SlideShare a Scribd company logo

CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx

Download as DOCX, PDF
M
mccormicknadine86

CMGT/400 v7 Threats, Attacks, and Vulnerability Assessment Template CMGT/400 v7 Page 2 of 7 Threats, Attacks, and Vulnerability Assessment Michael Bishop February 4, 2020 CMGT400 Threats, Attacks, and Vulnerability Assessment Target Stores, Inc.Target Stores, Inc. is a wide-ranging products retailer with numerous stores spread in all 50 U.S. states and it has employed more than 350,000 individuals. It plays a very significant in improving the economy of the United States of America as well as paying awesome dividend to its investors and in order to achieve the anticipate growth and stay ahead of its competitors, the company has deployed a decisive technology platform so as to improve its mode of operations. Despite the benefits it accrues from the deployed technology, Target Stores was a victim of data breach in the year 2013 and due to the ever-evolving state of attacks, it is still susceptible to numerous emerging threats, attacks, and vulnerabilities (Vijayan, 2014). Assessment Scope The tangible assets in the company’s information system platform include hardware, software, telecommunication components, data and databases, and human resource and procedures. Additionally, there are other assets such cloud computing environments, mobile-related information systems, virtual resources, and integrated third-party systems. Hardware are the physical technology components that support information processing and they include computers, printers, mobile devices, keyboards, external disk drives, and routers. In addition, servers, cameras, biometric systems, storage subsystems, networking cable, and dedicated network firewalls are notable hardware components. On the other hand, software components includes system programs such as operating system and application programs such as banking system, point of sale system, enterprise resource planning programs, and e-commerce applications. Data are the day-to-day business operation records while databases or data warehouses are components where data is recorded and stored or where it can be retrieved in order to proceed with the outlining of tangible assets, communication components involve transmission assets such as network cables, wireless network components, antennas, routers, aggregators, repeaters, load balancers, and local area network (LAN) or wide area network (WAN) aspects. On the other hand, human resource assets includes the users who operate or access the company’s information systems while the procedures involve all processes and policies created and applied in order to perform actions. It is also imperative to consider cloud computing environments, mobile-related information systems, virtual resources, and integrated third-party systems as other important assets of the company’s information system and they include cloud provider data infrastructure and services such as infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS) platforms as well as virtual enterprise resou ...

