Uploaded byDamaineFranklinMScBE
355 views

Security Management

The document provides a comprehensive analysis of the July 2020 cyberattack on Twitter, where hackers utilized phone spear phishing to compromise 130 accounts and conduct a fraudulent bitcoin scam. Key lessons learned from the incident highlight the importance of leadership in cybersecurity, adequate authentication and access controls, and awareness training for staff regarding social engineering attacks. The report concludes with actions taken by Twitter to enhance its security measures post-attack.

Education
Related topics:
Security Management

Embed presentation

Downloaded 15 times
1 UEL-CN-7014 Security Management Assignment 1 Damaine Franklin Student #: R2104D12054733 08/26/2023
Security Management – Assignment 1 a1-Franklin-R2104D12054733 2 Table of Contents Part 1A: Cyber Attack..................................................................................................................... 3 Introduction ................................................................................................................................. 3 Incident Overview ....................................................................................................................... 4 Incident Analysis ......................................................................................................................... 5 Lessons Learned .......................................................................................................................... 9 Lesson 1: Lack of Leadership .................................................................................................. 9 Lesson 2: Inadequate Authentication and Access Control..................................................... 10 Lesson 3: Lack of Awareness................................................................................................. 10 Lesson 4: Lack of Real-Time Threat Detection..................................................................... 11 Actions Taken............................................................................................................................ 11 Conclusion................................................................................................................................. 12 Part 1B: Cyber Kill Chain............................................................................................................. 13 Part 2: Disaster Recovery and Business Continuity ..................................................................... 15 A Brief Review of The Incident ................................................................................................ 15 How Should Affected Companies Respond .............................................................................. 15 Business Continuity Information Security Policy ..................................................................... 16 Part 3: Security Management Questions....................................................................................... 19 The Benefits of ISO/IEC 27001 Certification. .......................................................................... 19 Recommended Audit ................................................................................................................. 22 Risk Management Process......................................................................................................... 24 References..................................................................................................................................... 26
Security Management – Assignment 1 a1-Franklin-R2104D12054733 3 Part 1A: Cyber Attack Report Analysis: Twitter’s Spear Phishing Attack July 2020 Introduction As a result of the recent COVID-19 pandemic, cybercrime has become such a lucrative industry that organizations around the world have had to adjust their cybersecurity postures to defend against the rise of sophisticated attack vectors. Among these attack vectors is social engineering, which, according to Fadhil (2023), is one of the most sophisticated cyber-attacks because there are no available hardware or software countermeasures to defend against it. The author further noted that the objective of social engineering tactics is to manipulate victims by taking advantage of their psychological vulnerabilities, such as fear, anxiety, trust, curiosity, or empathy, to gain access to secure facilities, systems, or data. There are numerous social engineering techniques; however, the technique of particular interest to this study is phone spear phishing, as it was reported to have been used in the July 2020 cyberattack against Twitter. Since the attack, there has been much discussion as to whether Twitter's incident response team could have preemptively identified and responded to the cyber intrusion much sooner. As a result, this study aims to provide a comprehensive report analysis of the July 2020 incident. This report analysis will begin with a brief overview of the incident. It then analyzes the incident to identify who or what was affected by the attack, the nature and severity of the attack, the threat actors involved, the systems and vulnerabilities exploited, and the actions taken. This report will also include a discussion on the lessons learned from the attack followed by a conclusion.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 4 Incident Overview On July 15, 2020, Twitter an American social media company, and other media outlets reported that hackers compromised 130 Twitter accounts of prominent users to promote fraudulent bitcoin scams, which raises national security concerns (Iyengar, 2020). Details of the attack indicated that the fraudsters employed a common social engineering technique known as phone spear phishing to deceive several of Twitter’s employees into divulging sensitive information, thereby granting them access to Twitter's internal tools and information systems (Suciu, 2020). Other sources reported that just after the hackers gained access to Twitter’s systems, the hackers were able to manipulate stolen user accounts and post tweets directly (BBC, 2020). This incident raised several security concerns in the United States since the accounts of prominent US officials and businessmen were hacked and used for high-profile Bitcoin scams. As a consequence of this assault against Twitter, the US Federal Bureau of Investigation (FBI), arrested and charged three suspects for their alleged role in the Twitter attack that occurred on July 15, 2020, (Witman & Mackelprang, 2021). According to the United States Attorney's Office for the Northern District of California (NDCA), the three individuals involved in the incident were 19-year-old Mason Sheppard from the United Kingdom, 22-year-old Nima Fazeli from Orlando, Florida, USA, and a third suspect whose identity is unknown due to the Federal Juvenile Delinquency Act, which protects juveniles during court proceedings (NDCA, 2020). The charges against these three individuals were identity theft, unauthorized access to a protected computer, fraud, and money laundering.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 5 The NDCA reported that the accomplices compromised more than 130 Twitter accounts and deceived the account owners and other users into depositing bitcoin currency to an anonymous bitcoin address with the promise of doubling the amount deposited as a charitable gesture. According to Muneer (n.d.), Just before Twitter’s technical team was able to lock down those compromised accounts, the hackers had already spoofed the victims and received 383 bitcoins which is equivalent to US$117,000. In addition, Muneer (n.d.) noted that the hackers would have stolen approximately $1,350,000 from over 6000 bitcoin transfers if Twitter and Bitcoin companies had not taken the necessary precautions. The following information will provide a detailed analysis of the incident. Incident Analysis According to a 2020 investigation report published by the Department of Financial Services in New York, Twitter became aware of the incident on July 15, however, the attack began on July 14, 2020, (DFS, 2020). The investigation found that the attack was carried out in three phases. Firstly, the attackers used social engineering to spoof vulnerable Twitter employees in order to gain access to their Network. Secondly, they seized user accounts with short OG Twitter handles and sold access to them. Thirdly, they seized and compromised the accounts of several prominent users with the intent of defrauding victims in a massive Bitcoin scam. According to the investigative report, the hackers began their assault against Twitter on July 14th . during that time many of Twitter’s employees were doing remote work because of the COVID-19 pandemic which created a huge problem for Twitter's infrastructure. As a result of the transition to working remotely, the hackers saw an opportunity to take advantage of employees' complaints about the VPN connection to Twister’s internal tools and resources. As a
Security Management – Assignment 1 a1-Franklin-R2104D12054733 6 point of entry, the hackers used a social engineering technique known as phone spear phishing to impersonate Twitter’s Help Desk representatives to lure several of Twitter’s employees into providing their login credentials on a phishing website which resembles Twitters legitimate VPN website. In a separate report, Muneer (n.d.) noted that in the initial phase of the attack, the hackers realized that the stolen credentials lacked the necessary privileges to escalate their attack. Consequently, Muneer (n.d.) also noted that on July 15, the attackers intensified their attack method by searching Twitter's intranet for information on how to utilize Twitter's internal applications. With this information, they were able to target those employees with higher privileges and access to Twitters internals tools. The 15th of July 2020 marks the beginning of a new phase in the wave of attacks against Twitter, as it was on that date that Twitter became aware of the incident. According to information gathered from several sources, the hackers seized control and compromised a large number of Twitter OG accounts in the early hours of the day with the intention of advertising their sale through an online messaging portal in exchange for bitcoin (DFS, 2020; Muneer, n.d.; Witman & Mackelprang, 2021). In another source, Thompson & Barrett (2020) reported that Twitter's cyber incident response team had detected the network intrusion at this stage of the attack, however, the chief technology officer (CTO) had not yet been notified. Due to this oversight, the hackers had more time to their advantage to launch the third phase of their attack. At this stage of the attack, both Muneer (n.d.) and DFS (2020) reported that the hackers targeted verified user accounts, which Twitter defines as accounts belonging to prominent users such as former U.S. president Barack Obama, businessman Bill Gates, Elon Musk, Jeff Bezos, Mike Bloomberg, and celebrities Kim Kardashian and Kanye West among others. In addition, the user accounts of popular companies were also seized and compromised such as Apple, Uber, and
