyber securityassignment

Download as DOCX, PDF
H
harinathinfotech

Cyber Security Assignment Help Contact Information: Harinath Reddy Phone: +91-9502542081(IND) (Whats App, Viber) phone: +1-2089086040 (US) Email: harinath.infotech@gmail.com

Education
1 of 12
#CyberSecurityAssignment #AssignmentHelp #ManagementAssignmentHelp For Help Contact Information: Harinath Reddy Phone: +91-9502542081(IND) (Whats App, Viber) phone: +1-2089086040 (US) Email: harinath.infotech@gmail.com Cyber Security System -Disaster Recover plans for organization XYZ
Executive Summary XYZ isan organizationwhichisinto ecommerce domainandhasloadsof confidential data pertaining to the customersand employees.The organization has more than 5000 employees across the locations in the country and today there have been intrinsic issues which have shown signs of cyber security issue that could come up. As an appointed manager of cyber security systems to devise the incident response plan for the organization for cyber security, in this report an attempt has been made to understand the intrinsic factors of cyber security issues and the challenges that are encountered by the Apache and the IIS webservers which the organization use for hosting their web applications. Reviewof datafromacademicand industrial journals and studies has been taken up to understand the intrinsic factors of cyber threat and the description have been given in this report and the recommendations that could help the organization have been indicated at the end of the report. Few measures like DR tests, department oriented recovery plan development, controlled access, monitoringandauditof servers,limitingthe remote access,termination of few unnecessary services in the operating systems are few of the recommendations that have been made as a part of the plan to incident response to cyber security threats to the organization.
Table of Contents Executive Summary ............................................................................................................................2 Table of Contents ...............................................................................................................................3 Introduction.......................................................................................................................................4 Cyber Security and disaster recovery an intrinsic need for Organizations...............................................5 Conclusion .........................................................................................................................................7 Recommendations..............................................................................................................................8 References.......................................................................................................................................10
Introduction XYZ is an organization which is in to ecommerce based business and has its employee base across several locationsinthe country. Around 5000 employees of the organization always carry out their job responsibilitiesfromthe systemandthe organizationhas huge datatransactionsthatkeep taking place. One of the critical factorsfor the organization is the sensitivity of the data, as the data which is getting transactedinthe data serversof the companyholdslotof confidentialinformationlike medical records, financial data of the customers and various other kind of sensitive data which if leaked could incur a financial loss to the customers and also it could turn out to be a legal issue for the company and also shall result in breach of trust of the customers and the business eventually. In the current scenario, the organization has its server only in one location and all the systems are getting connected to one central server where all the records of the customers and the other data are stored.There are conglomerate systemswhere the employeesuse as Microsoft Windows 8, Windows 7 and fewpeople use MacPro.Alsothe otherinterface for the servers is thru the Blackberry and iPhone. The rapid development of technology is facilitating the growth factor for the organization but also the negative shadesof technologicaladvancementsare impacting the organization in a significant manner. (Bertino&Ravi Sandhu,2005) Numerouswebserversare gettinghackedandcurrentlythisisturningout to be a growingconcernforXYZ as theircurrentdata serversare combination of Apache Servers and IIS serversandisaccessedfrommultiple locationsandmultiple interfaces.Insucha context,ensuringcyber securitymeasuresinplace isveryessential andthisreportisanincidentresponse planforcybersecurity measure to the organization. (Farm, 2011) Prevention is better than cure and ensuring that in the organization we adapt the scenario where the focusis more on establishingcybersecurityforthe organizationalsystemsandinformation.However,at times,despiteof ourrepeatedattemptsif there isanykindof disasterthathitsourcyber securityhaving an incident response plan for the disaster management is very essential. Having a right disaster managementplansthatcan have specifics for RPO and RTO is very vital for the organization. There are
