SlideShare a Scribd company logo

Final paper1 final paper1

Download as DOCX, PDF
J
joney4

Final paper1 final paper1

Education
1 of 18
FINAL PAPER 1 FINAL PAPER 1. INTRODUCTION 3 2. THREAT AND VULNERABILITY ASSESSMENT 4 2.1. ASSESSMENT SCOPE 4 2.2. MEASURES TO THREATS AND VULNERABILITIES IN THE COMPANY 6 2.3. THREAT AGENTS AND POSSIBLE ATTACKS 7 2.4. EXPLOITABLE VULNERABILITIES 9 3. MITIGATION STRATEGY 10 4. BUSINESS CONTINUITY PLAN
14 4.1. TESTING A DISASTER RECOVERY PLAN 14 4.2. RISK MANAGEMENT PLAN 15 4.3. CHANGE MANAGEMENT PLAN IMPACT 16 5. SECURITY AWARENESS PROGRAM 17 6. CONCLUSION 19 7. REFERENCES 21 Introduction Gerić and Hutinski (2017), define threat as a potential harm or danger and Vulnerability as the exposure to possibility of harm. In information systems and organizational data, threats and vulnerabilities infer to the possible harms and possi ble exposure to harm of the information systems infrastructure and organizational data (Gerić & Hutinski, 2017). Tesla Company is a multinational company that as businesses in technological products such as cloud computing, artificial intelligence and e - commerce (Tran, Childerhouse & Deakins, 2016). Developing and categorizing a security mitigation strategy is essential for companies that deal with any kind of threat to their business. Risk mitigations strategies are designed to control, reduce, and eliminate known risks that threaten the business with a specified undertaking to prevent injury. The security awareness program is important especially to companies like Tesla. Each employee
is supposed to be aware of their roles and responsibilities in fighting against cyber threat and attack. Training must be attended by every employee to completion and their capabilities tested in a simulated attack so that they can be familiar with the types of attack to expect. This paper is going to focus on the kind of policies and procedures that will help the Tesla Company to improve security awareness so that they can reduce the risk of cyber threats and attacks. 2. Threat and vulnerability assessment 2.1Assessment Scope Though in most cases threat and vulnerability assessment involve both physical and intangible assets like computer hard- wares ,organizational networks ,virtualization, database, cloud and mobile systems, this assessment would only focus on users and the intangible organizational assets which form the information system infrastructure of Tesla Inc. Precisely, the assessment would focus on cyber- related attacks on these information systems infrastructures. Tesla has a broad range of information system infrastructure which include, people, informati on systems, information security systems (Tanwar et al., 2019). Tesla’s primary information system assets include E-commerce and web-based services, namely, cloud computing, database, network, virtualization, mobile and inform systems. Diagram and Description of Items Involved In the Assessment Scope. Tesla Information System Infrastructure
Cloud service Human resource E- Commerce Data Base System Cloud Service Cloud information system comprises of storage system and providence of virtualization programs to magnitude of companies all over the world. These services are available for subscribers and registered users that acquire the service in an order entry (Dhillon & Torkzadeh, 2016). Human Resource The Tesla human resource information system is a huge and complex system that not only acquires information of the companies merchants but also customer service information and product support persons that are responsible for product advertisements and taking care of customer issues (Tanwar et al., 2019). Database System The data base stores all the necessary organization data for analysis. Tesla database is associated with information transformation, product presentation and order entries that enhance customers’ preferences and customizations of the company’s products and services. Additionally, information processed can be useful to management in decision making and therefore is a prime priority of the company to protect its database information system (Scholz et al., 2020). E-Commerce These are the web based platforms that the company uses to advertise, promote and sale their products and services. Due to
the proficiency of the company website and the facts that it’s one of the main platform for local and international business platform, the website is a prime target and should be protected from hackers (Tanwar et.al., 2019). 2.2 Measures to Threats and Vulnerabilities in the Company Tesla technology department (TTD) has various counter measures to mitigate the threats and vulnerabilities to their cyber systems. TTD hash provides Tesla’s computing clients with custom networks and data centres which are designed to protect the company information systems. TTD hash also puts in place network and web applications fire walls, encryptions, private connectivity options to protect the critical information system infrastructure in the company(Scholz et.al., 2020). Furthermore, Tesla protects it database through various encryptions such as, EBS, SQL Server RDS, Glacier and oracle RDS encryptions (Tanwar et al., 2019). The Tesla web platforms use the SSE (Server-side Encryption) to transmit sensible information and to encrypt the messaging queues. Another methods that Tesla has imposes to prevent cyber threats and attacks are use of hardware-based cryptographic keys in their storage facilities, compliance requirement and in accessing its database (Tanwar et al., 2019). 2.3 Threat Agents and Possible Attacks There are numerous agents of cyber threats and attack in Tesla information systems infrastructure. Most of these agents and attacks have been aimed at Tesla because of its leading position in the market and the amount of data the company processes. These threats and attacks include, Passwords Attacks, Phishing and Spear Phishing, Malware Or Viruses Attacks, SQL Injection Attacks, Denial Of Service, Eavesdropping, Man In The Middle Attack, Birthday Attacks, cross-site scripting And Distributed Denial Of Service (DDOS) (Scholz et.al., 2020). 1) Phishing refers to sending mails that contain harmful programs that siphon private information of the receipt; spear phishing attack occur the same as phishing attack but this time round the sender targets a particular group of people and
conducts research on them (Scholz et.al., 2020). 2) Birthday attacks are generation of two random words that generate same message digest in the hash algorithm for digital signatures and messages. In SQL injection, the attackers execute SQL queries through malefactors in the client input servers. 3) Cross-site scripting happens when attackers place malicious scripts in unprotect websites to redirect client to the hackers sites (Farn, Lin & Fung, 2014). 4) For Denial of service (DoS), the malicious programs overpowers the systems to unable to react to resource request while Distributed Denial Of Service (DDoS) happens when a huge number of systems become impaired by attack and refuse to respond to service request (Farn et.al., 2014). 5) In man in Middle attack, the infiltrator inserts themselves between the clients and the servers. Middle man attack include, IP spoofing, and session hijacking (Gerić & Hutinski, 2017). 6) Password attack is designated on the authenticating process of a system. There are two types of password attacks; dictionary attacks and the brute-force password attack. A dictionary attack occurs through social engineering, guessing while brute- force occurs through accessing password database (Farn et.al., 2014). 7) Eavesdropping occurs when an attacker intercepts the network traffic usually through credit cards or obtaining passwords that client use to transmit over the network Threat Assets Impact Risk Phishing and spear phishing Critical high high Birthday attack Critical medium
low Man in the middle attack Critical medium high Malware attack Critical high high Denial of service/ distributed denial of service Critical medium high Password attack Critical high Eavesdropping Critical low low Table 1: a summary of threats, impact and Risk 2.4 Exploitable Vulnerabilities Exploitable vulnerabilities refer to the system weakness that an attacker can use to perform their illegal activities within an information system. 1) Malware or viruses have been deemed one of the most exploitable vulnerabilities in any information system and Tesla systems are no exemption (Scholz et.al., 2020). Though Tesla as a technological company is deemed to have one of the most secure networks and information systems, malware are being developed every day implying that it one exploitable attackers may use to infiltrate into the company’s information systems infrastructure.
2) The company’s employees are also another exploitable vulnerability to the company. Employees are not only the primary architects of password attacks but also exploitable vulnerability when approached with phishing and spear phishing attacks (Gerić & Hutinski, 2017). 3) IOT (internet of things) is also another exploitable vulnerability in Tesla Company. Devices like smart printers, phones, refrigerators, coffee markers and manufacturing robots can be used to launch attacks on the company’s information system (Dhillon & Torkzadeh, 2016). 4) Updates are also another exploitable vulnerability. As much as these updates bring better program and system functionalities they bring new security vulnerabilities that attackers may exploit (Scholz et.al., 2020). Vulnerabilities Assets Impact Risk Malware/ viruses Critical high high employees Critical high high Internet of Things (IOT) Critical medium Medium Updates Critical high high Table 2: a summary of exploitable vulnerabilities, impact and