Security Management – Assignment 1 a1-Franklin-R2104D12054733 7 well-known crypto currency companies and traders. This was yet another strategic move on the part of the hackers, as it allowed them to capitalize on the public's trust in verified Twitter accounts since people are more likely to respond to tweets from these accounts. The motive of the hackers at this stage in the attack process is to launch a Bitcoin scam using those stolen verified Twitter accounts. According to Twitter's investigation report, the hackers first hijacked a Bitcoin trader named “AngelBTC” and tweeted the following message to multiple Twitter users. Figure 1:Tweeted message from a hijacked crypto trader (DFS,2020). The objective of this bitcoin scam is to make fraudulent demands by convincing Twitter users to believe that the message originates from the legitimate owner of the account. The hackers then escalated their attack by tweeting payment requests directly from the accounts of ten cryptocurrency companies such as Binance, Gemini, Coinbase, and Square, Inc among others (DFS, 2020). In one such fraudulent scheme, the hackers sent a message with a link to a Bitcoin wallet from the Binance user account. In the tweet, the hackers posed as Binance and claimed that the company was returning millions of bitcoins to members of its community as shown below.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 8 Figure 2: Binance Tweet (DFS, 2020) According to the Twitters investigation report, the hackers then intensified their attack significantly by using some of those compromised verified Twitter accounts to send out bitcoin scam tweets which reached millions of potential victims. The hackers deceived their victims by claiming that the bitcoin amount they deposited into a fraudulent bitcoin wallet would be multiplied as a charitable gesture. According to a Twitter blog post dated July 18, 2020, the hackers targeted 130 Twitter accounts, but only 45 were used to broadcast bitcoin scam messages. In addition, they accessed the direct messaging inboxes of 36 and downloaded the Twitter user account Data of 7 (Twitter, 2020). In the final analysis, Witman & Mackelprang (2021) reported that over 300 Bitcoin transactions totaling approximately $118,000 were made to one of the Bitcoin wallets. Another source reported that the fraudsters' account had received 383 Bitcoin transactions, totaling $117,000 in stolen funds from its victims.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 9 Lessons Learned The July 2020 attack against Twitter has been a harrowing moment and a painful lesson learned. Many concerns have been raised in the aftermath of the attack about whether Twitter could have identified and detected the threat much sooner. According to the Twitter Investigation Report, several security flaws that contributed to the attack's success were identified. Each of these will be covered in detail in the sections that follow. Lesson 1: Lack of Leadership Twitters investigation report found that at the time of the attack, the social media giant lacked a chief information security officer (CISO) with dedicated responsibility for cybersecurity related incidents, resulting in the chief technology officer (CTO) assuming control of the situation. A review of Twitter's internal systems logs reveals that the hackers began reconnaissance in December 2019 at a time when there was no CISO. This was seven months prior to the incident which occurred July 14 and 15 (DFS, 2020). The lack of a CISO made Twitter vulnerable to the attack, particularly during a period when the risks associated with working remotely were high. Also, the months leading up to the time of the attack created a significant window of opportunity for the hackers to launch their attacks. Leadership is essential in any crisis and if Twitter had a CISO with specific roles and responsibilities for safeguarding its internal systems then the attack might have been detected much sooner.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 10 Lesson 2: Inadequate Authentication and Access Control The investigation report determines that although Twitter had some authentication and access control measures in place, they were not enough to prevent the attack (DFS, 2020). The report indicated that during the first phase of the attack, the attackers compromised the credentials of several Twitter employees then used them to authenticate themselves then access Twitters internal administrative tools. In a separate report, The New York Times discovered that the hackers boasted confidently that they had effectively gained access to Twitter's support tools and offered to sell coveted Twitter OG accounts (Popper & Conger, 2020). During the aftermath of the attack the Twitter investigation report found that there were too many people with access to Twitters administrative tools. Consequently, this vulnerability in authentication and access control gave the attacks leverage in the attack as they were able to target 130 user accounts, tweeted from 45, access the direct message of 36 users, and download the Twitter data of 8 users (DFS, 2020). During the attack, the investigation report discovered that more than 1,000 of Twitter’s employees had access to their internal tools. Thompson & Barnett (2020) noted that access to Twitter's internal tools should have been restricted to a small group of employees with specified job functions because too many people had access to too many things. Lesson 3: Lack of Awareness Since there are no hardware or software tools that can detect and defend against social engineering, the most effective countermeasure for detecting and preventing social engineering techniques is awareness training. Several sources reported that Twitter's staff lacked proper awareness training to detect social engineering tactics. According to a Twitter investigation report, the hackers used phone social engineering tactics to impersonate Twitter IT Helps Desk
Security Management – Assignment 1 a1-Franklin-R2104D12054733 11 to spoof the employees into logging their credentials on a phishing website (DFS, 2020). Considering the initiative to work remotely, it is common for Twitters employees to drop their guard since one of the primary modes of communication is the use of a telephone. This would provide Twitter with a convenient opportunity to have its employees aware of the tactics used in social engineering attacks. Lesson 4: Lack of Real-Time Threat Detection An essential lesson learned from this attack is that Twitter only became aware of the attack after the hackers had made significant progress on their network. The ability to detect and respond to cyber threats in a timely manner is crucial as it enables a more proactive cyber threat defense strategy. If Twitter had a comprehensive security monitoring program, it would have been able to detect and respond swiftly to the presents of the hackers on their network much sooner. Actions Taken In a series of blogs posted by Twitter on July 18 and 30, 2020, the company announced that they had put new protocols in place to prevent similar social engineering attacks. According to the blogs, one of the initial actions taken by Twitter was to secure and revoke access to internal systems in order to prevent attackers from gaining further access to our systems or individual accounts. Secondly, Twitter establishes an environment of zero trust by shutting down the user accounts of all employees and requiring each employee to change their password under supervision (Twitter, 2020). In an article published by Moon (2020), Twitter stated that they implemented new background check protocols for employees with access to administrative tools
Security Management – Assignment 1 a1-Franklin-R2104D12054733 12 and user data. In addition, Moon (2020) further noted that Twitter has made it mandatory for all employees involved in awareness training for future social engineering scams (Moon, 2020). Moreover, Twitter has implemented an event and security information management system, which is an anomaly detection system that records account usage, identifies insider threats, threat actors, and malicious intent (DFS, 2020). Conclusion In conclusion, this document examined the attack methods used against Twitter in the July 15 spear phishing attack. It was reported that cybercriminals employed rudimentary social engineering techniques to deceive Twitter’s employees into divulging sensitive information that was then used to compromise Twitter user accounts and initiate a bitcoin scam. This cyberattack demonstrates that large social media companies with essential infrastructures, such as Twitter, must be governed by stricter regulatory bodies. As a result of the attack, it taught Twitter some valuable lessons such as maintaining constant monitoring, improved authentication, and access control strategies. It also taught about the risks and cyber threats associated with working remotely.