manytechniquesthatcould help us recover from the disasters of cyber security breach and one has to ensure that adequate systems have to be in place for the same. The challenges, the threat factors and the disaster management techniques have been reviewed and detailed inthisreportforcybersecurityissuesfrom various operating system perspectives and also on the Apache and IISservers’basis.The cybersecurityplan fordisaster recovery incident plans that could be put inplace to secure the servers and the data systems has been discussed in this report along with the conclusive notes. Cyber Security and disaster recovery an intrinsic need for Organizations Cyber security has become an increasingly an issue of concern for the organizations. In the present trend, organizations have deployed special teams to monitor the cyber security systems of the organization.Inthe rapidlygrowingtechnological environment,majorityof the factorsare relatedtothe organizational informationsecurity.There are manyaspectslike enterprise application designs, system and network architecture, information architecture and the servers where the database is stored and many more factors have intrinsic security layers that have to be adapted. (Chhikara & Arun K. Patel, 2013) If the organizational data systems are vulnerable and prone to security issues, it could lead to more complicationsforthe organizationintermsof compromising the security of the data, and so much that functionalityandthe entire businessdynamicsof the organization mightgetaffected.Contingencyplans are always essential in order to ensure that there is appropriate disaster recovery plans in the organizationif there isanykindof cybersecurityissues.Because,if the disaster recovery is not handled effectively,itcouldbe amajor catastrophe tothe organization.The extentof implicationscouldbe more severe that there shall be kind of legal complications too that could arise out of the scenario. Numerous studies reflect that every day many webservers are hacked thru malicious software inducementorthirdpartyaccess into the systems. One of the key factors that the organization should ensure isthat theirserversare notprone to suchattacks, for whichthere are manymeasuresthathas to be adapted by the organization. (Grimes, 2007) And also there should be enough techniques and
measuresinplace toadapt effectivedisasterrecoverykeepinginmindthe scope both the conditions of Recover Time Objective and Recover Point Objective. There are variouskindsof threats that affect the webservers. Research reports indicated that majority of the times;the datasecurityisbecomingaconcern due to the third party access to the servers. When the webserversare notsostrong,effectivelyorganizationssufferthe impact of such attacks. In the case of XYZ,there iscombinationof webserverslike Apache andIISservers.Research reports indicate that in mostof the instancesthe Apache serversare more vulnerable toattackscompared to IIS servers. (Woo, HyunChul Joh, Omar H. Alhazmi, & Yashwant K. Malaiya, 2011) It iscertainthat Apache serverscanhost more active websitesandhasa dynamicstructure comparedto the IIS servers. But the crux is that IIS servers are in a way, better secured compared to the Apache servers. There could be many technical and intrinsic reasons for the same. (Grimes, 2007) In a considerable note it can be stated that both Apache and IIS are relatively secured, however the challenge isthe accuracyof the serverinstallationandmaintenance.The Apache webserver is currently one of the preferredwebserversinthe organizations,keepinginview the complexities associated with Microsoft’s Internet Information Server (IIS). It is perceived in common that Apache servers are more easyto be securedwhencompared to the IIS which is true to an extent, however even Apache is not a securedwebservers.The majorchallenge for the webserver security lies in creating secure scripts that run on our webservers; this applies to any of the webservers which we might be using. (Balakumar, Rangarajan, & Ragavi, 2014) The major challenges for the organization are to ensure during disaster recovery plans and incident response systemis thatSQLinjection exploits are mitigated. Because the prevalent methods by which the organizations face the threat in the webservers are based upon the SQL injections of malicious software totrack and leakcritical informationlike Financial data, personal data of the organization and many other such intrinsic factors that could affect the organizational effectiveness and the breach of trust of the customers.Attimesthe cross-site scriptingcouldalsobe usedbythe trickusers towards the information leakage, and by uploading the malicious scripts to vulnerable servers, the hackers could developamockloginareawhere visitorsmightendupgivingtheirconfidentialinformation. (Balakumar, Rangarajan, & Ragavi, 2014)