Risk 3. Mitigation Strategies Developing and categorizing a security mitigation strategy is essential for companies that deal with any kind of threat to their business. Risk mitigations strategies are designed to control, reduce and eliminate known risks that threaten the business with a specified undertaking to prevent injury. These strategies when implemented will help prevent businesses that are vulnerable to cyber-attacks from being hacked. Tesla Company is a multinational company that as businesses in technological products such as cloud computing, artificial intelligence and e - commerce (Tran, Childerhouse & Deakins, 2016). This web- based services that the company operates makes it vulnerable to cyber based threats and attacks. This paper is going to look at the risk mitigation strategies that the company can employ to reduce, eliminate and control the impact of the cyber based threats and attacks. The first step to a risk mitigation strategy is to diagnose the business and find out the risks that the businesses faces. For Tesla Company, it faces numerous attacks from the Tesla information systems infrastructure. The attacks include malware or viruses attacks, passwords attacks, birthday attacks, phishing and spear phishing and cross-site scripting (Stergiopoulos et.al., 2015). All of these threats have a high impact if they happen and the risk that tesla faces from these kinds of attacks is high. Therefore, it is important for the company to come up with risk mitigation strategies to help prevent the attacks and keep the Tesla information systems infrastructure safe from cyber- attacks. Risks need to be taken on when the strategies that are designed reduces the risk to a very low level or as low as reasonably practicable (Talluri, Yildiz & Yoon, 2013). The company needs to choose the best mitigation strategy that would lower the risk probability and the severity of outcome. For optimal results to
be obtain, more than one mitigation strategy should be employed by the company. The first mitigation strategy is risk avoidance where the company works at avoiding situations that have a high probability impact for damage and financial loss. For a company like Tesla, it has to employ this strategy to avoid risks such as cross-site scripting. This can be achieved by making sure the employs avoid malicious sites that could direct malware to the company servers. Phishing attacks can also be prevented through avoidance of opening mails from unknown sources which may contain viruses. Although avoidance is a good risk mitigation strategy, it does not always work as individuals will always be caught unawares to these kinds of attacks and the company has to employ strict measures to ensure avoidable threats and attacks do not happen. The company limits the risk it is exposed to by regulating the perceived risk. As such, the company works well at regulating the exposure of the company’s software to threats and attacks. For a company like Tesla, limiting the amount of risk would not be easy as it’s a multinational company that deals with a huge client base but it can put in measures such as limiting the websites that employees can go to such as social media and advertisement sites (Stergiopoulos et al., 2015). The company can block such sites and limit the risk of employees getting swayed to other potentially dangerous websites. The company can also restrict administrative privileges of some of the employees. Administration privileges allow employees to access sensitive information or bypass critical security settings. Limiting administrative privileges to a few employees will minimize the risk of the company getting threat or cyber- attacks. Another risk mitigating strategy is the multi-factor authentication. This is done through ensuring the system has several password protected access. This is especially crucial for users who perform privileged actions or those users that have the access to sensitive information. Tesla Company can employ
this strategy which will help prevent potential threats or adversaries from accessing legitimate credentials which might facilitate further malicious activities. This would also make it easier to detect if a system is being hacked since the many layers of credentials would mean the hackers take more time to by-pass security therefore making it easier for the hack to be detected early. Patching the operating systems of the company is also a good risk mitigating strategy. Patching those devices that have a high risk of attack with extreme risk vulnerabilities for a period of time would prevent the company’s software from unnecessary threats and attacks (Menoni et.al. 2013). For Tesla Company, this strategy would be effective if they made sure the latest versions of the operating system are the ones that are used for the company’s operations. Any unsupported versions of the operating systems should be avoided by all means necessary. Application whitelisting is also a necessary risk mitigation strategy especially for a company like Tesla as it aims at preventing the execution of malicious programs and software. Whitelisting also identifies attempts on malicious execution of codes in the system and prevents the activity from going on before any kind of damage is done. Whitelisting also prevents the unauthorized use of software and programs which might increase the risk of attack. This risk mitigation strategy also prevents the installation of those programs and applications that might expose the company’s software to cyber-attacks. The company can also decide to transfer the risk by outsourcing their services to other companies, purchasing insurance for damages and loss incurred that are related to cyber-attacks or form a partnership with another company that employs the same services as them. For a company like Tesla they can outsource their services since they are a multinational company (Tran, Childerhouse & Deakins, 2016). This would ensure that they are exposed to limited risk and the cost of enforcing risk mitigation strategies can be shared with the other company. The company can also get insurance against damages caused by cyber-attacks
as this would ensure that the company is well compensated in case they fall victim to an attack or threat that may cost a lot of money in damages. Daily backups of important programs, software, applications and configuration settings would ensure the information is kept safe and that it can be accessed again in case of a ransomware attack that was not anticipated or prevented (Menoni et.al. 2013). 4. Business Continuity Plan Concepts and practices of designing and implementing a business continuity and Disaster Recovery Plan The first concept is to ensure that servers are kept in diverse locations so that when one is damaged by disaster the other ones continue functioning and providing services to the customers. Ensuring that there is back up for all the software, programs and application will ensure quick recovery from a disaster (Carter, 2018). The next step is to ensure that there is a secondary source where data can be accessed. The company can outsource some of its services to another company so that in case of a disaster, provision of services can continue through the outsourced programs. 4.1. Testing a Disaster Recovery Plan Creating a checklist is the first thing to do where department heads and senior management assess the business continuity plan and the disaster recovery plan to improve on developments, update information. Setting up a simulation where servers are tested on their restoration and recovery capabilities. Some of these simulations involve testing in real life situations like loss recovery procedures and restoring backups. The employees should also be tested on staff safety, asset management, leadership response to disaster and relocation protocols after a disaster. Procedural drill and hands-on can be supported by a run- through. This is to ensure that important points of command and delegation channels are informed about what is expected of
when disaster finally happens. These kinds of emergencies involve data replica tasks, stand-by server switch overs, data validation and cloud backups. 4.2. Risk Management Plan The risk management plan should include the budget of the entire plan. The plan needs to have a budget so that the company can have an idea how much it is going to cost them to manage risk. The plan should also have a time frame as the management needs to know the amount of time it would take for things like training to be completed. The plan also has to include every person’s roles and responsibilities as far as disaster management is concerned. This will ensure that employees have an idea of exactly what to do in case of a disaster (Chess, Fay & Thornton, 2017). The plan has to also include methodology and approaches so as to let people know exactly the procedures to be followed in case of a disaster. Probability of a disaster happening and the impact it will have to the company should also be included in the risk management plan. This will let the management be aware of the likelihood of a disaster happening and the damage it would cost to the company. Tracking should also be included in the plan where the management can track and know how things are going on and whether they are on schedule or not. It will also help the management know how the money that was budgeted is being spent in the implementation process of the plan. 4.3. Change management plan The change management plan ensures that the risk strategy has enough resources to be able to prevent disaster from happening as well as provide enough resources to cover the disaster recovery process. Change management also ensures whether the risk strategy that has been implemented will be effective or not. Having a bad change management can impact negatively on the business as people will have no idea what to do in case of a disaster.