Education
1 of 7
CMGT/400 v7 Threats, Attacks, and Vulnerability Assessment Template CMGT/400 v7 Page 2 of 7 Threats, Attacks, and Vulnerability Assessment Michael Bishop February 4, 2020 CMGT400 Threats, Attacks, and Vulnerability Assessment Target Stores, Inc.Target Stores, Inc. is a wide-ranging products retailer with numerous stores spread in all 50 U.S. states and it has employed more than 350,000 individuals. It plays a very significant in improving the economy of the United States of America as well as paying awesome dividend to its investors and in order to achieve the anticipate growth and stay ahead of its competitors, the company has deployed a decisive technology platform so as to improve its mode of operations. Despite the benefits it accrues from the deployed technology, Target Stores was a victim of data breach in the year 2013 and due to the ever- evolving state of attacks, it is still susceptible to numerous emerging threats, attacks, and vulnerabilities (Vijayan, 2014). Assessment Scope The tangible assets in the company’s information system platform include hardware, software, telecommunication components, data and databases, and human resource and procedures. Additionally, there are other assets such cloud computing environments, mobile-related information systems, virtual resources, and integrated third-party systems. Hardware are the physical technology components that support
information processing and they include computers, printers, mobile devices, keyboards, external disk drives, and routers. In addition, servers, cameras, biometric systems, storage subsystems, networking cable, and dedicated network firewalls are notable hardware components. On the other hand, software components includes system programs such as operating system and application programs such as banking system, point of sale system, enterprise resource planning programs, and e-commerce applications. Data are the day-to-day business operation records while databases or data warehouses are components where data is recorded and stored or where it can be retrieved in order to proceed with the outlining of tangible assets, communication components involve transmission assets such as network cables, wireless network components, antennas, routers, aggregators, repeaters, load balancers, and local area network (LAN) or wide area network (WAN) aspects. On the other hand, human resource assets includes the users who operate or access the company’s information systems while the procedures involve all processes and policies created and applied in order to perform actions. It is also imperative to consider cloud computing environments, mobile-related information systems, virtual resources, and integrated third-party systems as other important assets of the company’s information system and they include cloud provider data infrastructure and services such as infrastructure-as-a- service (IaaS) and software-as-a-service (SaaS) platforms as well as virtual enterprise resource planning applications, business intelligence and analytical applications, office productivity suites and many others (Vijayan, 2014). Most of these tangible assets will be assessed in order to evaluate the level of vulnerability as well as to identify the threats and attacks posed to the organization in addition to examining the existing countermeasures. However, internet service providers, cloud service providers, virtual resources, and integrated third-party systems will not be assessed as it will
require direct authorization from their leaders and which may cause privacy issues for other companies that they provide services to. System Model Existing Countermeasures Preliminary survey and research indicate that the existing countermeasures include advanced monitoring and log in security systems, installed application whitelisting POS systems and point of sale (POS) management tools, improved firewall rules and policies, robust user account and identity management systems, use of two-factor authentication and password vaults, and employee security training programs as well as proper network segmentation. The company has also regulated point of interactions between two different units that are within the information system structure such as firewalls to monitor inbound and outbound traffic. In addition, a risk management plan and vulnerability assessment are also utilized frequently with the core aspects that are evaluated being tasks or workflows, people, technology, and the entire structure. This supports to identify emerging vulnerabilities and threats as well as to implement appropriate security solutions such as patches and updates. Finally, the company sought to limit and control vendor access to various resources in addition to implementing comprehensive account re-configuration frameworks in order to deactivate former personnel and contractors’ accounts (Post & Kagan, 2017). Threat Agents and Possible Attacks In this organization, the major threat agents includes
insider/employee threat, IP scan and reconnaissance, malicious programs, web browsing, unprotected shares, mass emails, Simple Network Management Protocol (SNMP), forces of nature, acts of human error, technology failure, and deviation in service from providers as well as obsolete technologies. The possible attacks include Distributed Denial of Service (DDoS), data theft, the man-in-the-middle attacks, spoofing, social engineering attacks, and side-channel attacks as well as buffer overflow and brute force attacks (Post & Kagan, 2017). Exploitable Vulnerabilities The exploitable vulnerabilities in this case include service provider failures, deviation in quality of service, inexperienced users, default settings, unprotected sharing, unprotected endpoints, social networking applications, and inappropriate application downloads and web browsing behavior. Other vulnerabilities that can be exploited include vendor-portal access points, access to physical facilities, and unpatched systems (Pfleeger & Caputo, 2016). Threat History/Business Impact Threat History Events Duration Business Impact Threat Resolution Fire Eye malware detection system illegally reconfigured 1 year Successful injection of malware Improved administrative controls and policies Malware installed 18 months Theft of information through U.S servers Intrusion detection/prevention systems POS terminal attack 8 months Data thefts and financial system sabotage
Chip and PIN security approach Quality of Service attacks 10 months Restricted access to financial systems ordered by managers Deployment of comprehensive network traffic security controls and network/system segmentation Risks and Contingencies Matrix Risk Probability Priority Owner Countermeasures/Contingencies/Mitigation Approach Limited user awareness Likely Medium Company Regular educational and training programs Emerging threats High likely High Company Vulnerability scanning and external audits Inappropriate browsing High likely Medium Users Ethical-based and behavior policies, monitoring systems Vendor failure Minimal Medium Service provider
Service-Level Agreements References Vijayan, J. (2014). Target attack shows danger of remotely accessible HVAC systems. Computerworld, Feb 7 2014. Retrieved February 2015 from http://www.computerworld.com/article/2487452/cybercrime- hacking/target-attackshows-danger-of-remotely-accessible- hvac-systems.html Post, G. & Kagan, A. (2017). Evaluating information security tradeoffs: Restricting access can interfere with user tasks. Computers & Security, 26, 229-237. Pfleeger, S. & Caputo, D. (2016). Leveraging behavioral science to mitigate cyber security. Computers & Security, 31, 597-611 Copyright© 2018 by University of Phoenix. All rights reserved. Copyright© 2018 by University of Phoenix. All rights reserved.
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx

Recommended

Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONHOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONSHANTO-MARIAM UNIVERSITY OF CREATIVE AND TECHNOLOGY
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachProtected Harbor
 
Risk_Technology
Risk_TechnologyRisk_Technology
Risk_TechnologyTom Patterson CPA CISA
 
NFRASTRUCTURE MODERNIZATION REVIEW Analyz.docx
NFRASTRUCTURE MODERNIZATION REVIEW Analyz.docxNFRASTRUCTURE MODERNIZATION REVIEW Analyz.docx
NFRASTRUCTURE MODERNIZATION REVIEW Analyz.docxcurwenmichaela
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 

Recommended

Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONHOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONSHANTO-MARIAM UNIVERSITY OF CREATIVE AND TECHNOLOGY
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachProtected Harbor
 
Risk_Technology
Risk_TechnologyRisk_Technology
Risk_TechnologyTom Patterson CPA CISA
 
NFRASTRUCTURE MODERNIZATION REVIEW Analyz.docx
NFRASTRUCTURE MODERNIZATION REVIEW Analyz.docxNFRASTRUCTURE MODERNIZATION REVIEW Analyz.docx
NFRASTRUCTURE MODERNIZATION REVIEW Analyz.docxcurwenmichaela
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxRunning head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxjeanettehully
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy Menezes
 
Enterprise Risk Management-Paper
Enterprise Risk Management-PaperEnterprise Risk Management-Paper
Enterprise Risk Management-PaperPierre Samson
 
Unit 1.4 working of cloud computing
Unit 1.4 working of cloud computingUnit 1.4 working of cloud computing
Unit 1.4 working of cloud computingeShikshak
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxSharumathiR1
 
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxRunning head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxjeanettehully
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.pptVaishnavGhadge1
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
Posting 1 Reply required for belowBusiness costs or risks of p.docx
Posting 1 Reply required for belowBusiness costs or risks of p.docxPosting 1 Reply required for belowBusiness costs or risks of p.docx
Posting 1 Reply required for belowBusiness costs or risks of p.docxharrisonhoward80223
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestHank Eng, CISSP, CISA, CISM
 
Mobile Device Management and Their Security Concerns
Mobile Device Management and Their Security ConcernsMobile Device Management and Their Security Concerns
Mobile Device Management and Their Security ConcernsIRJET Journal
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
Determine Maintenance strateg.docx
Determine Maintenance strateg.docxDetermine Maintenance strateg.docx
Determine Maintenance strateg.docxDarkKnight367793
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Running Head CAPSTONE PROJECT .docx
Running Head CAPSTONE PROJECT .docxRunning Head CAPSTONE PROJECT .docx
Running Head CAPSTONE PROJECT .docxtodd271
 
Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxmccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxmccormicknadine86
 

More Related Content

Similar to CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx

Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxRunning head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxjeanettehully
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy Menezes
 
Enterprise Risk Management-Paper
Enterprise Risk Management-PaperEnterprise Risk Management-Paper
Enterprise Risk Management-PaperPierre Samson
 
Unit 1.4 working of cloud computing
Unit 1.4 working of cloud computingUnit 1.4 working of cloud computing
Unit 1.4 working of cloud computingeShikshak
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxSharumathiR1
 
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxRunning head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxjeanettehully
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
Posting 1 Reply required for belowBusiness costs or risks of p.docx
Posting 1 Reply required for belowBusiness costs or risks of p.docxPosting 1 Reply required for belowBusiness costs or risks of p.docx
Posting 1 Reply required for belowBusiness costs or risks of p.docxharrisonhoward80223
 
Mobile Device Management and Their Security Concerns
Mobile Device Management and Their Security ConcernsMobile Device Management and Their Security Concerns
Mobile Device Management and Their Security ConcernsIRJET Journal
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
Determine Maintenance strateg.docx
Determine Maintenance strateg.docxDetermine Maintenance strateg.docx
Determine Maintenance strateg.docxDarkKnight367793
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Running Head CAPSTONE PROJECT .docx
Running Head CAPSTONE PROJECT .docxRunning Head CAPSTONE PROJECT .docx
Running Head CAPSTONE PROJECT .docxtodd271
 