According to a website Applicure which reflects on the intensity of threat to webservers, “Being flagged as malicious by search engines: various vulnerabilities found in many web sites allow attackers to upload spam links to a site. Sites vulnerable to Cross-Site Scripting can also be exploited so that attackers can upload malicious scripts like Trojan horses, keystroke loggers, adware, spyware, and other malware. Once the search engines become aware of sites serving spam or malware, they are flagged as malicious and their page ranking drops” (Applicure) In the conditions of such malware attacks, the disaster recovery plans has significant role and by ensuring that we have suitable system the recovery of the servers could be handled effectively. Conclusion Despite the fact that the organizations take up secured webservers from IIS or Apache kind of secured servers,there isalwaysanelement of risk factors associated with the systems, if appropriate methods are notincorporatedtowardsaddressingthe challenges.Twomajorkindsof threats to the data security in the webservers are thru SQL injection of malicious software to collect various kinds of information. (Osborne, 2013) The secondary channel of threat is thru the unauthorized access which the hackers or attackers do on the system. The access control could be gained by hacking the passwords of the employees thru phishing techniques when they try to access the database from the external or private locations like home or publiclocationswhichmightnotbe securedenough. Whenthe organizationsdonotsecure the systemthese kindsof vulnerablethreatsare encountered.Keepinginview the detailsof variouskindsof threats that are discussed in the above sections, the recommendations are made in the following sections that could support our organization XYZ in having a strong disaster recovery plans in place for the organizationinorderto ensure thatif there isany kind of breach and also the preventive measures that could be adapted as a part of the cyber security techniques. (Lane, 2009)
Recommendations Despite the fact that securing a web server can be a daunting issue and needs domain expertise, the task is not impossible provided if we take certain measures to incorporate security features in the operational aspectof the webservers.The securityof the webserver is critical irrespective of what kind of servers we adapt; if we are opting for any kind of out of the box configuration it could be very insecure.Fewof the factors that could help the organization in building an effective disaster recovery and security for the webservers are as follows. (Applicure) One of the critical factorsis that whenthe managementtakesintoaccount the business continuity and alsothe plansfor disasterrecovery,itisveryessential thatdisruptionsdue tomajorinformationsecurity failureshave tobe takento considerationandunlessthere are significantmeasuresthatare adaptedfor business continuity organizational dynamics and goals might suffer. One of the key factors for incident response to be effective is that ensuring that Business Continuity Plansare inplace and isdynamic. The BCP document is a very crucial document that has to be updated withnew versions and strategies, regularly after periodical tests and audit of the existing plans to the ongoing cyber security scenario and also external sources of information related to the cyber security issues. If the documented plan is very effective, even by using the external sources that don’t have intrinsicknowledgeondisasterrecoveryalsocouldbe usedeffectivelytohandle the businesscontinuity process. Ensuring that the DR tests are conducted on the prototypes is very important in order to evaluate the critical aspects that could prove vital to the business continuity. (Vijayan, 2005) .
Removal of Unnecessary Services Ensuringthat anykindof defaultserviceorconfigurationinstallationslike remote registry services, RAS or any kindof printregistryserviceshastobe eliminate from the server, which are not usually used for webserversconfiguration. If these kinds of services are allowed to run in the server more opportunity for malicious users to exploit gets high due to the open ports in the server. Hence disabling the unnecessary services from back end run or auto start with the system has to be avoided. Restricting Remote Access During the disaster recovery periods, despite the fact that it may not be a practical approach, it is alwaysbeneficial thatthe server administrators login to the webservers local, and unless there is very critical need,encouragingthe remote