Through change management people can know the amount of time it will take for the company to recover from a disaster and the time it will take for business to go back to normal. The steps to take and procedures to follow in case of a disaster and how to prevent the disaster from happening will be determined by change management (Orlikowski & Hoffman, 2017). Concepts that should be included in a security plan for the development of secure software The concept and the planning of the software should be included to ensure the software is viable. This is to ensure that the software is efficient and free from cyber threats and attacks. The team that programs the software should be well trained in software security to ensure the software is always secure and free from attacks. They can also include safety measures such as multiple password entries to make it difficult to hack. The architecture and the design of the software should enable it to be secure and free from cyber threats and attacks. This includes modeling the software structure through adding third- party components that ensure the development of the software is sped up. The implementation of the software should include multiple process of debugging and testing the software to ensure its safe and secure. This would also involve simulations of real life cyber-attacks to improve its level of defense. 5. Security Awareness Program According to Eminağaoğlu, Uçar & Eren(2019), the security awareness program is a program done in a formal way whose goal is to train users about the potential threats to the company’s information system. This training is also supposed to help the company to avoid situations that may put the company’s data at risk. The goal of this program is to lower the level of the attack impact to the company, to enforce the procedures and policies that the company has put in place to protect its data and to also teach employees on the importance of taking personal responsibility to protect the information of the organization. For a multinational company like Tesla, this is
an important program because it is the role of the employees to ensure they do their duty in the fight to prevent cyber threats and attacks. This paper is going to focus on the kind of policies and procedures that will help the Tesla Company to improve security awareness so that they can reduce the risk of cyber threats and attacks. All employees in the company are supposed to be given the permission to spend time learning about security awareness. This would help the employees to recognize that this is a priority not only to them but to the organization as well (Eminağaoğlu, Uçar & Eren, 2019). The C-Suite support is an important program that would ensure that time is allocated for the employees to complete the training module, come up with a training budget and ensuring the employees understand why cyber security is essential by setting the tone of the training stressing the importance keeping the company safe from cyber - attacks. For a company like Tesla this would ensure that all the executives and the management team are aware of how cyber- attacks happen and the impact of things like information disclosure, password theft and know how to detect a ransomware infection. Simulations on how attacks happen such as phishing would ensure employees are aware of the exact way the attack happen and how they are supposed to respond in such a scenario. The security awareness training that is created should be engaging as well as relevant to the subject topic. The next security awareness program is to personalize the campaign with each employee and make sure that they are relatable to the content that is being trained. Every employee is to be given specific role and responsibilities that they are familiar with and it rhymes with their jobs (Caldwell, 2016). This would ensure that all employees are aware of exactly the role that they have to play in the fight against cyber threats and attacks. Tesla Company is a multinational company with diverse employees from different countries. It would have to employ more personalized training like making the content available in several languages so that people can understand well why
security awareness is important to the company. They are also supposed to know why they are supposed to make sure they are fully aware of their roles and responsibilities in the fight against cyber threats and attacks. The business continuity plan should be able to establish a new data center at the same or a different site if the first site is destroyed by a disaster. This would ensure that the operations are ongoing and that their clients do not miss out on the services being provided. For a multinational company like Tesla, the ability to recover from a disaster should be top priority (Cerullo & Cerullo, 2014). The companies provide its services to millions of people across the world and some even depend on their services to earn a living. Being able to recover from a disaster is important to ensure the business continues even despite the setback. The company should also be able to ensure they keep things running even during the disaster. The services should continue running even during planned outages such as maintenance and backups. For a company like Tesla scheduled maintenance and system backups happen most of the time so as to keep the software and the programs up to date. The company has to ensure that during this time operations do not stop and that the services keep on being provided (Savage, 2012). This can be achieved by ensuring that there is more than one server which would enable the company to keep on providing services despite the disruptions. The company is also supposed to ensure that they have the capability to access software and applications despite the disruptions. Tesla Company can achieve this by outsourcing some of their services so that the programs can be accessed remotely. The availability of these applications will ensure the customer is able to access the services of the company despite the disruptions. 6. Conclusion With increasing incidences of cybercrime activities that have been reported, it is important that organizations be vigilant in
their efforts to mitigate potential cyber threats and attacks. Employing these risk mitigation strategies would help prevent the companies from potential cyber threats and attacks. This strategy can be implemented at an early level so that the company can prevent the attacks from an early stage, and it would also make employees be aware of the potential threats from an early stage. For Tesla Company, these strategies would help in prevention of the many potential attacks that they face daily. The security awareness program is important especially to companies like Tesla. Each employee is supposed to be aware of their roles and responsibilities in fighting against cyber threat and attack. Training must be attended by every employee to completion and their capabilities tested in a simulated attack so that they can be familiar with the types of attack to expect. The business is also supposed to have continuity strategies in place like outsourcing or having secondary servers to ensure the business in the company continues. 7. References Dhillon, G., & Torkzadeh, G. (2016). Value‐ focused assessment of information system security in organizations. Information Systems Journal, 16(3), 293-314. Farn, K. J., Lin, S. K., & Fung, A. R. W. (2014). A study on information security management system evaluation—assets, threat and vulnerability. Computer Standards & Interfaces, 26(6), 501-513. Gerić, S., & Hutinski, Ž. (2017). Information system security threats classifications. Journal of Information and organizational sciences, 31(1), 51-61. Im, G. P., & Baskerville, R. L. (2015). A longitudinal study of information system threat categories: the enduring problem of human error. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 36(4), 68-79. Scholz, R. W., Czichos, R., Parycek, P., & Lampoltshammer, T.
J. (2020). Organizational vulnerability of digital threats: A first validation of an assessment method. European Journal of Operational Research, 282(2), 627-643. Tanwar, S., Thakkar, K., Thakor, R., & Singh, P. K. (2018). M- Tesla-based security assessment in wireless sensor network. Procedia computer science, 132, 1154-1162. Menoni, S., Molinari, D., Parker, D., Ballio, F., & Tapsell, S. (2012). Assessing multifaceted vulnerability and resilience in order to design risk-mitigation strategies. Natural Hazards, 64(3), 2057-2082. Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., & Gritzalis, D. (2015). Risk mitigation strategies for critical infrastructures based on graph centrality analysis. International Journal of Critical Infrastructure Protection, 10, 34-44. Talluri, S.,Yildiz, H., & Yoon, J. (2013). Assessing the efficiency of risk mitigation strategies in supply chains. Journal of Business logistics, 34(4), 253-269. Tran, T. T. H., Childerhouse, P., & Deakins, E. (2016). Supply chain information sharing: challenges and risk mitigation strategies. Journal of Manufacturing Technolo gy Management Carter, W. N. (2018). Disaster management: A disaster manager's handbook. Chess, B., A., Fay, S., & Thornton, R. (2017). U.S. Patent No. 7,207,065. Washington, DC: U.S. Patent and Trademark Office. Orlikowski, W., …