Similar to CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx (20)

Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxRunning head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docx
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum Vitae
 
Enterprise Risk Management-Paper
Enterprise Risk Management-PaperEnterprise Risk Management-Paper
Enterprise Risk Management-Paper
 
Unit 1.4 working of cloud computing
Unit 1.4 working of cloud computingUnit 1.4 working of cloud computing
Unit 1.4 working of cloud computing
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptx
 
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxRunning head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docx
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
 
Posting 1 Reply required for belowBusiness costs or risks of p.docx
Posting 1 Reply required for belowBusiness costs or risks of p.docxPosting 1 Reply required for belowBusiness costs or risks of p.docx
Posting 1 Reply required for belowBusiness costs or risks of p.docx
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Mobile Device Management and Their Security Concerns
Mobile Device Management and Their Security ConcernsMobile Device Management and Their Security Concerns
Mobile Device Management and Their Security Concerns
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Determine Maintenance strateg.docx
Determine Maintenance strateg.docxDetermine Maintenance strateg.docx
Determine Maintenance strateg.docx
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Running Head CAPSTONE PROJECT .docx
Running Head CAPSTONE PROJECT .docxRunning Head CAPSTONE PROJECT .docx
Running Head CAPSTONE PROJECT .docx
 

More from mccormicknadine86

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxmccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxmccormicknadine86
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxmccormicknadine86
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxmccormicknadine86
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxmccormicknadine86
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxmccormicknadine86
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxmccormicknadine86
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxmccormicknadine86
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxmccormicknadine86
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxmccormicknadine86
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxmccormicknadine86
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxmccormicknadine86
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxmccormicknadine86
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxmccormicknadine86
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxmccormicknadine86
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxmccormicknadine86
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxmccormicknadine86
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxmccormicknadine86
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxmccormicknadine86
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxmccormicknadine86
 

More from mccormicknadine86 (20)

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docx
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docx
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docx
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
 

Recently uploaded

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 

Recently uploaded (20)