accessisnotadvisable,andinthe conditionswhere such access is veryessential,usingthe techniques like tunneling or encryption protocols are very much essential for the organization. Also if the access to remote locations can be restricted to fewer IP’s or specific accounts thru security tokens measures, it can improve the overall security level for the webservers. (Osborne, 2013) Creating a plan for individual departments When we have such a huge employee base of 5000 employees working in various departments and locations,itisessential thatthe recoveryplansare designed in such a way that individual departments are also having the plans that align with the enterprise plan in order to curtail any kind of gaps that couldtake place in followingthe enterpriseplans,andthiscouldbe developed in consultation with the respective department heads and also by conducting DR tests at the department levels too which can increase the overall awareness and establishing a robust incident response plans for disaster recovery and also prevention of cyber security issues. (Magalhaes, 2005) Issuingof Permissionsto users While issuingthe permissions and privileges, organization has to ensure that there is no kind of threat factor and alwaysensure thatthe permissionsare issued only to the extent to which it is required. File and network services permissions play a vital role in web server security. If a web server engine it is also very important to assign minimum privileges to the anonymous user which is needed to access the website, web application files and also backend data and databases. (Acunetix) .
There are manyothersuch securityfeatureslike auditcontrol of the servers, user account verifications regularly and also usage of scanners that could help the organization in developing a robust secured webserverenvironmentforthe employeesof XYZtoperformtheir operations without any glitches that could affect the business continuity whilst of disaster recovery incidents. References Acunetix.(n.d.). Web ServerSecurityand DatabaseServerSecurity. RetrievedOct14, 2014, from Acunetix:https://www.acunetix.com/websitesecurity/webserver-security/ Applicure.(n.d.). Web Application Firewall. RetrievedOct14, 2014, from Applicure: http://www.applicure.com/solutions/web-application-firewall Balakumar,N.,Rangarajan,C.,& Ragavi,M. (2014). Investigate the Use of HoneypotsforIntrusion DetectionDefense. IJARCSSE,355-359. Bertino,E.,& Ravi Sandhu.(2005). Database Security—ConceptsApproaches,andChallenges. IEEE TRANSACTIONSON DEPENDABLEANDSECURECOMPUTING,,1-19. Chhikara,P.,& ArunK. Patel.(2013). EnhancingNetworkSecurityusingAntColonyOptimization. Global Journalof ComputerScienceand Technology Network,Web & Security. Farm, M. (2011, June 28). Growing Business. RetrievedOct04, 2014, fromThe MarketingFarm: http://themarketingfarm.co.uk/cms/2011/06/28/improving-database-security/ Grimes,R.(2007, Sep07). Continuing theWeb ServerSecurity Wars:Is IISor ApacheMoreSecure? RetrievedOct14, 2014, fromINFOWORLD: http://www.infoworld.com/article/2649431/security/continuing-the-web-server-security-wars-- is-iis-or-apache-more-secure-.html Kulkarn,S.,& SiddhalingUrolagin.(2012).Review of AttacksonDatabasesandDatabase Security Techniques.InternationalJournalof Emerging Technology and Advanced Engineering,253-263. Lane,D. (2009). Why are you notrunningApache?New IISholesshouldmake yourethinkyourweb server. Linux Journal. Magalhaes,R. M. (2005, Jan 11). Security Series: Disaster Recovery Tactics thatEnsureBusiness Continuity. RetrievedOct14, 2014, fromwindowsecurity.com:
http://www.windowsecurity.com/articles-tutorials/misc_network_security/Disaster-Recovery- Tactics-Part1.html Murray, M. C. (2010). Database Security:What StudentsNeedtoKnow . Journalof Information Technology Education:Innovationsin Practice,62-77. Olzak,T. (n.d.). PhysicalSecurity:ManagingtheIntruder. RetrievedSep20,2014, from InfosecInstitute: http://resources.infosecinstitute.com/physical-security-managing-intruder/ Osborne,C.(2013, June 26). The top ten mostcommon databasesecurity vulnerabilities. RetrievedOct 04, 2014, fromZD Net:http://www.zdnet.com/the-top-ten-most-common-database-security- vulnerabilities-7000017320/ Vijayan,J.(2005, Oct 10). The scopeof contingency programsneedsto beexpanded,execssay. Retrieved Oct 14, 2014, fromCOMPUTERWORLD: http://www.computerworld.com/article/2559183/security0/data-security-risks-missing-from- disaster-recovery-plans.html Woo, S.-W.,HyunChul Joh,OmarH.Alhazmi,&YashwantK. Malaiya.(2011). Modelingvulnerability discoveryprocessinApache andIISHTTP servers. ScienceDirect, 50-62. #CyberSecurityAssignment #AssignmentHelp #ManagementAssignmentHelp #AssignmentsHelp #ProjectsHelp #HomeworkHelp #DissertationsHelp #ThesisHelp #AcademicAvenue #AcademicsHelp #FrustratedWithAssignments
#MarketingAssignmentHelp #ResearchProposalHelp #CaseStudyHelp #ResearchReportHelp #SurveyHelp