Recommended

The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...raufik tajuddin
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Project 3
Project 3Project 3
Project 3Priyanka Goswami
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks- Mark - Fullbright
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 

Recommended

The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...raufik tajuddin
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Project 3
Project 3Project 3
Project 3Priyanka Goswami
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks- Mark - Fullbright
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderijaprr_editor
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant EnterpriseBooz Allen Hamilton
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderijaprr
 
Cloud Data Protection for the Masses
Cloud Data Protection for the MassesCloud Data Protection for the Masses
Cloud Data Protection for the MassesIRJET Journal
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...IJCSIS Research Publications
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
Web vulnerabilities
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilitiesKrishna Gehlot
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014Patrick Bouillaud
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...IJNSA Journal
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
 
Survey mobile app
Survey mobile appSurvey mobile app
Survey mobile appeSAT Journals
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniqueseSAT Journals
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudcloudresearcher
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber securityJohn Kingsley
 
1Running HeadEnterprise Risk Management .docx
1Running HeadEnterprise Risk Management .docx1Running HeadEnterprise Risk Management .docx
1Running HeadEnterprise Risk Management .docxherminaprocter
 
Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211Vishvi Vidanapathirana
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 

More Related Content

What's hot

Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderijaprr_editor
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderijaprr
 
Cloud Data Protection for the Masses
Cloud Data Protection for the MassesCloud Data Protection for the Masses
Cloud Data Protection for the MassesIRJET Journal
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...IJCSIS Research Publications
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...IJNSA Journal
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniqueseSAT Journals
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudcloudresearcher
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber securityJohn Kingsley
 

What's hot (19)

Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant Enterprise
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
Cloud Data Protection for the Masses
Cloud Data Protection for the MassesCloud Data Protection for the Masses
Cloud Data Protection for the Masses
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
Web vulnerabilities
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilities
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet
 
Survey mobile app
Survey mobile appSurvey mobile app
Survey mobile app
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniques
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber security
 

Similar to Final paper1 final paper1

1Running HeadEnterprise Risk Management .docx
1Running HeadEnterprise Risk Management .docx1Running HeadEnterprise Risk Management .docx
1Running HeadEnterprise Risk Management .docxherminaprocter
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...Hansa Edirisinghe
 
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxSecurity Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxjeffreye3
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxhealdkathaleen
 
Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Sonia Usih, PMP, MCPM, BSc.
 
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...IJNSA Journal
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
CHAPTER 15HRIS Privacy and Security1.docx
CHAPTER 15HRIS Privacy and Security1.docxCHAPTER 15HRIS Privacy and Security1.docx
CHAPTER 15HRIS Privacy and Security1.docxketurahhazelhurst
 
A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...csandit
 
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...cscpconf
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
Running head technology vulnerabilities in the cloud
Running head technology vulnerabilities in the cloud Running head technology vulnerabilities in the cloud
Running head technology vulnerabilities in the cloud AKHIL969626
 

Similar to Final paper1 final paper1 (20)

1Running HeadEnterprise Risk Management .docx
1Running HeadEnterprise Risk Management .docx1Running HeadEnterprise Risk Management .docx
1Running HeadEnterprise Risk Management .docx
 
Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
 
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxSecurity Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docx
 
Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?Are Cloud Applications and Data more Vulnerable to Attacks?
Are Cloud Applications and Data more Vulnerable to Attacks?
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisks
 
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
CHAPTER 15HRIS Privacy and Security1.docx
CHAPTER 15HRIS Privacy and Security1.docxCHAPTER 15HRIS Privacy and Security1.docx
CHAPTER 15HRIS Privacy and Security1.docx
 
A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...
 
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
 
Running head technology vulnerabilities in the cloud
Running head technology vulnerabilities in the cloud Running head technology vulnerabilities in the cloud
Running head technology vulnerabilities in the cloud
 

More from joney4

. in 150-175 words......Explain whether you prefer the representat.docx
. in 150-175 words......Explain whether you prefer the representat.docx. in 150-175 words......Explain whether you prefer the representat.docx
. in 150-175 words......Explain whether you prefer the representat.docxjoney4
 
-What issues could arise when a panicked public believes it has been.docx
-What issues could arise when a panicked public believes it has been.docx-What issues could arise when a panicked public believes it has been.docx
-What issues could arise when a panicked public believes it has been.docxjoney4
 
-The topic is about Hopi American Native tribe-Write an effective .docx
-The topic is about Hopi American Native tribe-Write an effective .docx-The topic is about Hopi American Native tribe-Write an effective .docx
-The topic is about Hopi American Native tribe-Write an effective .docxjoney4
 
-The focus of this assignment is identifying patient’s needs and ana.docx
-The focus of this assignment is identifying patient’s needs and ana.docx-The focus of this assignment is identifying patient’s needs and ana.docx
-The focus of this assignment is identifying patient’s needs and ana.docxjoney4
 
-Health Behavior Project ( Increase the habit of drinking wa.docx
-Health Behavior Project ( Increase the habit of drinking wa.docx-Health Behavior Project ( Increase the habit of drinking wa.docx
-Health Behavior Project ( Increase the habit of drinking wa.docxjoney4
 
. Make sure you explain how the following elements emerge within t.docx
. Make sure you explain how the following elements emerge within t.docx. Make sure you explain how the following elements emerge within t.docx
. Make sure you explain how the following elements emerge within t.docxjoney4
 
-2.5 pages-2 hours-APA formatWill be checking for plag.docx
-2.5 pages-2 hours-APA formatWill be checking for plag.docx-2.5 pages-2 hours-APA formatWill be checking for plag.docx
-2.5 pages-2 hours-APA formatWill be checking for plag.docxjoney4
 
-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx
-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx
-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docxjoney4
 
-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx
-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx
-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docxjoney4
 
- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx
- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx
- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docxjoney4
 
-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx
-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx
-Write a 5-6 page paper (other then the opning page)- Using Voltai.docxjoney4
 
-Executive summary A brief summary of the case (what the case.docx
-Executive summary A brief summary of the case (what the case.docx-Executive summary A brief summary of the case (what the case.docx
-Executive summary A brief summary of the case (what the case.docxjoney4
 