13 Part 1B: Cyber Kill Chain Exploitation Delivery The attackers exploited the human vulnerabilities of Twitter employees obtained their account credentials from the phishing website, then used it to access Twitters internal system. Once inside Twitter network the attackers exploited Twitters access control system and targeted other employees who had access to account control. Weaponization The attackers then contacted Twitters employees, pretending to from Twitters IT helpdesk in response to a VPN issues. The attackers then used a social engineering technique known as phone spear phishing attack to direct Twitter employees to log into a phishing website that resembled Twitter’s VPN connection website. External Reconnaissance The attackers then used the LinkedIn information collected on Twitter employees to create a phishing website which resembles Twitters original VPN website. The hackers initiated their attack by searching LinkedIn for Twitter employees who were likely to have administrative privileges. Then the attackers posed as job recruiters on LinkedIn, obtained the mobile contact details of each Twitter employee and contacted them.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 14 Obfuscation Assault The hackers did not cover their digital footprints in order to divert the forensic investigation process that follows. All accomplices involved in the hack were arrested and charge not many days after the cyber incident. Sustainment The attackers seized control of several Twitter OG accounts who then advertised their sale in exchange for bitcoin. In addition to displaying screenshots of Twitter’s internal tools to persuade buyers. The attackers then escalated their assault by targeting verified user accounts to launch a bitcoin scam. Also, the attackers hijacked the accounts of several cryptocurrency traders and companies to promote a fraudulent bitcoin scam. Finally, the attackers then sent direct messages to numerous Twitter users requesting bitcoin payments to a bitcoin scam address. Exfiltration The attackers maintained their presence on Twitters internal network for several hours and remained undetected while freely roaming in the network for additional information that is valuable. The attackers infiltrate Twitters internal system seized controls of several employee user accounts. Then extract sensitive data from Twitters intranet to learn about how to access other internal applications. Note: As the primary objective of the attackers is to obtain access to the user's endpoint as a point of entry, stopping the attack at the employees' endpoints could drastically reduce the likelihood of success.
15 Part 2: Disaster Recovery and Business Continuity A Brief Review of The Incident On June 8, 2021, Fastly’s Content Deliver Network (CDN) experienced a global internet outage that impacted the delivery of services to its many clients for nearly an hour. According to Medina (2021), Fastly claimed responsibility for the outage and stated that the incident was caused by software update which they deployed on May 12, 2021. In another report, Nick Rockwell the senior vice president of engineering and infrastructure at Fastly added that the software update contained a vulnerability which was triggered when one of its customers changed their configuration settings (Rockwell, 2021). Fastly mitigated the incident and restored 95% of its network in 49 minutes. How Should Affected Companies Respond According to Ryan Sumner, Chief Architect at IBM cloud, a content delivery network (CDN) is a network of servers that are geographically dispersed and enable faster web performance by locating cache copies of web content closer to users (Sumner, 2019). As a result of the benefits of CDN, website publishers typically acquire CDN services to expedite the transmission of web content, reduce wait time and bandwidth usage, and reduce the cost and complexity of implementing their own infrastructure (Sumner, 2019). Although CDN services promises website availability and efficiency, the outage at Fastly shows that the service is not always reliable. Considering the recent Fastly outage Medina (2021), reported that some of Fastly’s customers were able to minimize the impact to their services by leveraging alternative providers to deliver content. For this reason, affected companies can implement the use of
Security Management – Assignment 1 a1-Franklin-R2104D12054733 16 alternative CDN providers as an incident response and disaster recovery strategy. By utilizing alternative CDN providers, website publishing companies can ensure business continuity, as content delivery will continue in the event that the primary CDN provider experiences a service interruption. This strategy also, reduces the risk of congestion or failure in a a single network (Hazout, 2023). Business Continuity Information Security Policy 1. Business Continuity Plan Category Administrative & Management Author Damaine Franklin - CISO Approved By Roy Davis – CEO Policy No. V 1.1, 08/15/23 Policy Date May 22, 2023 Protecive Marking Confidential 1.1. Overview The purpose of this business continuity plan is to safeguard the critical business processes and services from the effects of major systems failures exemplified by the global outage experienced on June 8, 2021. This disruption demonstrated the significance of business continuity and information security policies in assuring the continued operation of vital services. As a result, Fastly primary objective in the event of any disruption to our services, is to restore normal operation as quickly as feasible with minimal impact on our valued customers.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 17 1.2. Policy Statement This policy has been established to ensure the business continuity of Fastly’s services as a leading content delivery network service provider. We value the satisfaction of our customers and strive to maintain a long-term partnership both now and in the future. Our dedication to our customers entails the implementation of a thoroughly evaluated and sturdy business continuity strategy, with the aim of guaranteeing the resilience and effective functioning of the services we provide. 1.3. Scope of the Policy This policy applies to the incident response and disaster recovery department and staff at Fastly. This policy must be communicated effectively and ensure that all parties are in full compliance with this policy. Any violation of this policy will be considered professional misconduct, and offenders will be disciplined. 1.4. Maintenance Fastly’s chief information security officer (CISO) is responsible for the maintenance and revision of this policy document. 1.5. Roles and Responsibilities The management of Fastly has delegated the task of ensuring business continuity in the event of service disruption to the following team members. Name Role Responsibility Extensions Damaine Franklin CISO Enforce Policy guidelines and provide report to the CEO. 4112 Mike Brown CTO Coordinate with relevant team members to ensure network restoration 4105 Luke York IT Manager Ensure the availability of network services. 4141 Pub. Rela. Officer Dane Brown Ensure quality assurance with customers and stakeholders. 4111
Security Management – Assignment 1 a1-Franklin-R2104D12054733 18 1.6. Reporting Policy • In accordance with the guidelines outlined in this policy document, the chief information security officer must submit a monthly report to the chief executive officer outlining the measures in place to ensure business continuity and disaster recovery. • The public relation officer shall not disseminate any information to the public without the express authorization of the chief executive officer. 1.7. Restoration Policy • In the event of a disruption of services, the CISO shall coordinate with the IT manager to activate the incident response team. • The CTO shall provide the IT manager with the resource requirements to restore normal operation of the content delivery network. • The IT manager shall supervise the incident response team and ensure that all necessary measures are taken to restore network services. 1.8. Policy Compliance If you do not understand the implications of this policy and how it applies to you, consult the chief information officer for assistance for advice.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 19 Part 3: Security Management Questions The Benefits of ISO/IEC 27001 Certification. According to Calde (2018), information security is one of the most important concerns for businesses in modern society due to the value and volume of the data that drives their operations. In order to protect this valuable asset from sophisticated cyber threats and associated risks, a growing number of organizations are turning to established industry standards and frameworks to make substantial and meaningful enhancements to their information security management system (Dawson, 2019). When considering which industry standard to adopt, Calder (2018), noted that organizations may experience a sense of being overwhelmed due to the multitude of available alternatives. Among these alternatives is the ISO/IEC 27001, which is designed for those organizations whose business is information security. With this standard, Calder (2018) further noted that it is the only international standard established for auditing information security management systems and sets the baseline for its system requirements. In addition to adopting this standard, several organizations also sought certification which when achieved, build a level of trust, confidence, organizational excellence and position an organization as an attract prospects for investors (Dawson, 2019). There are numerous benefits associated with the adoption of ISO/IEC 27001 standards, and I have outlined a selection of notable ones in the table below.
20 The Benefits of ISO/IEC 27001 Certification. Business Risk Business Need Benefits Failure to adequately protect customer information. To reduce the risk and maintain customer data confidentiality Reduced Risk: 1. Improves information security by reducing the likelihood and impact of information security risks when breaches occur. 2. Provides better awareness and understanding of risk. Loss of customers and investors through damaged reputation from information breach. Prevent reputational damage from data breaches Protects Business Reputation: 1. Provides tools necessary to strengthen organizational information security systems, fostering a high level of trust and confidence between the organization, its customers, and its investors. Penalties associated with non-compliance Avoid regulatory fines Regulatory Compliance: 1. Helps an organization meet the legal and regulatory requirements for doing business in certain jurisdiction. Interruption to internal business operational procedures To designate specific duties and responsibilities in order to improve information security system management. Systematic Approach: 1. Improved structure and focus of all parties involved in the manager of the ISMS.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 21 Business Risk Business Need Benefits Consuming too much time, resource, and labor on repeated customer auditing Reduces time and resource on repeated auditing. Reduces Frequent Audit: 1. Reduces the need for repeat customer audits. Excessive expenditures on data security due to inappropriate business practices Reduce expenditure caused by inappropriate business practices regarding data security. Reduce Cost: 1. Reduces the cost associated with consequences of data breaches. Loss of business opportunities and contracts Attract business opportunities and contracts. Increase Business Opportunities: 1. Create recognition by business associates, government agencies and large organizations.