Recommended

What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?touchdown777a
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)ChristopherAntonius
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...Mighty Guides, Inc.
 

Recommended

What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?touchdown777a
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)ChristopherAntonius
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...Mighty Guides, Inc.
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-FundamentalsGary Hayslip CISSP, CISA, CRISC, CCSK
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Ravindran Vasu
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & ProtectMike McMillan
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 

More Related Content

What's hot

NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Ravindran Vasu
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 

What's hot (18)

NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 

Similar to Ass3201 cyber securityassignment

Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Discussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbookDiscussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbookhuttenangela
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 
Security SolutionThe weekly assignment for the course is a compreh.docx
Security SolutionThe weekly assignment for the course is a compreh.docxSecurity SolutionThe weekly assignment for the course is a compreh.docx
Security SolutionThe weekly assignment for the course is a compreh.docxkaylee7wsfdubill
 
Mimbar Ilmiah 18 01 08
Mimbar Ilmiah 18 01 08Mimbar Ilmiah 18 01 08
Mimbar Ilmiah 18 01 08Soetam Rizky
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingDanielle Bowers
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdfFour Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdfEnterprise Insider
 
IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docxMikealay Desta
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
How Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdfHow Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdfXDuce Corporation
 

Similar to Ass3201 cyber securityassignment (20)

Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Discussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbookDiscussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbook
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
 
Security SolutionThe weekly assignment for the course is a compreh.docx
Security SolutionThe weekly assignment for the course is a compreh.docxSecurity SolutionThe weekly assignment for the course is a compreh.docx
Security SolutionThe weekly assignment for the course is a compreh.docx
 
SecOps.pdf
SecOps.pdfSecOps.pdf
SecOps.pdf
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Mimbar Ilmiah 18 01 08
Mimbar Ilmiah 18 01 08Mimbar Ilmiah 18 01 08
Mimbar Ilmiah 18 01 08
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seeking
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
network-host-reconciliation
network-host-reconciliationnetwork-host-reconciliation
network-host-reconciliation
 
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdfFour Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
 
IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docx
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
How Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdfHow Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdf
 

Recently uploaded

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........LeaCamillePacle
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 

Recently uploaded (20)