- the body of the essay should contain the meat of the argument. you.docx
- the body of the essay should contain the meat of the argument. you.docx- the body of the essay should contain the meat of the argument. you.docx
- the body of the essay should contain the meat of the argument. you.docxjoney4
 
,submit a two page class reflections assignment in which you wil.docx
,submit a two page class reflections assignment in which you wil.docx,submit a two page class reflections assignment in which you wil.docx
,submit a two page class reflections assignment in which you wil.docxjoney4
 
,I’m doing research writing about the benefits of social media.docx
,I’m doing research writing about the benefits of social media.docx,I’m doing research writing about the benefits of social media.docx
,I’m doing research writing about the benefits of social media.docxjoney4
 
,I will attach the word file and it has all the instructions.I n.docx
,I will attach the word file and it has all the instructions.I n.docx,I will attach the word file and it has all the instructions.I n.docx
,I will attach the word file and it has all the instructions.I n.docxjoney4
 
,Check out attachments and read instructions before you make Hand .docx
,Check out attachments and read instructions before you make Hand .docx,Check out attachments and read instructions before you make Hand .docx
,Check out attachments and read instructions before you make Hand .docxjoney4
 
, you will pick a different disciplinary perspective from the .docx
, you will pick a different disciplinary perspective from the .docx, you will pick a different disciplinary perspective from the .docx
, you will pick a different disciplinary perspective from the .docxjoney4
 
,I’m doing research writing about the benefits of social media ..docx
,I’m doing research writing about the benefits of social media ..docx,I’m doing research writing about the benefits of social media ..docx
,I’m doing research writing about the benefits of social media ..docxjoney4
 
,Check out attachments and read instructions before you make Hand.docx
,Check out attachments and read instructions before you make Hand.docx,Check out attachments and read instructions before you make Hand.docx
,Check out attachments and read instructions before you make Hand.docxjoney4
 

More from joney4 (20)

. in 150-175 words......Explain whether you prefer the representat.docx
. in 150-175 words......Explain whether you prefer the representat.docx. in 150-175 words......Explain whether you prefer the representat.docx
. in 150-175 words......Explain whether you prefer the representat.docx
 
-What issues could arise when a panicked public believes it has been.docx
-What issues could arise when a panicked public believes it has been.docx-What issues could arise when a panicked public believes it has been.docx
-What issues could arise when a panicked public believes it has been.docx
 
-The topic is about Hopi American Native tribe-Write an effective .docx
-The topic is about Hopi American Native tribe-Write an effective .docx-The topic is about Hopi American Native tribe-Write an effective .docx
-The topic is about Hopi American Native tribe-Write an effective .docx
 
-The focus of this assignment is identifying patient’s needs and ana.docx
-The focus of this assignment is identifying patient’s needs and ana.docx-The focus of this assignment is identifying patient’s needs and ana.docx
-The focus of this assignment is identifying patient’s needs and ana.docx
 
-Health Behavior Project ( Increase the habit of drinking wa.docx
-Health Behavior Project ( Increase the habit of drinking wa.docx-Health Behavior Project ( Increase the habit of drinking wa.docx
-Health Behavior Project ( Increase the habit of drinking wa.docx
 
. Make sure you explain how the following elements emerge within t.docx
. Make sure you explain how the following elements emerge within t.docx. Make sure you explain how the following elements emerge within t.docx
. Make sure you explain how the following elements emerge within t.docx
 
-2.5 pages-2 hours-APA formatWill be checking for plag.docx
-2.5 pages-2 hours-APA formatWill be checking for plag.docx-2.5 pages-2 hours-APA formatWill be checking for plag.docx
-2.5 pages-2 hours-APA formatWill be checking for plag.docx
 
-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx
-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx
-2.5 pages-2 hours-APA formatWill be checking for plagiarism.docx
 
-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx
-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx
-2- 2.5pages- Times New Roman, 12 font-APA format (At least 4 .docx
 
- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx
- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx
- Vermeers Woman Holding a Balance (Figure 25-19)- Discuss the .docx
 
-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx
-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx
-Write a 5-6 page paper (other then the opning page)- Using Voltai.docx
 
-Executive summary A brief summary of the case (what the case.docx
-Executive summary A brief summary of the case (what the case.docx-Executive summary A brief summary of the case (what the case.docx
-Executive summary A brief summary of the case (what the case.docx
 
- the body of the essay should contain the meat of the argument. you.docx
- the body of the essay should contain the meat of the argument. you.docx- the body of the essay should contain the meat of the argument. you.docx
- the body of the essay should contain the meat of the argument. you.docx
 
,submit a two page class reflections assignment in which you wil.docx
,submit a two page class reflections assignment in which you wil.docx,submit a two page class reflections assignment in which you wil.docx
,submit a two page class reflections assignment in which you wil.docx
 
,I’m doing research writing about the benefits of social media.docx
,I’m doing research writing about the benefits of social media.docx,I’m doing research writing about the benefits of social media.docx
,I’m doing research writing about the benefits of social media.docx
 
,I will attach the word file and it has all the instructions.I n.docx
,I will attach the word file and it has all the instructions.I n.docx,I will attach the word file and it has all the instructions.I n.docx
,I will attach the word file and it has all the instructions.I n.docx
 
,Check out attachments and read instructions before you make Hand .docx
,Check out attachments and read instructions before you make Hand .docx,Check out attachments and read instructions before you make Hand .docx
,Check out attachments and read instructions before you make Hand .docx
 
, you will pick a different disciplinary perspective from the .docx
, you will pick a different disciplinary perspective from the .docx, you will pick a different disciplinary perspective from the .docx
, you will pick a different disciplinary perspective from the .docx
 
,I’m doing research writing about the benefits of social media ..docx
,I’m doing research writing about the benefits of social media ..docx,I’m doing research writing about the benefits of social media ..docx
,I’m doing research writing about the benefits of social media ..docx
 
,Check out attachments and read instructions before you make Hand.docx
,Check out attachments and read instructions before you make Hand.docx,Check out attachments and read instructions before you make Hand.docx
,Check out attachments and read instructions before you make Hand.docx
 

Recently uploaded

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Recently uploaded (20)