22 Recommended Audit On July 15, 2020, social media giant Twitter experienced a phone spear phishing attack that affected affect its internal network, composed several user accounts, and launch a bitcoin scam. The was a nightmare experience for Twitter and brought the company to its knees as they had to create an environment of zero trust in order to restore normal operations. According to Muneer (n.d.) the success of the attack was due to several vulnerabilities found in Twitters cyber security protocols such as lack of dedicated personal with responsibility to safeguard information security, inadequate access controls and poor monitoring systems among others. Although Twitter had some number of safeguards in place, they were inadequate to prevent the twitter attack. Twitter in a July 30, 2020, blob stated that there have been concerns following this incident around the tool and levels of employee access as at the time of the incident more than 1000 employees had access to Twitter information systems (Twitter, 2020). It was reported in the Twitter investigation report that at the beginning of the year, the IT Department guided the regulated units to assess and determine the pandemic's novel security risks. However, based on the report, Twitter did not implement any risk mitigation controls after March 2020 to manage the remote working risks (DFS, 2020). This presented an opportunity for the hackers to leverage. The problem would have been identified easily and fast with the regular recertification of access to the account for the changed responsibilities and roles. According to Twitter's investigation report (2020), the attack on Twitter demonstrates that a cybersecurity vulnerability can have a far-reaching effect. The report found that a large social media company like Twitter lacked adequate cybersecurity protection and did not have a chief information security officer at the time of the attack. Although Twitter is subject to a
Security Management – Assignment 1 a1-Franklin-R2104D12054733 23 number of regulations, such as the Securities and Exchange Commission, the Federal Trade Commission, and the New York SHIELD Act, the report notes that these regulations also apply to other companies; therefore, a dedicated regulator for social media companies is required. An important finding heighted in the report stated that Twitter and other large social media companies lack a dedicated cybersecurity regulatory framework; instead, they are self-regulated and bear no responsibility for significant cybersecurity breaches (DFS, 2020). The Twitter hack shows the problems of being self-regulated and highlighted the significance of regulatory guidance. The report further noted that it is imperative to establish proper controls in place to address the ever-evolving risks (DFS, 2020). Based on the previous discussion, it is obvious that Twitter was not in compliance with any dedicated regulatory institution that governs privacy and security of its information security systems. In context of this Twitter incident, an audit conducted in accordance with standards of ISO/IEC 27001 would have uncovered the vulnerabilities in Twitter’s system and reduced the impact of this attack. The ISO/IEC 27001 is the only standard which is specifically established to audit information security management systems and set the baseline for its systems requirements (ISO, 2013). Section 9.2 of the ISO/IEC 27001 framework contains guidelines for conducting internal auditing such as its planning, implementation, and maintenance. In addition, the ISO/IEC 27001 standard auditing guidelines ensure that an organization’s information system has adequate controls in place to reduce the likelihood of cyber incidents and the potential risks. If vulnerabilities are discovered during the auditing process, the ISO/IEC 27001 standard provides the necessary guidelines for mitigating those vulnerabilities.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 24 Risk Management Process Given the incident described in Part 2, the ISO 31000 risk management framework would offer Fastly substantial benefits in preventing a repeat of the disruption to their services cause by an outage which occurred on June 8, 2021. ISO 31000 was published as a standard on the 13th of November 2009 and provides a standard and guidelines for the implementation of risk management (Scannell & Curkovic, 2013). According to Scannell & Curkovic (2013), this risk management framework can be used by any organization regardless of its industry, size, or activity. This risk management framework provides organizations with a proactive approach to identifying, analyzing, evaluating, treating risks, and allocating resources for risk treatment more effectively (ISO, 2018). Each step of the risk management process is detailed below. • Establishing Context: At this first step Fastly is required to establish the context. This is a clear understanding of the type of industry, the jurisdiction which the company operates in and the laws and regulations which govern business operations in that jurisdiction. • Risk Assessment: Now that Fastly has established the context in which their company operates, the second step is to assess the risk by identification, analysis, and evaluation. Risk identification is the first stage, which entails assessing Fastly’s assets to determine its vulnerabilities and potential threats. Once the risk is identified, an analysis is conducted on the risk to determine the likelihood and impact level of the risk. The impact level of the risk can be classified as either significant, minor, moderate, major, or catastrophic. After the risk analysis, an evolution of the risk is performed to prioritize the risk. This is done by assigning values to the risk to indicate its level of severity such as high medium or low.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 25 • Risk Treatment: During the risk treatment stage, controls are designed and implemented to decrease the likelihood of the risk such as occasionally, seldom, frequently, or unlikely. The risk treatment also involves an impact assessment, a decision to either avoid the risk entirely or transfer the risk to third-party control management. • Monitoring and Review: Following the risk assessment, monitoring, and reviewing procedures are implemented. This guarantees that Fastly has a resilient, proactive, and ever-evolving risk assessment management process. • Communication and Consultation: At this final stage, Fastly is required to open a line of communication especially among the impacted asset's primary stakeholders. This ensures that all stakeholders involved are made aware of and understand the decisions surrounding the actions taken and the choice of treatment selected.
Security Management – Assignment 1 a1-Franklin-R2104D12054733 26 References BBC, 2020. Twitter hack: Staff tricked by phone spear-phishing scam. [Online] Available at: https://www.bbc.com/news/technology-53607374 [Accessed 31 July 2023]. Calder, A., 2018. Information Security & ISO 27001: An Introduction. s.l.:s.n. Dawson, S., 2019. The Benefits of Implementing ISO 27001. [Online] Available at: https://www.thecoresolution.com/the-benefits-of-implementing-iso-27001 [Accessed 19 August 2023]. DFS, 2020. Twitter Investigation Report, New York: Department of Financial Services. Fadhil, H. S., 2023. Social Engineering Attacks Techniques. International Journal of Progresive Research in Engineering Management and Science, 03(01), pp. 18-20. Hazout, R., 2023. Multi-CDN Strategy: Benefits And Best Practices. [Online] Available at: https://www.ioriver.io/blog/multi-cdn-strategy [Accessed 14 August 2023]. Iyengar, R., 2020. CNN Business. [Online] Available at: https://edition.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill- gates/index.html [Accessed 29 July 2023].
Security Management – Assignment 1 a1-Franklin-R2104D12054733 27 Medina, A., 2021. Inside the Fastly Outage: Analysis and Lessons Learned. [Online] Available at: https://www.thousandeyes.com/blog/inside-the-fastly-outage-analysis-and-lessons- learned [Accessed 14 August 2023]. Moon, M., 2020. Twitter's changes since the June attack include requiring security keys. [Online] Available at: https://www.engadget.com/twitters-security-changes-july-attack-054328827.html [Accessed 11 August 2023]. Muneer, A., n.d. 2020 Phishing Attack on Twitter, its Analysis and Countermeasures, London: Northumbria University. NDCA, 2020. Three Individuals Charged For Alleged Roles In Twitter Hack. [Online] Available at: https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles- twitter-hack [Accessed 31 July 2023]. Popper, N. & Conger, K., 2020. Hackers Tell the Story of the Twitter Attack From the Inside. [Online] Available at: https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html [Accessed 10 August 2023]. Rockwell, N., 2021. Summary of June 8 outage. [Online] Available at: https://www.fastly.com/blog/summary-of-june-8-outage [Accessed 14 August 2023].
Security Management – Assignment 1 a1-Franklin-R2104D12054733 28 Statista, 2023. Most commonly reported cyber crime categories worldwide in 2022, by number of individuals affected. [Online] Available at: https://www.statista.com/statistics/184083/commonly-reported-types-of-cyber- crime-global/ [Accessed 30 July 2023]. Suciu, P., 2020. Forbes. [Online] Available at: https://www.forbes.com/sites/petersuciu/2020/08/01/twitter-spear-phishing-attack- highlights-security-weaknesses-of-social-media/?sh=651f9f027a29 [Accessed 29 July 2023]. Sumner, R., 2019. What is a Content Delivery Network (CDN)?. [Online] Available at: https://www.ibm.com/topics/content-delivery-networks [Accessed 14 August 2023]. Thompson, N. & Barrett, B., 2020. How Twitter Survived Its Biggest Hack—and Plans to Stop the Next One. [Online] Available at: https://www.wired.com/story/inside-twitter-hack-election-plan/ [Accessed 8 August 2023]. Twitter, 2020. An update on our security incident. [Online] Available at: https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security- incident [Accessed 8 August 2023].
Security Management – Assignment 1 a1-Franklin-R2104D12054733 29 Witman, P. & Mackelprang, S. M., 2021. The 2020 Twitter Hack – So Many Lessons to Be Learned. Journal of Cybersecurity Education, Research and Practice, 2(2), pp. 1-11.