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx

  • 1. CMGT/400 v7 Threats, Attacks, and Vulnerability Assessment Template CMGT/400 v7 Page 2 of 7 Threats, Attacks, and Vulnerability Assessment Michael Bishop February 4, 2020 CMGT400 Threats, Attacks, and Vulnerability Assessment Target Stores, Inc.Target Stores, Inc. is a wide-ranging products retailer with numerous stores spread in all 50 U.S. states and it has employed more than 350,000 individuals. It plays a very significant in improving the economy of the United States of America as well as paying awesome dividend to its investors and in order to achieve the anticipate growth and stay ahead of its competitors, the company has deployed a decisive technology platform so as to improve its mode of operations. Despite the benefits it accrues from the deployed technology, Target Stores was a victim of data breach in the year 2013 and due to the ever- evolving state of attacks, it is still susceptible to numerous emerging threats, attacks, and vulnerabilities (Vijayan, 2014). Assessment Scope The tangible assets in the company’s information system platform include hardware, software, telecommunication components, data and databases, and human resource and procedures. Additionally, there are other assets such cloud computing environments, mobile-related information systems, virtual resources, and integrated third-party systems. Hardware are the physical technology components that support
  • 2. information processing and they include computers, printers, mobile devices, keyboards, external disk drives, and routers. In addition, servers, cameras, biometric systems, storage subsystems, networking cable, and dedicated network firewalls are notable hardware components. On the other hand, software components includes system programs such as operating system and application programs such as banking system, point of sale system, enterprise resource planning programs, and e-commerce applications. Data are the day-to-day business operation records while databases or data warehouses are components where data is recorded and stored or where it can be retrieved in order to proceed with the outlining of tangible assets, communication components involve transmission assets such as network cables, wireless network components, antennas, routers, aggregators, repeaters, load balancers, and local area network (LAN) or wide area network (WAN) aspects. On the other hand, human resource assets includes the users who operate or access the company’s information systems while the procedures involve all processes and policies created and applied in order to perform actions. It is also imperative to consider cloud computing environments, mobile-related information systems, virtual resources, and integrated third-party systems as other important assets of the company’s information system and they include cloud provider data infrastructure and services such as infrastructure-as-a- service (IaaS) and software-as-a-service (SaaS) platforms as well as virtual enterprise resource planning applications, business intelligence and analytical applications, office productivity suites and many others (Vijayan, 2014). Most of these tangible assets will be assessed in order to evaluate the level of vulnerability as well as to identify the threats and attacks posed to the organization in addition to examining the existing countermeasures. However, internet service providers, cloud service providers, virtual resources, and integrated third-party systems will not be assessed as it will
  • 3. require direct authorization from their leaders and which may cause privacy issues for other companies that they provide services to. System Model Existing Countermeasures Preliminary survey and research indicate that the existing countermeasures include advanced monitoring and log in security systems, installed application whitelisting POS systems and point of sale (POS) management tools, improved firewall rules and policies, robust user account and identity management systems, use of two-factor authentication and password vaults, and employee security training programs as well as proper network segmentation. The company has also regulated point of interactions between two different units that are within the information system structure such as firewalls to monitor inbound and outbound traffic. In addition, a risk management plan and vulnerability assessment are also utilized frequently with the core aspects that are evaluated being tasks or workflows, people, technology, and the entire structure. This supports to identify emerging vulnerabilities and threats as well as to implement appropriate security solutions such as patches and updates. Finally, the company sought to limit and control vendor access to various resources in addition to implementing comprehensive account re-configuration frameworks in order to deactivate former personnel and contractors’ accounts (Post & Kagan, 2017). Threat Agents and Possible Attacks In this organization, the major threat agents includes
  • 4. insider/employee threat, IP scan and reconnaissance, malicious programs, web browsing, unprotected shares, mass emails, Simple Network Management Protocol (SNMP), forces of nature, acts of human error, technology failure, and deviation in service from providers as well as obsolete technologies. The possible attacks include Distributed Denial of Service (DDoS), data theft, the man-in-the-middle attacks, spoofing, social engineering attacks, and side-channel attacks as well as buffer overflow and brute force attacks (Post & Kagan, 2017). Exploitable Vulnerabilities The exploitable vulnerabilities in this case include service provider failures, deviation in quality of service, inexperienced users, default settings, unprotected sharing, unprotected endpoints, social networking applications, and inappropriate application downloads and web browsing behavior. Other vulnerabilities that can be exploited include vendor-portal access points, access to physical facilities, and unpatched systems (Pfleeger & Caputo, 2016). Threat History/Business Impact Threat History Events Duration Business Impact Threat Resolution Fire Eye malware detection system illegally reconfigured 1 year Successful injection of malware Improved administrative controls and policies Malware installed 18 months Theft of information through U.S servers Intrusion detection/prevention systems POS terminal attack 8 months Data thefts and financial system sabotage
  • 5. Chip and PIN security approach Quality of Service attacks 10 months Restricted access to financial systems ordered by managers Deployment of comprehensive network traffic security controls and network/system segmentation Risks and Contingencies Matrix Risk Probability Priority Owner Countermeasures/Contingencies/Mitigation Approach Limited user awareness Likely Medium Company Regular educational and training programs Emerging threats High likely High Company Vulnerability scanning and external audits Inappropriate browsing High likely Medium Users Ethical-based and behavior policies, monitoring systems Vendor failure Minimal Medium Service provider
  • 6. Service-Level Agreements References Vijayan, J. (2014). Target attack shows danger of remotely accessible HVAC systems. Computerworld, Feb 7 2014. Retrieved February 2015 from http://www.computerworld.com/article/2487452/cybercrime- hacking/target-attackshows-danger-of-remotely-accessible- hvac-systems.html Post, G. & Kagan, A. (2017). Evaluating information security tradeoffs: Restricting access can interfere with user tasks. Computers & Security, 26, 229-237. Pfleeger, S. & Caputo, D. (2016). Leveraging behavioral science to mitigate cyber security. Computers & Security, 31, 597-611 Copyright© 2018 by University of Phoenix. All rights reserved. Copyright© 2018 by University of Phoenix. All rights reserved.