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 

Final paper1 final paper1

  • 1. FINAL PAPER 1 FINAL PAPER 1. INTRODUCTION 3 2. THREAT AND VULNERABILITY ASSESSMENT 4 2.1. ASSESSMENT SCOPE 4 2.2. MEASURES TO THREATS AND VULNERABILITIES IN THE COMPANY 6 2.3. THREAT AGENTS AND POSSIBLE ATTACKS 7 2.4. EXPLOITABLE VULNERABILITIES 9 3. MITIGATION STRATEGY 10 4. BUSINESS CONTINUITY PLAN
  • 2. 14 4.1. TESTING A DISASTER RECOVERY PLAN 14 4.2. RISK MANAGEMENT PLAN 15 4.3. CHANGE MANAGEMENT PLAN IMPACT 16 5. SECURITY AWARENESS PROGRAM 17 6. CONCLUSION 19 7. REFERENCES 21 Introduction Gerić and Hutinski (2017), define threat as a potential harm or danger and Vulnerability as the exposure to possibility of harm. In information systems and organizational data, threats and vulnerabilities infer to the possible harms and possi ble exposure to harm of the information systems infrastructure and organizational data (Gerić & Hutinski, 2017). Tesla Company is a multinational company that as businesses in technological products such as cloud computing, artificial intelligence and e - commerce (Tran, Childerhouse & Deakins, 2016). Developing and categorizing a security mitigation strategy is essential for companies that deal with any kind of threat to their business. Risk mitigations strategies are designed to control, reduce, and eliminate known risks that threaten the business with a specified undertaking to prevent injury. The security awareness program is important especially to companies like Tesla. Each employee
  • 3. is supposed to be aware of their roles and responsibilities in fighting against cyber threat and attack. Training must be attended by every employee to completion and their capabilities tested in a simulated attack so that they can be familiar with the types of attack to expect. This paper is going to focus on the kind of policies and procedures that will help the Tesla Company to improve security awareness so that they can reduce the risk of cyber threats and attacks. 2. Threat and vulnerability assessment 2.1Assessment Scope Though in most cases threat and vulnerability assessment involve both physical and intangible assets like computer hard- wares ,organizational networks ,virtualization, database, cloud and mobile systems, this assessment would only focus on users and the intangible organizational assets which form the information system infrastructure of Tesla Inc. Precisely, the assessment would focus on cyber- related attacks on these information systems infrastructures. Tesla has a broad range of information system infrastructure which include, people, informati on systems, information security systems (Tanwar et al., 2019). Tesla’s primary information system assets include E-commerce and web-based services, namely, cloud computing, database, network, virtualization, mobile and inform systems. Diagram and Description of Items Involved In the Assessment Scope. Tesla Information System Infrastructure
  • 4. Cloud service Human resource E- Commerce Data Base System Cloud Service Cloud information system comprises of storage system and providence of virtualization programs to magnitude of companies all over the world. These services are available for subscribers and registered users that acquire the service in an order entry (Dhillon & Torkzadeh, 2016). Human Resource The Tesla human resource information system is a huge and complex system that not only acquires information of the companies merchants but also customer service information and product support persons that are responsible for product advertisements and taking care of customer issues (Tanwar et al., 2019). Database System The data base stores all the necessary organization data for analysis. Tesla database is associated with information transformation, product presentation and order entries that enhance customers’ preferences and customizations of the company’s products and services. Additionally, information processed can be useful to management in decision making and therefore is a prime priority of the company to protect its database information system (Scholz et al., 2020). E-Commerce These are the web based platforms that the company uses to advertise, promote and sale their products and services. Due to
  • 5. the proficiency of the company website and the facts that it’s one of the main platform for local and international business platform, the website is a prime target and should be protected from hackers (Tanwar et.al., 2019). 2.2 Measures to Threats and Vulnerabilities in the Company Tesla technology department (TTD) has various counter measures to mitigate the threats and vulnerabilities to their cyber systems. TTD hash provides Tesla’s computing clients with custom networks and data centres which are designed to protect the company information systems. TTD hash also puts in place network and web applications fire walls, encryptions, private connectivity options to protect the critical information system infrastructure in the company(Scholz et.al., 2020). Furthermore, Tesla protects it database through various encryptions such as, EBS, SQL Server RDS, Glacier and oracle RDS encryptions (Tanwar et al., 2019). The Tesla web platforms use the SSE (Server-side Encryption) to transmit sensible information and to encrypt the messaging queues. Another methods that Tesla has imposes to prevent cyber threats and attacks are use of hardware-based cryptographic keys in their storage facilities, compliance requirement and in accessing its database (Tanwar et al., 2019). 2.3 Threat Agents and Possible Attacks There are numerous agents of cyber threats and attack in Tesla information systems infrastructure. Most of these agents and attacks have been aimed at Tesla because of its leading position in the market and the amount of data the company processes. These threats and attacks include, Passwords Attacks, Phishing and Spear Phishing, Malware Or Viruses Attacks, SQL Injection Attacks, Denial Of Service, Eavesdropping, Man In The Middle Attack, Birthday Attacks, cross-site scripting And Distributed Denial Of Service (DDOS) (Scholz et.al., 2020). 1) Phishing refers to sending mails that contain harmful programs that siphon private information of the receipt; spear phishing attack occur the same as phishing attack but this time round the sender targets a particular group of people and
  • 6. conducts research on them (Scholz et.al., 2020). 2) Birthday attacks are generation of two random words that generate same message digest in the hash algorithm for digital signatures and messages. In SQL injection, the attackers execute SQL queries through malefactors in the client input servers. 3) Cross-site scripting happens when attackers place malicious scripts in unprotect websites to redirect client to the hackers sites (Farn, Lin & Fung, 2014). 4) For Denial of service (DoS), the malicious programs overpowers the systems to unable to react to resource request while Distributed Denial Of Service (DDoS) happens when a huge number of systems become impaired by attack and refuse to respond to service request (Farn et.al., 2014). 5) In man in Middle attack, the infiltrator inserts themselves between the clients and the servers. Middle man attack include, IP spoofing, and session hijacking (Gerić & Hutinski, 2017). 6) Password attack is designated on the authenticating process of a system. There are two types of password attacks; dictionary attacks and the brute-force password attack. A dictionary attack occurs through social engineering, guessing while brute- force occurs through accessing password database (Farn et.al., 2014). 7) Eavesdropping occurs when an attacker intercepts the network traffic usually through credit cards or obtaining passwords that client use to transmit over the network Threat Assets Impact Risk Phishing and spear phishing Critical high high Birthday attack Critical medium
  • 7. low Man in the middle attack Critical medium high Malware attack Critical high high Denial of service/ distributed denial of service Critical medium high Password attack Critical high Eavesdropping Critical low low Table 1: a summary of threats, impact and Risk 2.4 Exploitable Vulnerabilities Exploitable vulnerabilities refer to the system weakness that an attacker can use to perform their illegal activities within an information system. 1) Malware or viruses have been deemed one of the most exploitable vulnerabilities in any information system and Tesla systems are no exemption (Scholz et.al., 2020). Though Tesla as a technological company is deemed to have one of the most secure networks and information systems, malware are being developed every day implying that it one exploitable attackers may use to infiltrate into the company’s information systems infrastructure.
  • 8. 2) The company’s employees are also another exploitable vulnerability to the company. Employees are not only the primary architects of password attacks but also exploitable vulnerability when approached with phishing and spear phishing attacks (Gerić & Hutinski, 2017). 3) IOT (internet of things) is also another exploitable vulnerability in Tesla Company. Devices like smart printers, phones, refrigerators, coffee markers and manufacturing robots can be used to launch attacks on the company’s information system (Dhillon & Torkzadeh, 2016). 4) Updates are also another exploitable vulnerability. As much as these updates bring better program and system functionalities they bring new security vulnerabilities that attackers may exploit (Scholz et.al., 2020). Vulnerabilities Assets Impact Risk Malware/ viruses Critical high high employees Critical high high Internet of Things (IOT) Critical medium Medium Updates Critical high high Table 2: a summary of exploitable vulnerabilities, impact and