More Related Content

PDF
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
byDamaineFranklinMScBE
 
PDF
Digital Forensics Assignment One UEL and Unicaf
byDamaineFranklinMScBE
 
PDF
Security Management
byDamaineFranklinMScBE
 
PDF
Computer Security - Case Study
byDamaineFranklinMScBE
 
PDF
IT and Internet Law
byDamaineFranklinMScBE
 
PPTX
Data breach presentation
byBradford Bach
 
PPTX
Analyzing Cyber-Attacks: Case Studies of Five Organizations
byBoston Institute of Analytics
 
PDF
How to Reduce the Attack Surface Created by Your Cyber-Tools
byEnterprise Management Associates
 
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
byDamaineFranklinMScBE
 
Digital Forensics Assignment One UEL and Unicaf
byDamaineFranklinMScBE
 
Security Management
byDamaineFranklinMScBE
 
Computer Security - Case Study
byDamaineFranklinMScBE
 
IT and Internet Law
byDamaineFranklinMScBE
 
Data breach presentation
byBradford Bach
 
Analyzing Cyber-Attacks: Case Studies of Five Organizations
byBoston Institute of Analytics
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
byEnterprise Management Associates
 

What's hot

PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
PDF
Cloud-forensics
byanupriti
 
PPT
Mobile forensics
bynoorashams
 
PPTX
Memory forensics
bySunil Kumar
 
PDF
Lecture #31 : Windows Forensics
byDr. Ramchandra Mangrulkar
 
PDF
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
PDF
04 Evidence Collection and Data Seizure - Notes
byKranthi
 
PDF
Fake Reviews Detection using Supervised Machine Learning
byIRJET Journal
 
ODT
Operating System Forensics
byArunJS5
 
PPT
Introduction to computer forensic
byOnline
 
PDF
Cyber forensics and auditing
bySweta Kumari Barnwal
 
PPTX
Processing Crimes and Incident Scenes
byprimeteacher32
 
PPTX
Computer forensics
bydeaneal
 
PDF
Fundamental digital forensik
bynewbie2019
 
PPTX
Security & Protection in Operating System
byMeghaj Mallick
 
PPTX
Mobile Forensics
byprimeteacher32
 
PPT
Computer forensics
byShreya Singireddy
 
PPT
CISA Review Course Slides - Part1
byIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
PPTX
Computer forensics and its role
bySudeshna Basak
 
PPTX
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
bySandeep Maurya
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
Cloud-forensics
byanupriti
 
Mobile forensics
bynoorashams
 
Memory forensics
bySunil Kumar
 
Lecture #31 : Windows Forensics
byDr. Ramchandra Mangrulkar
 
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
04 Evidence Collection and Data Seizure - Notes
byKranthi
 
Fake Reviews Detection using Supervised Machine Learning
byIRJET Journal
 
Operating System Forensics
byArunJS5
 
Introduction to computer forensic
byOnline
 
Cyber forensics and auditing
bySweta Kumari Barnwal
 
Processing Crimes and Incident Scenes
byprimeteacher32
 
Computer forensics
bydeaneal
 
Fundamental digital forensik
bynewbie2019
 
Security & Protection in Operating System
byMeghaj Mallick
 
Mobile Forensics
byprimeteacher32
 
Computer forensics
byShreya Singireddy
 
CISA Review Course Slides - Part1
byIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Computer forensics and its role
bySudeshna Basak
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
bySandeep Maurya
 

Similar to Security Management

DOCX
My new proposal (1).docx
byAttaUrRahman78
 
PPTX
Cyber challenge during this pandemic
byPARTHO KUMAR SAHA
 
PDF
Axxera End Point Security Protection
byShawn Crimson
 
PDF
List of data breaches and cyber attacks in january 2022
byndcmanagement
 
PDF
Cyber attack awareness and prevention in network security
byIJICTJOURNAL
 
PDF
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
byCSCJournals
 
PDF
Egypt Cloud Day, May2011-- Information Assurance
byEgypt Cloud Forum
 
PPTX
EMAIL SPOOFING cyber security presentation.pptx
byShrutha4
 
PDF
An overview study on cyber crimes in internet
byAlexander Decker
 
PDF
The Evolving Landscape on Information Security
bySimoun Ung
 
DOCX
Case 11. What exactly occurred Twitter is one of popular soci.docx
bytidwellveronique
 
DOCX
CJUS 610Servant Leadership Project InstructionsBased on your o.docx
bysleeperharwell
 
DOCX
CJUS 610Servant Leadership Project InstructionsBased on your o.docx
bymccormicknadine86
 
PDF
Effects of IT Governance Measures on Cyber-attack Incidents
byThe International Journal of Business Management and Technology
 
PPTX
INFO.pptx this is reagarding to the information system security and types of ...
bysagar490070
 
PPTX
threats vulnerabilities and cyber attacks
byreyesmajaangela
 
DOCX
Cyber Security.docx
byTanushreeChakraborty27
 
DOCX
Data Breach Research Plan 72415 FINAL
byJoseph White MPA CPM
 
DOCX
In Chapter 5, the interesting and controversial topic of cyber secur.docx
bydunningblair
 
PDF
Top 10 Cyber Crimes That Shocked the World.pdf
bymanisha06650
 
My new proposal (1).docx
byAttaUrRahman78
 
Cyber challenge during this pandemic
byPARTHO KUMAR SAHA
 
Axxera End Point Security Protection
byShawn Crimson
 
List of data breaches and cyber attacks in january 2022
byndcmanagement
 
Cyber attack awareness and prevention in network security
byIJICTJOURNAL
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
byCSCJournals
 
Egypt Cloud Day, May2011-- Information Assurance
byEgypt Cloud Forum
 
EMAIL SPOOFING cyber security presentation.pptx
byShrutha4
 
An overview study on cyber crimes in internet
byAlexander Decker
 
The Evolving Landscape on Information Security
bySimoun Ung
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
bytidwellveronique
 
CJUS 610Servant Leadership Project InstructionsBased on your o.docx
bysleeperharwell
 
CJUS 610Servant Leadership Project InstructionsBased on your o.docx
bymccormicknadine86
 
Effects of IT Governance Measures on Cyber-attack Incidents
byThe International Journal of Business Management and Technology
 
INFO.pptx this is reagarding to the information system security and types of ...
bysagar490070
 
threats vulnerabilities and cyber attacks
byreyesmajaangela
 
Cyber Security.docx
byTanushreeChakraborty27
 
Data Breach Research Plan 72415 FINAL
byJoseph White MPA CPM
 
In Chapter 5, the interesting and controversial topic of cyber secur.docx
bydunningblair
 
Top 10 Cyber Crimes That Shocked the World.pdf
bymanisha06650
 

More from DamaineFranklinMScBE

PDF
Was December 25 the Actual Birth Date of Christ? A Biblical Investigation: Le...
byDamaineFranklinMScBE
 
PDF
Interpreting the References to Jesus’ Brothers and Sisters in Scripture
byDamaineFranklinMScBE
 
PDF
Internet of Things IoT Incomplete Thesis.pdf
byDamaineFranklinMScBE
 
PDF
Formative Task 3: Social Engineering Attacks
byDamaineFranklinMScBE
 
PDF
Classical Cryptography and Digital Encryption
byDamaineFranklinMScBE
 
PDF
Identity, Authentication, and Access Control
byDamaineFranklinMScBE
 
PDF
ebay_data_breach
byDamaineFranklinMScBE
 
PDF
Ebay cyber attack
byDamaineFranklinMScBE
 
PDF
Is online education an effective replacement for traditional classroom teaching?
byDamaineFranklinMScBE
 