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 

Ass3201 cyber securityassignment

  • 1. #CyberSecurityAssignment #AssignmentHelp #ManagementAssignmentHelp For Help Contact Information: Harinath Reddy Phone: +91-9502542081(IND) (Whats App, Viber) phone: +1-2089086040 (US) Email: harinath.infotech@gmail.com Cyber Security System -Disaster Recover plans for organization XYZ
  • 2. Executive Summary XYZ isan organizationwhichisinto ecommerce domainandhasloadsof confidential data pertaining to the customersand employees.The organization has more than 5000 employees across the locations in the country and today there have been intrinsic issues which have shown signs of cyber security issue that could come up. As an appointed manager of cyber security systems to devise the incident response plan for the organization for cyber security, in this report an attempt has been made to understand the intrinsic factors of cyber security issues and the challenges that are encountered by the Apache and the IIS webservers which the organization use for hosting their web applications. Reviewof datafromacademicand industrial journals and studies has been taken up to understand the intrinsic factors of cyber threat and the description have been given in this report and the recommendations that could help the organization have been indicated at the end of the report. Few measures like DR tests, department oriented recovery plan development, controlled access, monitoringandauditof servers,limitingthe remote access,termination of few unnecessary services in the operating systems are few of the recommendations that have been made as a part of the plan to incident response to cyber security threats to the organization.
  • 3. Table of Contents Executive Summary ............................................................................................................................2 Table of Contents ...............................................................................................................................3 Introduction.......................................................................................................................................4 Cyber Security and disaster recovery an intrinsic need for Organizations...............................................5 Conclusion .........................................................................................................................................7 Recommendations..............................................................................................................................8 References.......................................................................................................................................10
  • 4. Introduction XYZ is an organization which is in to ecommerce based business and has its employee base across several locationsinthe country. Around 5000 employees of the organization always carry out their job responsibilitiesfromthe systemandthe organizationhas huge datatransactionsthatkeep taking place. One of the critical factorsfor the organization is the sensitivity of the data, as the data which is getting transactedinthe data serversof the companyholdslotof confidentialinformationlike medical records, financial data of the customers and various other kind of sensitive data which if leaked could incur a financial loss to the customers and also it could turn out to be a legal issue for the company and also shall result in breach of trust of the customers and the business eventually. In the current scenario, the organization has its server only in one location and all the systems are getting connected to one central server where all the records of the customers and the other data are stored.There are conglomerate systemswhere the employeesuse as Microsoft Windows 8, Windows 7 and fewpeople use MacPro.Alsothe otherinterface for the servers is thru the Blackberry and iPhone. The rapid development of technology is facilitating the growth factor for the organization but also the negative shadesof technologicaladvancementsare impacting the organization in a significant manner. (Bertino&Ravi Sandhu,2005) Numerouswebserversare gettinghackedandcurrentlythisisturningout to be a growingconcernforXYZ as theircurrentdata serversare combination of Apache Servers and IIS serversandisaccessedfrommultiple locationsandmultiple interfaces.Insucha context,ensuringcyber securitymeasuresinplace isveryessential andthisreportisanincidentresponse planforcybersecurity measure to the organization. (Farm, 2011) Prevention is better than cure and ensuring that in the organization we adapt the scenario where the focusis more on establishingcybersecurityforthe organizationalsystemsandinformation.However,at times,despiteof ourrepeatedattemptsif there isanykindof disasterthathitsourcyber securityhaving an incident response plan for the disaster management is very essential. Having a right disaster managementplansthatcan have specifics for RPO and RTO is very vital for the organization. There are
  • 5. manytechniquesthatcould help us recover from the disasters of cyber security breach and one has to ensure that adequate systems have to be in place for the same. The challenges, the threat factors and the disaster management techniques have been reviewed and detailed inthisreportforcybersecurityissuesfrom various operating system perspectives and also on the Apache and IISservers’basis.The cybersecurityplan fordisaster recovery incident plans that could be put inplace to secure the servers and the data systems has been discussed in this report along with the conclusive notes. Cyber Security and disaster recovery an intrinsic need for Organizations Cyber security has become an increasingly an issue of concern for the organizations. In the present trend, organizations have deployed special teams to monitor the cyber security systems of the organization.Inthe rapidlygrowingtechnological environment,majorityof the factorsare relatedtothe organizational informationsecurity.There are manyaspectslike enterprise application designs, system and network architecture, information architecture and the servers where the database is stored and many more factors have intrinsic security layers that have to be adapted. (Chhikara & Arun K. Patel, 2013) If the organizational data systems are vulnerable and prone to security issues, it could lead to more complicationsforthe organizationintermsof compromising the security of the data, and so much that functionalityandthe entire businessdynamicsof the organization mightgetaffected.Contingencyplans are always essential in order to ensure that there is appropriate disaster recovery plans in the organizationif there isanykindof cybersecurityissues.Because,if the disaster recovery is not handled effectively,itcouldbe amajor catastrophe tothe organization.The extentof implicationscouldbe more severe that there shall be kind of legal complications too that could arise out of the scenario. Numerous studies reflect that every day many webservers are hacked thru malicious software inducementorthirdpartyaccess into the systems. One of the key factors that the organization should ensure isthat theirserversare notprone to suchattacks, for whichthere are manymeasuresthathas to be adapted by the organization. (Grimes, 2007) And also there should be enough techniques and