  • 9. Risk 3. Mitigation Strategies Developing and categorizing a security mitigation strategy is essential for companies that deal with any kind of threat to their business. Risk mitigations strategies are designed to control, reduce and eliminate known risks that threaten the business with a specified undertaking to prevent injury. These strategies when implemented will help prevent businesses that are vulnerable to cyber-attacks from being hacked. Tesla Company is a multinational company that as businesses in technological products such as cloud computing, artificial intelligence and e - commerce (Tran, Childerhouse & Deakins, 2016). This web- based services that the company operates makes it vulnerable to cyber based threats and attacks. This paper is going to look at the risk mitigation strategies that the company can employ to reduce, eliminate and control the impact of the cyber based threats and attacks. The first step to a risk mitigation strategy is to diagnose the business and find out the risks that the businesses faces. For Tesla Company, it faces numerous attacks from the Tesla information systems infrastructure. The attacks include malware or viruses attacks, passwords attacks, birthday attacks, phishing and spear phishing and cross-site scripting (Stergiopoulos et.al., 2015). All of these threats have a high impact if they happen and the risk that tesla faces from these kinds of attacks is high. Therefore, it is important for the company to come up with risk mitigation strategies to help prevent the attacks and keep the Tesla information systems infrastructure safe from cyber- attacks. Risks need to be taken on when the strategies that are designed reduces the risk to a very low level or as low as reasonably practicable (Talluri, Yildiz & Yoon, 2013). The company needs to choose the best mitigation strategy that would lower the risk probability and the severity of outcome. For optimal results to
  • 10. be obtain, more than one mitigation strategy should be employed by the company. The first mitigation strategy is risk avoidance where the company works at avoiding situations that have a high probability impact for damage and financial loss. For a company like Tesla, it has to employ this strategy to avoid risks such as cross-site scripting. This can be achieved by making sure the employs avoid malicious sites that could direct malware to the company servers. Phishing attacks can also be prevented through avoidance of opening mails from unknown sources which may contain viruses. Although avoidance is a good risk mitigation strategy, it does not always work as individuals will always be caught unawares to these kinds of attacks and the company has to employ strict measures to ensure avoidable threats and attacks do not happen. The company limits the risk it is exposed to by regulating the perceived risk. As such, the company works well at regulating the exposure of the company’s software to threats and attacks. For a company like Tesla, limiting the amount of risk would not be easy as it’s a multinational company that deals with a huge client base but it can put in measures such as limiting the websites that employees can go to such as social media and advertisement sites (Stergiopoulos et al., 2015). The company can block such sites and limit the risk of employees getting swayed to other potentially dangerous websites. The company can also restrict administrative privileges of some of the employees. Administration privileges allow employees to access sensitive information or bypass critical security settings. Limiting administrative privileges to a few employees will minimize the risk of the company getting threat or cyber- attacks. Another risk mitigating strategy is the multi-factor authentication. This is done through ensuring the system has several password protected access. This is especially crucial for users who perform privileged actions or those users that have the access to sensitive information. Tesla Company can employ
  • 11. this strategy which will help prevent potential threats or adversaries from accessing legitimate credentials which might facilitate further malicious activities. This would also make it easier to detect if a system is being hacked since the many layers of credentials would mean the hackers take more time to by-pass security therefore making it easier for the hack to be detected early. Patching the operating systems of the company is also a good risk mitigating strategy. Patching those devices that have a high risk of attack with extreme risk vulnerabilities for a period of time would prevent the company’s software from unnecessary threats and attacks (Menoni et.al. 2013). For Tesla Company, this strategy would be effective if they made sure the latest versions of the operating system are the ones that are used for the company’s operations. Any unsupported versions of the operating systems should be avoided by all means necessary. Application whitelisting is also a necessary risk mitigation strategy especially for a company like Tesla as it aims at preventing the execution of malicious programs and software. Whitelisting also identifies attempts on malicious execution of codes in the system and prevents the activity from going on before any kind of damage is done. Whitelisting also prevents the unauthorized use of software and programs which might increase the risk of attack. This risk mitigation strategy also prevents the installation of those programs and applications that might expose the company’s software to cyber-attacks. The company can also decide to transfer the risk by outsourcing their services to other companies, purchasing insurance for damages and loss incurred that are related to cyber-attacks or form a partnership with another company that employs the same services as them. For a company like Tesla they can outsource their services since they are a multinational company (Tran, Childerhouse & Deakins, 2016). This would ensure that they are exposed to limited risk and the cost of enforcing risk mitigation strategies can be shared with the other company. The company can also get insurance against damages caused by cyber-attacks
  • 12. as this would ensure that the company is well compensated in case they fall victim to an attack or threat that may cost a lot of money in damages. Daily backups of important programs, software, applications and configuration settings would ensure the information is kept safe and that it can be accessed again in case of a ransomware attack that was not anticipated or prevented (Menoni et.al. 2013). 4. Business Continuity Plan Concepts and practices of designing and implementing a business continuity and Disaster Recovery Plan The first concept is to ensure that servers are kept in diverse locations so that when one is damaged by disaster the other ones continue functioning and providing services to the customers. Ensuring that there is back up for all the software, programs and application will ensure quick recovery from a disaster (Carter, 2018). The next step is to ensure that there is a secondary source where data can be accessed. The company can outsource some of its services to another company so that in case of a disaster, provision of services can continue through the outsourced programs. 4.1. Testing a Disaster Recovery Plan Creating a checklist is the first thing to do where department heads and senior management assess the business continuity plan and the disaster recovery plan to improve on developments, update information. Setting up a simulation where servers are tested on their restoration and recovery capabilities. Some of these simulations involve testing in real life situations like loss recovery procedures and restoring backups. The employees should also be tested on staff safety, asset management, leadership response to disaster and relocation protocols after a disaster. Procedural drill and hands-on can be supported by a run- through. This is to ensure that important points of command and delegation channels are informed about what is expected of
  • 13. when disaster finally happens. These kinds of emergencies involve data replica tasks, stand-by server switch overs, data validation and cloud backups. 4.2. Risk Management Plan The risk management plan should include the budget of the entire plan. The plan needs to have a budget so that the company can have an idea how much it is going to cost them to manage risk. The plan should also have a time frame as the management needs to know the amount of time it would take for things like training to be completed. The plan also has to include every person’s roles and responsibilities as far as disaster management is concerned. This will ensure that employees have an idea of exactly what to do in case of a disaster (Chess, Fay & Thornton, 2017). The plan has to also include methodology and approaches so as to let people know exactly the procedures to be followed in case of a disaster. Probability of a disaster happening and the impact it will have to the company should also be included in the risk management plan. This will let the management be aware of the likelihood of a disaster happening and the damage it would cost to the company. Tracking should also be included in the plan where the management can track and know how things are going on and whether they are on schedule or not. It will also help the management know how the money that was budgeted is being spent in the implementation process of the plan. 4.3. Change management plan The change management plan ensures that the risk strategy has enough resources to be able to prevent disaster from happening as well as provide enough resources to cover the disaster recovery process. Change management also ensures whether the risk strategy that has been implemented will be effective or not. Having a bad change management can impact negatively on the business as people will have no idea what to do in case of a disaster.