PDF
What is The Role of Students in Online Courses?
byDamaineFranklinMScBE
 
PDF
Case Study.pdf
byDamaineFranklinMScBE
 
PDF
IT & Internet Law
byDamaineFranklinMScBE
 
Was December 25 the Actual Birth Date of Christ? A Biblical Investigation: Le...
byDamaineFranklinMScBE
 
Interpreting the References to Jesus’ Brothers and Sisters in Scripture
byDamaineFranklinMScBE
 
Internet of Things IoT Incomplete Thesis.pdf
byDamaineFranklinMScBE
 
Formative Task 3: Social Engineering Attacks
byDamaineFranklinMScBE
 
Classical Cryptography and Digital Encryption
byDamaineFranklinMScBE
 
Identity, Authentication, and Access Control
byDamaineFranklinMScBE
 
ebay_data_breach
byDamaineFranklinMScBE
 
Ebay cyber attack
byDamaineFranklinMScBE
 
Is online education an effective replacement for traditional classroom teaching?
byDamaineFranklinMScBE
 
What is The Role of Students in Online Courses?
byDamaineFranklinMScBE
 
Case Study.pdf
byDamaineFranklinMScBE
 
IT & Internet Law
byDamaineFranklinMScBE
 

Recently uploaded

PDF
Intellectual Property Rights II Types (IPR)
byAmit Gangwal
 
PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PDF
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PDF
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PPTX
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PDF
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PDF
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
PDF
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PDF
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
PDF
"Perfection of a Kind": A New Critical Reading of W.H. Auden’s Epitaph on a T...
byKruti Vyas
 
Intellectual Property Rights II Types (IPR)
byAmit Gangwal
 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
"Perfection of a Kind": A New Critical Reading of W.H. Auden’s Epitaph on a T...
byKruti Vyas
 