  • 6. measuresinplace toadapt effectivedisasterrecoverykeepinginmindthe scope both the conditions of Recover Time Objective and Recover Point Objective. There are variouskindsof threats that affect the webservers. Research reports indicated that majority of the times;the datasecurityisbecomingaconcern due to the third party access to the servers. When the webserversare notsostrong,effectivelyorganizationssufferthe impact of such attacks. In the case of XYZ,there iscombinationof webserverslike Apache andIISservers.Research reports indicate that in mostof the instancesthe Apache serversare more vulnerable toattackscompared to IIS servers. (Woo, HyunChul Joh, Omar H. Alhazmi, & Yashwant K. Malaiya, 2011) It iscertainthat Apache serverscanhost more active websitesandhasa dynamicstructure comparedto the IIS servers. But the crux is that IIS servers are in a way, better secured compared to the Apache servers. There could be many technical and intrinsic reasons for the same. (Grimes, 2007) In a considerable note it can be stated that both Apache and IIS are relatively secured, however the challenge isthe accuracyof the serverinstallationandmaintenance.The Apache webserver is currently one of the preferredwebserversinthe organizations,keepinginview the complexities associated with Microsoft’s Internet Information Server (IIS). It is perceived in common that Apache servers are more easyto be securedwhencompared to the IIS which is true to an extent, however even Apache is not a securedwebservers.The majorchallenge for the webserver security lies in creating secure scripts that run on our webservers; this applies to any of the webservers which we might be using. (Balakumar, Rangarajan, & Ragavi, 2014) The major challenges for the organization are to ensure during disaster recovery plans and incident response systemis thatSQLinjection exploits are mitigated. Because the prevalent methods by which the organizations face the threat in the webservers are based upon the SQL injections of malicious software totrack and leakcritical informationlike Financial data, personal data of the organization and many other such intrinsic factors that could affect the organizational effectiveness and the breach of trust of the customers.Attimesthe cross-site scriptingcouldalsobe usedbythe trickusers towards the information leakage, and by uploading the malicious scripts to vulnerable servers, the hackers could developamockloginareawhere visitorsmightendupgivingtheirconfidentialinformation. (Balakumar, Rangarajan, & Ragavi, 2014)
  • 7. According to a website Applicure which reflects on the intensity of threat to webservers, “Being flagged as malicious by search engines: various vulnerabilities found in many web sites allow attackers to upload spam links to a site. Sites vulnerable to Cross-Site Scripting can also be exploited so that attackers can upload malicious scripts like Trojan horses, keystroke loggers, adware, spyware, and other malware. Once the search engines become aware of sites serving spam or malware, they are flagged as malicious and their page ranking drops” (Applicure) In the conditions of such malware attacks, the disaster recovery plans has significant role and by ensuring that we have suitable system the recovery of the servers could be handled effectively. Conclusion Despite the fact that the organizations take up secured webservers from IIS or Apache kind of secured servers,there isalwaysanelement of risk factors associated with the systems, if appropriate methods are notincorporatedtowardsaddressingthe challenges.Twomajorkindsof threats to the data security in the webservers are thru SQL injection of malicious software to collect various kinds of information. (Osborne, 2013) The secondary channel of threat is thru the unauthorized access which the hackers or attackers do on the system. The access control could be gained by hacking the passwords of the employees thru phishing techniques when they try to access the database from the external or private locations like home or publiclocationswhichmightnotbe securedenough. Whenthe organizationsdonotsecure the systemthese kindsof vulnerablethreatsare encountered.Keepinginview the detailsof variouskindsof threats that are discussed in the above sections, the recommendations are made in the following sections that could support our organization XYZ in having a strong disaster recovery plans in place for the organizationinorderto ensure thatif there isany kind of breach and also the preventive measures that could be adapted as a part of the cyber security techniques. (Lane, 2009)
  • 8. Recommendations Despite the fact that securing a web server can be a daunting issue and needs domain expertise, the task is not impossible provided if we take certain measures to incorporate security features in the operational aspectof the webservers.The securityof the webserver is critical irrespective of what kind of servers we adapt; if we are opting for any kind of out of the box configuration it could be very insecure.Fewof the factors that could help the organization in building an effective disaster recovery and security for the webservers are as follows. (Applicure) One of the critical factorsis that whenthe managementtakesintoaccount the business continuity and alsothe plansfor disasterrecovery,itisveryessential thatdisruptionsdue tomajorinformationsecurity failureshave tobe takento considerationandunlessthere are significantmeasuresthatare adaptedfor business continuity organizational dynamics and goals might suffer. One of the key factors for incident response to be effective is that ensuring that Business Continuity Plansare inplace and isdynamic. The BCP document is a very crucial document that has to be updated withnew versions and strategies, regularly after periodical tests and audit of the existing plans to the ongoing cyber security scenario and also external sources of information related to the cyber security issues. If the documented plan is very effective, even by using the external sources that don’t have intrinsicknowledgeondisasterrecoveryalsocouldbe usedeffectivelytohandle the businesscontinuity process. Ensuring that the DR tests are conducted on the prototypes is very important in order to evaluate the critical aspects that could prove vital to the business continuity. (Vijayan, 2005) .