  • 14. Through change management people can know the amount of time it will take for the company to recover from a disaster and the time it will take for business to go back to normal. The steps to take and procedures to follow in case of a disaster and how to prevent the disaster from happening will be determined by change management (Orlikowski & Hoffman, 2017). Concepts that should be included in a security plan for the development of secure software The concept and the planning of the software should be included to ensure the software is viable. This is to ensure that the software is efficient and free from cyber threats and attacks. The team that programs the software should be well trained in software security to ensure the software is always secure and free from attacks. They can also include safety measures such as multiple password entries to make it difficult to hack. The architecture and the design of the software should enable it to be secure and free from cyber threats and attacks. This includes modeling the software structure through adding third- party components that ensure the development of the software is sped up. The implementation of the software should include multiple process of debugging and testing the software to ensure its safe and secure. This would also involve simulations of real life cyber-attacks to improve its level of defense. 5. Security Awareness Program According to Eminağaoğlu, Uçar & Eren(2019), the security awareness program is a program done in a formal way whose goal is to train users about the potential threats to the company’s information system. This training is also supposed to help the company to avoid situations that may put the company’s data at risk. The goal of this program is to lower the level of the attack impact to the company, to enforce the procedures and policies that the company has put in place to protect its data and to also teach employees on the importance of taking personal responsibility to protect the information of the organization. For a multinational company like Tesla, this is
  • 15. an important program because it is the role of the employees to ensure they do their duty in the fight to prevent cyber threats and attacks. This paper is going to focus on the kind of policies and procedures that will help the Tesla Company to improve security awareness so that they can reduce the risk of cyber threats and attacks. All employees in the company are supposed to be given the permission to spend time learning about security awareness. This would help the employees to recognize that this is a priority not only to them but to the organization as well (Eminağaoğlu, Uçar & Eren, 2019). The C-Suite support is an important program that would ensure that time is allocated for the employees to complete the training module, come up with a training budget and ensuring the employees understand why cyber security is essential by setting the tone of the training stressing the importance keeping the company safe from cyber - attacks. For a company like Tesla this would ensure that all the executives and the management team are aware of how cyber- attacks happen and the impact of things like information disclosure, password theft and know how to detect a ransomware infection. Simulations on how attacks happen such as phishing would ensure employees are aware of the exact way the attack happen and how they are supposed to respond in such a scenario. The security awareness training that is created should be engaging as well as relevant to the subject topic. The next security awareness program is to personalize the campaign with each employee and make sure that they are relatable to the content that is being trained. Every employee is to be given specific role and responsibilities that they are familiar with and it rhymes with their jobs (Caldwell, 2016). This would ensure that all employees are aware of exactly the role that they have to play in the fight against cyber threats and attacks. Tesla Company is a multinational company with diverse employees from different countries. It would have to employ more personalized training like making the content available in several languages so that people can understand well why
  • 16. security awareness is important to the company. They are also supposed to know why they are supposed to make sure they are fully aware of their roles and responsibilities in the fight against cyber threats and attacks. The business continuity plan should be able to establish a new data center at the same or a different site if the first site is destroyed by a disaster. This would ensure that the operations are ongoing and that their clients do not miss out on the services being provided. For a multinational company like Tesla, the ability to recover from a disaster should be top priority (Cerullo & Cerullo, 2014). The companies provide its services to millions of people across the world and some even depend on their services to earn a living. Being able to recover from a disaster is important to ensure the business continues even despite the setback. The company should also be able to ensure they keep things running even during the disaster. The services should continue running even during planned outages such as maintenance and backups. For a company like Tesla scheduled maintenance and system backups happen most of the time so as to keep the software and the programs up to date. The company has to ensure that during this time operations do not stop and that the services keep on being provided (Savage, 2012). This can be achieved by ensuring that there is more than one server which would enable the company to keep on providing services despite the disruptions. The company is also supposed to ensure that they have the capability to access software and applications despite the disruptions. Tesla Company can achieve this by outsourcing some of their services so that the programs can be accessed remotely. The availability of these applications will ensure the customer is able to access the services of the company despite the disruptions. 6. Conclusion With increasing incidences of cybercrime activities that have been reported, it is important that organizations be vigilant in
  • 17. their efforts to mitigate potential cyber threats and attacks. Employing these risk mitigation strategies would help prevent the companies from potential cyber threats and attacks. This strategy can be implemented at an early level so that the company can prevent the attacks from an early stage, and it would also make employees be aware of the potential threats from an early stage. For Tesla Company, these strategies would help in prevention of the many potential attacks that they face daily. The security awareness program is important especially to companies like Tesla. Each employee is supposed to be aware of their roles and responsibilities in fighting against cyber threat and attack. Training must be attended by every employee to completion and their capabilities tested in a simulated attack so that they can be familiar with the types of attack to expect. The business is also supposed to have continuity strategies in place like outsourcing or having secondary servers to ensure the business in the company continues. 7. References Dhillon, G., & Torkzadeh, G. (2016). Value‐ focused assessment of information system security in organizations. Information Systems Journal, 16(3), 293-314. Farn, K. J., Lin, S. K., & Fung, A. R. W. (2014). A study on information security management system evaluation—assets, threat and vulnerability. Computer Standards & Interfaces, 26(6), 501-513. Gerić, S., & Hutinski, Ž. (2017). Information system security threats classifications. Journal of Information and organizational sciences, 31(1), 51-61. Im, G. P., & Baskerville, R. L. (2015). A longitudinal study of information system threat categories: the enduring problem of human error. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 36(4), 68-79. Scholz, R. W., Czichos, R., Parycek, P., & Lampoltshammer, T.
  • 18. J. (2020). Organizational vulnerability of digital threats: A first validation of an assessment method. European Journal of Operational Research, 282(2), 627-643. Tanwar, S., Thakkar, K., Thakor, R., & Singh, P. K. (2018). M- Tesla-based security assessment in wireless sensor network. Procedia computer science, 132, 1154-1162. Menoni, S., Molinari, D., Parker, D., Ballio, F., & Tapsell, S. (2012). Assessing multifaceted vulnerability and resilience in order to design risk-mitigation strategies. Natural Hazards, 64(3), 2057-2082. Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., & Gritzalis, D. (2015). Risk mitigation strategies for critical infrastructures based on graph centrality analysis. International Journal of Critical Infrastructure Protection, 10, 34-44. Talluri, S.,Yildiz, H., & Yoon, J. (2013). Assessing the efficiency of risk mitigation strategies in supply chains. Journal of Business logistics, 34(4), 253-269. Tran, T. T. H., Childerhouse, P., & Deakins, E. (2016). Supply chain information sharing: challenges and risk mitigation strategies. Journal of Manufacturing Technolo gy Management Carter, W. N. (2018). Disaster management: A disaster manager's handbook. Chess, B., A., Fay, S., & Thornton, R. (2017). U.S. Patent No. 7,207,065. Washington, DC: U.S. Patent and Trademark Office. Orlikowski, W., …