Security Management

  • 1.
    1 UEL-CN-7014 Security Management Assignment1 Damaine Franklin Student #: R2104D12054733 08/26/2023
  • 2.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 2 Table of Contents Part 1A: Cyber Attack..................................................................................................................... 3 Introduction ................................................................................................................................. 3 Incident Overview ....................................................................................................................... 4 Incident Analysis ......................................................................................................................... 5 Lessons Learned .......................................................................................................................... 9 Lesson 1: Lack of Leadership .................................................................................................. 9 Lesson 2: Inadequate Authentication and Access Control..................................................... 10 Lesson 3: Lack of Awareness................................................................................................. 10 Lesson 4: Lack of Real-Time Threat Detection..................................................................... 11 Actions Taken............................................................................................................................ 11 Conclusion................................................................................................................................. 12 Part 1B: Cyber Kill Chain............................................................................................................. 13 Part 2: Disaster Recovery and Business Continuity ..................................................................... 15 A Brief Review of The Incident ................................................................................................ 15 How Should Affected Companies Respond .............................................................................. 15 Business Continuity Information Security Policy ..................................................................... 16 Part 3: Security Management Questions....................................................................................... 19 The Benefits of ISO/IEC 27001 Certification. .......................................................................... 19 Recommended Audit ................................................................................................................. 22 Risk Management Process......................................................................................................... 24 References..................................................................................................................................... 26
  • 3.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 3 Part 1A: Cyber Attack Report Analysis: Twitter’s Spear Phishing Attack July 2020 Introduction As a result of the recent COVID-19 pandemic, cybercrime has become such a lucrative industry that organizations around the world have had to adjust their cybersecurity postures to defend against the rise of sophisticated attack vectors. Among these attack vectors is social engineering, which, according to Fadhil (2023), is one of the most sophisticated cyber-attacks because there are no available hardware or software countermeasures to defend against it. The author further noted that the objective of social engineering tactics is to manipulate victims by taking advantage of their psychological vulnerabilities, such as fear, anxiety, trust, curiosity, or empathy, to gain access to secure facilities, systems, or data. There are numerous social engineering techniques; however, the technique of particular interest to this study is phone spear phishing, as it was reported to have been used in the July 2020 cyberattack against Twitter. Since the attack, there has been much discussion as to whether Twitter's incident response team could have preemptively identified and responded to the cyber intrusion much sooner. As a result, this study aims to provide a comprehensive report analysis of the July 2020 incident. This report analysis will begin with a brief overview of the incident. It then analyzes the incident to identify who or what was affected by the attack, the nature and severity of the attack, the threat actors involved, the systems and vulnerabilities exploited, and the actions taken. This report will also include a discussion on the lessons learned from the attack followed by a conclusion.
  • 4.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 4 Incident Overview On July 15, 2020, Twitter an American social media company, and other media outlets reported that hackers compromised 130 Twitter accounts of prominent users to promote fraudulent bitcoin scams, which raises national security concerns (Iyengar, 2020). Details of the attack indicated that the fraudsters employed a common social engineering technique known as phone spear phishing to deceive several of Twitter’s employees into divulging sensitive information, thereby granting them access to Twitter's internal tools and information systems (Suciu, 2020). Other sources reported that just after the hackers gained access to Twitter’s systems, the hackers were able to manipulate stolen user accounts and post tweets directly (BBC, 2020). This incident raised several security concerns in the United States since the accounts of prominent US officials and businessmen were hacked and used for high-profile Bitcoin scams. As a consequence of this assault against Twitter, the US Federal Bureau of Investigation (FBI), arrested and charged three suspects for their alleged role in the Twitter attack that occurred on July 15, 2020, (Witman & Mackelprang, 2021). According to the United States Attorney's Office for the Northern District of California (NDCA), the three individuals involved in the incident were 19-year-old Mason Sheppard from the United Kingdom, 22-year-old Nima Fazeli from Orlando, Florida, USA, and a third suspect whose identity is unknown due to the Federal Juvenile Delinquency Act, which protects juveniles during court proceedings (NDCA, 2020). The charges against these three individuals were identity theft, unauthorized access to a protected computer, fraud, and money laundering.
  • 5.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 5 The NDCA reported that the accomplices compromised more than 130 Twitter accounts and deceived the account owners and other users into depositing bitcoin currency to an anonymous bitcoin address with the promise of doubling the amount deposited as a charitable gesture. According to Muneer (n.d.), Just before Twitter’s technical team was able to lock down those compromised accounts, the hackers had already spoofed the victims and received 383 bitcoins which is equivalent to US$117,000. In addition, Muneer (n.d.) noted that the hackers would have stolen approximately $1,350,000 from over 6000 bitcoin transfers if Twitter and Bitcoin companies had not taken the necessary precautions. The following information will provide a detailed analysis of the incident. Incident Analysis According to a 2020 investigation report published by the Department of Financial Services in New York, Twitter became aware of the incident on July 15, however, the attack began on July 14, 2020, (DFS, 2020). The investigation found that the attack was carried out in three phases. Firstly, the attackers used social engineering to spoof vulnerable Twitter employees in order to gain access to their Network. Secondly, they seized user accounts with short OG Twitter handles and sold access to them. Thirdly, they seized and compromised the accounts of several prominent users with the intent of defrauding victims in a massive Bitcoin scam. According to the investigative report, the hackers began their assault against Twitter on July 14th . during that time many of Twitter’s employees were doing remote work because of the COVID-19 pandemic which created a huge problem for Twitter's infrastructure. As a result of the transition to working remotely, the hackers saw an opportunity to take advantage of employees' complaints about the VPN connection to Twister’s internal tools and resources. As a
  • 6.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 6 point of entry, the hackers used a social engineering technique known as phone spear phishing to impersonate Twitter’s Help Desk representatives to lure several of Twitter’s employees into providing their login credentials on a phishing website which resembles Twitters legitimate VPN website. In a separate report, Muneer (n.d.) noted that in the initial phase of the attack, the hackers realized that the stolen credentials lacked the necessary privileges to escalate their attack. Consequently, Muneer (n.d.) also noted that on July 15, the attackers intensified their attack method by searching Twitter's intranet for information on how to utilize Twitter's internal applications. With this information, they were able to target those employees with higher privileges and access to Twitters internals tools. The 15th of July 2020 marks the beginning of a new phase in the wave of attacks against Twitter, as it was on that date that Twitter became aware of the incident. According to information gathered from several sources, the hackers seized control and compromised a large number of Twitter OG accounts in the early hours of the day with the intention of advertising their sale through an online messaging portal in exchange for bitcoin (DFS, 2020; Muneer, n.d.; Witman & Mackelprang, 2021). In another source, Thompson & Barrett (2020) reported that Twitter's cyber incident response team had detected the network intrusion at this stage of the attack, however, the chief technology officer (CTO) had not yet been notified. Due to this oversight, the hackers had more time to their advantage to launch the third phase of their attack. At this stage of the attack, both Muneer (n.d.) and DFS (2020) reported that the hackers targeted verified user accounts, which Twitter defines as accounts belonging to prominent users such as former U.S. president Barack Obama, businessman Bill Gates, Elon Musk, Jeff Bezos, Mike Bloomberg, and celebrities Kim Kardashian and Kanye West among others. In addition, the user accounts of popular companies were also seized and compromised such as Apple, Uber, and
  • 7.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 7 well-known crypto currency companies and traders. This was yet another strategic move on the part of the hackers, as it allowed them to capitalize on the public's trust in verified Twitter accounts since people are more likely to respond to tweets from these accounts. The motive of the hackers at this stage in the attack process is to launch a Bitcoin scam using those stolen verified Twitter accounts. According to Twitter's investigation report, the hackers first hijacked a Bitcoin trader named “AngelBTC” and tweeted the following message to multiple Twitter users. Figure 1:Tweeted message from a hijacked crypto trader (DFS,2020). The objective of this bitcoin scam is to make fraudulent demands by convincing Twitter users to believe that the message originates from the legitimate owner of the account. The hackers then escalated their attack by tweeting payment requests directly from the accounts of ten cryptocurrency companies such as Binance, Gemini, Coinbase, and Square, Inc among others (DFS, 2020). In one such fraudulent scheme, the hackers sent a message with a link to a Bitcoin wallet from the Binance user account. In the tweet, the hackers posed as Binance and claimed that the company was returning millions of bitcoins to members of its community as shown below.
  • 8.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 8 Figure 2: Binance Tweet (DFS, 2020) According to the Twitters investigation report, the hackers then intensified their attack significantly by using some of those compromised verified Twitter accounts to send out bitcoin scam tweets which reached millions of potential victims. The hackers deceived their victims by claiming that the bitcoin amount they deposited into a fraudulent bitcoin wallet would be multiplied as a charitable gesture. According to a Twitter blog post dated July 18, 2020, the hackers targeted 130 Twitter accounts, but only 45 were used to broadcast bitcoin scam messages. In addition, they accessed the direct messaging inboxes of 36 and downloaded the Twitter user account Data of 7 (Twitter, 2020). In the final analysis, Witman & Mackelprang (2021) reported that over 300 Bitcoin transactions totaling approximately $118,000 were made to one of the Bitcoin wallets. Another source reported that the fraudsters' account had received 383 Bitcoin transactions, totaling $117,000 in stolen funds from its victims.
  • 9.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 9 Lessons Learned The July 2020 attack against Twitter has been a harrowing moment and a painful lesson learned. Many concerns have been raised in the aftermath of the attack about whether Twitter could have identified and detected the threat much sooner. According to the Twitter Investigation Report, several security flaws that contributed to the attack's success were identified. Each of these will be covered in detail in the sections that follow. Lesson 1: Lack of Leadership Twitters investigation report found that at the time of the attack, the social media giant lacked a chief information security officer (CISO) with dedicated responsibility for cybersecurity related incidents, resulting in the chief technology officer (CTO) assuming control of the situation. A review of Twitter's internal systems logs reveals that the hackers began reconnaissance in December 2019 at a time when there was no CISO. This was seven months prior to the incident which occurred July 14 and 15 (DFS, 2020). The lack of a CISO made Twitter vulnerable to the attack, particularly during a period when the risks associated with working remotely were high. Also, the months leading up to the time of the attack created a significant window of opportunity for the hackers to launch their attacks. Leadership is essential in any crisis and if Twitter had a CISO with specific roles and responsibilities for safeguarding its internal systems then the attack might have been detected much sooner.