  • 9. Removal of Unnecessary Services Ensuringthat anykindof defaultserviceorconfigurationinstallationslike remote registry services, RAS or any kindof printregistryserviceshastobe eliminate from the server, which are not usually used for webserversconfiguration. If these kinds of services are allowed to run in the server more opportunity for malicious users to exploit gets high due to the open ports in the server. Hence disabling the unnecessary services from back end run or auto start with the system has to be avoided. Restricting Remote Access During the disaster recovery periods, despite the fact that it may not be a practical approach, it is alwaysbeneficial thatthe server administrators login to the webservers local, and unless there is very critical need,encouragingthe remote accessisnotadvisable,andinthe conditionswhere such access is veryessential,usingthe techniques like tunneling or encryption protocols are very much essential for the organization. Also if the access to remote locations can be restricted to fewer IP’s or specific accounts thru security tokens measures, it can improve the overall security level for the webservers. (Osborne, 2013) Creating a plan for individual departments When we have such a huge employee base of 5000 employees working in various departments and locations,itisessential thatthe recoveryplansare designed in such a way that individual departments are also having the plans that align with the enterprise plan in order to curtail any kind of gaps that couldtake place in followingthe enterpriseplans,andthiscouldbe developed in consultation with the respective department heads and also by conducting DR tests at the department levels too which can increase the overall awareness and establishing a robust incident response plans for disaster recovery and also prevention of cyber security issues. (Magalhaes, 2005) Issuingof Permissionsto users While issuingthe permissions and privileges, organization has to ensure that there is no kind of threat factor and alwaysensure thatthe permissionsare issued only to the extent to which it is required. File and network services permissions play a vital role in web server security. If a web server engine it is also very important to assign minimum privileges to the anonymous user which is needed to access the website, web application files and also backend data and databases. (Acunetix) .
  • 10. There are manyothersuch securityfeatureslike auditcontrol of the servers, user account verifications regularly and also usage of scanners that could help the organization in developing a robust secured webserverenvironmentforthe employeesof XYZtoperformtheir operations without any glitches that could affect the business continuity whilst of disaster recovery incidents. References Acunetix.(n.d.). Web ServerSecurityand DatabaseServerSecurity. RetrievedOct14, 2014, from Acunetix:https://www.acunetix.com/websitesecurity/webserver-security/ Applicure.(n.d.). Web Application Firewall. RetrievedOct14, 2014, from Applicure: http://www.applicure.com/solutions/web-application-firewall Balakumar,N.,Rangarajan,C.,& Ragavi,M. (2014). Investigate the Use of HoneypotsforIntrusion DetectionDefense. IJARCSSE,355-359. Bertino,E.,& Ravi Sandhu.(2005). Database Security—ConceptsApproaches,andChallenges. IEEE TRANSACTIONSON DEPENDABLEANDSECURECOMPUTING,,1-19. Chhikara,P.,& ArunK. Patel.(2013). EnhancingNetworkSecurityusingAntColonyOptimization. Global Journalof ComputerScienceand Technology Network,Web & Security. Farm, M. (2011, June 28). Growing Business. RetrievedOct04, 2014, fromThe MarketingFarm: http://themarketingfarm.co.uk/cms/2011/06/28/improving-database-security/ Grimes,R.(2007, Sep07). Continuing theWeb ServerSecurity Wars:Is IISor ApacheMoreSecure? RetrievedOct14, 2014, fromINFOWORLD: http://www.infoworld.com/article/2649431/security/continuing-the-web-server-security-wars-- is-iis-or-apache-more-secure-.html Kulkarn,S.,& SiddhalingUrolagin.(2012).Review of AttacksonDatabasesandDatabase Security Techniques.InternationalJournalof Emerging Technology and Advanced Engineering,253-263. Lane,D. (2009). Why are you notrunningApache?New IISholesshouldmake yourethinkyourweb server. Linux Journal. Magalhaes,R. M. (2005, Jan 11). Security Series: Disaster Recovery Tactics thatEnsureBusiness Continuity. RetrievedOct14, 2014, fromwindowsecurity.com:
  • 11. http://www.windowsecurity.com/articles-tutorials/misc_network_security/Disaster-Recovery- Tactics-Part1.html Murray, M. C. (2010). Database Security:What StudentsNeedtoKnow . Journalof Information Technology Education:Innovationsin Practice,62-77. Olzak,T. (n.d.). PhysicalSecurity:ManagingtheIntruder. RetrievedSep20,2014, from InfosecInstitute: http://resources.infosecinstitute.com/physical-security-managing-intruder/ Osborne,C.(2013, June 26). The top ten mostcommon databasesecurity vulnerabilities. RetrievedOct 04, 2014, fromZD Net:http://www.zdnet.com/the-top-ten-most-common-database-security- vulnerabilities-7000017320/ Vijayan,J.(2005, Oct 10). The scopeof contingency programsneedsto beexpanded,execssay. Retrieved Oct 14, 2014, fromCOMPUTERWORLD: http://www.computerworld.com/article/2559183/security0/data-security-risks-missing-from- disaster-recovery-plans.html Woo, S.-W.,HyunChul Joh,OmarH.Alhazmi,&YashwantK. Malaiya.(2011). Modelingvulnerability discoveryprocessinApache andIISHTTP servers. ScienceDirect, 50-62. #CyberSecurityAssignment #AssignmentHelp #ManagementAssignmentHelp #AssignmentsHelp #ProjectsHelp #HomeworkHelp #DissertationsHelp #ThesisHelp #AcademicAvenue #AcademicsHelp #FrustratedWithAssignments