  • 10.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 10 Lesson 2: Inadequate Authentication and Access Control The investigation report determines that although Twitter had some authentication and access control measures in place, they were not enough to prevent the attack (DFS, 2020). The report indicated that during the first phase of the attack, the attackers compromised the credentials of several Twitter employees then used them to authenticate themselves then access Twitters internal administrative tools. In a separate report, The New York Times discovered that the hackers boasted confidently that they had effectively gained access to Twitter's support tools and offered to sell coveted Twitter OG accounts (Popper & Conger, 2020). During the aftermath of the attack the Twitter investigation report found that there were too many people with access to Twitters administrative tools. Consequently, this vulnerability in authentication and access control gave the attacks leverage in the attack as they were able to target 130 user accounts, tweeted from 45, access the direct message of 36 users, and download the Twitter data of 8 users (DFS, 2020). During the attack, the investigation report discovered that more than 1,000 of Twitter’s employees had access to their internal tools. Thompson & Barnett (2020) noted that access to Twitter's internal tools should have been restricted to a small group of employees with specified job functions because too many people had access to too many things. Lesson 3: Lack of Awareness Since there are no hardware or software tools that can detect and defend against social engineering, the most effective countermeasure for detecting and preventing social engineering techniques is awareness training. Several sources reported that Twitter's staff lacked proper awareness training to detect social engineering tactics. According to a Twitter investigation report, the hackers used phone social engineering tactics to impersonate Twitter IT Helps Desk
  • 11.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 11 to spoof the employees into logging their credentials on a phishing website (DFS, 2020). Considering the initiative to work remotely, it is common for Twitters employees to drop their guard since one of the primary modes of communication is the use of a telephone. This would provide Twitter with a convenient opportunity to have its employees aware of the tactics used in social engineering attacks. Lesson 4: Lack of Real-Time Threat Detection An essential lesson learned from this attack is that Twitter only became aware of the attack after the hackers had made significant progress on their network. The ability to detect and respond to cyber threats in a timely manner is crucial as it enables a more proactive cyber threat defense strategy. If Twitter had a comprehensive security monitoring program, it would have been able to detect and respond swiftly to the presents of the hackers on their network much sooner. Actions Taken In a series of blogs posted by Twitter on July 18 and 30, 2020, the company announced that they had put new protocols in place to prevent similar social engineering attacks. According to the blogs, one of the initial actions taken by Twitter was to secure and revoke access to internal systems in order to prevent attackers from gaining further access to our systems or individual accounts. Secondly, Twitter establishes an environment of zero trust by shutting down the user accounts of all employees and requiring each employee to change their password under supervision (Twitter, 2020). In an article published by Moon (2020), Twitter stated that they implemented new background check protocols for employees with access to administrative tools
  • 12.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 12 and user data. In addition, Moon (2020) further noted that Twitter has made it mandatory for all employees involved in awareness training for future social engineering scams (Moon, 2020). Moreover, Twitter has implemented an event and security information management system, which is an anomaly detection system that records account usage, identifies insider threats, threat actors, and malicious intent (DFS, 2020). Conclusion In conclusion, this document examined the attack methods used against Twitter in the July 15 spear phishing attack. It was reported that cybercriminals employed rudimentary social engineering techniques to deceive Twitter’s employees into divulging sensitive information that was then used to compromise Twitter user accounts and initiate a bitcoin scam. This cyberattack demonstrates that large social media companies with essential infrastructures, such as Twitter, must be governed by stricter regulatory bodies. As a result of the attack, it taught Twitter some valuable lessons such as maintaining constant monitoring, improved authentication, and access control strategies. It also taught about the risks and cyber threats associated with working remotely.
  • 13.
    13 Part 1B: CyberKill Chain Exploitation Delivery The attackers exploited the human vulnerabilities of Twitter employees obtained their account credentials from the phishing website, then used it to access Twitters internal system. Once inside Twitter network the attackers exploited Twitters access control system and targeted other employees who had access to account control. Weaponization The attackers then contacted Twitters employees, pretending to from Twitters IT helpdesk in response to a VPN issues. The attackers then used a social engineering technique known as phone spear phishing attack to direct Twitter employees to log into a phishing website that resembled Twitter’s VPN connection website. External Reconnaissance The attackers then used the LinkedIn information collected on Twitter employees to create a phishing website which resembles Twitters original VPN website. The hackers initiated their attack by searching LinkedIn for Twitter employees who were likely to have administrative privileges. Then the attackers posed as job recruiters on LinkedIn, obtained the mobile contact details of each Twitter employee and contacted them.
  • 14.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 14 Obfuscation Assault The hackers did not cover their digital footprints in order to divert the forensic investigation process that follows. All accomplices involved in the hack were arrested and charge not many days after the cyber incident. Sustainment The attackers seized control of several Twitter OG accounts who then advertised their sale in exchange for bitcoin. In addition to displaying screenshots of Twitter’s internal tools to persuade buyers. The attackers then escalated their assault by targeting verified user accounts to launch a bitcoin scam. Also, the attackers hijacked the accounts of several cryptocurrency traders and companies to promote a fraudulent bitcoin scam. Finally, the attackers then sent direct messages to numerous Twitter users requesting bitcoin payments to a bitcoin scam address. Exfiltration The attackers maintained their presence on Twitters internal network for several hours and remained undetected while freely roaming in the network for additional information that is valuable. The attackers infiltrate Twitters internal system seized controls of several employee user accounts. Then extract sensitive data from Twitters intranet to learn about how to access other internal applications. Note: As the primary objective of the attackers is to obtain access to the user's endpoint as a point of entry, stopping the attack at the employees' endpoints could drastically reduce the likelihood of success.
  • 15.
    15 Part 2: DisasterRecovery and Business Continuity A Brief Review of The Incident On June 8, 2021, Fastly’s Content Deliver Network (CDN) experienced a global internet outage that impacted the delivery of services to its many clients for nearly an hour. According to Medina (2021), Fastly claimed responsibility for the outage and stated that the incident was caused by software update which they deployed on May 12, 2021. In another report, Nick Rockwell the senior vice president of engineering and infrastructure at Fastly added that the software update contained a vulnerability which was triggered when one of its customers changed their configuration settings (Rockwell, 2021). Fastly mitigated the incident and restored 95% of its network in 49 minutes. How Should Affected Companies Respond According to Ryan Sumner, Chief Architect at IBM cloud, a content delivery network (CDN) is a network of servers that are geographically dispersed and enable faster web performance by locating cache copies of web content closer to users (Sumner, 2019). As a result of the benefits of CDN, website publishers typically acquire CDN services to expedite the transmission of web content, reduce wait time and bandwidth usage, and reduce the cost and complexity of implementing their own infrastructure (Sumner, 2019). Although CDN services promises website availability and efficiency, the outage at Fastly shows that the service is not always reliable. Considering the recent Fastly outage Medina (2021), reported that some of Fastly’s customers were able to minimize the impact to their services by leveraging alternative providers to deliver content. For this reason, affected companies can implement the use of
  • 16.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 16 alternative CDN providers as an incident response and disaster recovery strategy. By utilizing alternative CDN providers, website publishing companies can ensure business continuity, as content delivery will continue in the event that the primary CDN provider experiences a service interruption. This strategy also, reduces the risk of congestion or failure in a a single network (Hazout, 2023). Business Continuity Information Security Policy 1. Business Continuity Plan Category Administrative & Management Author Damaine Franklin - CISO Approved By Roy Davis – CEO Policy No. V 1.1, 08/15/23 Policy Date May 22, 2023 Protecive Marking Confidential 1.1. Overview The purpose of this business continuity plan is to safeguard the critical business processes and services from the effects of major systems failures exemplified by the global outage experienced on June 8, 2021. This disruption demonstrated the significance of business continuity and information security policies in assuring the continued operation of vital services. As a result, Fastly primary objective in the event of any disruption to our services, is to restore normal operation as quickly as feasible with minimal impact on our valued customers.
  • 17.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 17 1.2. Policy Statement This policy has been established to ensure the business continuity of Fastly’s services as a leading content delivery network service provider. We value the satisfaction of our customers and strive to maintain a long-term partnership both now and in the future. Our dedication to our customers entails the implementation of a thoroughly evaluated and sturdy business continuity strategy, with the aim of guaranteeing the resilience and effective functioning of the services we provide. 1.3. Scope of the Policy This policy applies to the incident response and disaster recovery department and staff at Fastly. This policy must be communicated effectively and ensure that all parties are in full compliance with this policy. Any violation of this policy will be considered professional misconduct, and offenders will be disciplined. 1.4. Maintenance Fastly’s chief information security officer (CISO) is responsible for the maintenance and revision of this policy document. 1.5. Roles and Responsibilities The management of Fastly has delegated the task of ensuring business continuity in the event of service disruption to the following team members. Name Role Responsibility Extensions Damaine Franklin CISO Enforce Policy guidelines and provide report to the CEO. 4112 Mike Brown CTO Coordinate with relevant team members to ensure network restoration 4105 Luke York IT Manager Ensure the availability of network services. 4141 Pub. Rela. Officer Dane Brown Ensure quality assurance with customers and stakeholders. 4111
  • 18.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 18 1.6. Reporting Policy • In accordance with the guidelines outlined in this policy document, the chief information security officer must submit a monthly report to the chief executive officer outlining the measures in place to ensure business continuity and disaster recovery. • The public relation officer shall not disseminate any information to the public without the express authorization of the chief executive officer. 1.7. Restoration Policy • In the event of a disruption of services, the CISO shall coordinate with the IT manager to activate the incident response team. • The CTO shall provide the IT manager with the resource requirements to restore normal operation of the content delivery network. • The IT manager shall supervise the incident response team and ensure that all necessary measures are taken to restore network services. 1.8. Policy Compliance If you do not understand the implications of this policy and how it applies to you, consult the chief information officer for assistance for advice.
  • 19.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 19 Part 3: Security Management Questions The Benefits of ISO/IEC 27001 Certification. According to Calde (2018), information security is one of the most important concerns for businesses in modern society due to the value and volume of the data that drives their operations. In order to protect this valuable asset from sophisticated cyber threats and associated risks, a growing number of organizations are turning to established industry standards and frameworks to make substantial and meaningful enhancements to their information security management system (Dawson, 2019). When considering which industry standard to adopt, Calder (2018), noted that organizations may experience a sense of being overwhelmed due to the multitude of available alternatives. Among these alternatives is the ISO/IEC 27001, which is designed for those organizations whose business is information security. With this standard, Calder (2018) further noted that it is the only international standard established for auditing information security management systems and sets the baseline for its system requirements. In addition to adopting this standard, several organizations also sought certification which when achieved, build a level of trust, confidence, organizational excellence and position an organization as an attract prospects for investors (Dawson, 2019). There are numerous benefits associated with the adoption of ISO/IEC 27001 standards, and I have outlined a selection of notable ones in the table below.
  • 20.
    20 The Benefits ofISO/IEC 27001 Certification. Business Risk Business Need Benefits Failure to adequately protect customer information. To reduce the risk and maintain customer data confidentiality Reduced Risk: 1. Improves information security by reducing the likelihood and impact of information security risks when breaches occur. 2. Provides better awareness and understanding of risk. Loss of customers and investors through damaged reputation from information breach. Prevent reputational damage from data breaches Protects Business Reputation: 1. Provides tools necessary to strengthen organizational information security systems, fostering a high level of trust and confidence between the organization, its customers, and its investors. Penalties associated with non-compliance Avoid regulatory fines Regulatory Compliance: 1. Helps an organization meet the legal and regulatory requirements for doing business in certain jurisdiction. Interruption to internal business operational procedures To designate specific duties and responsibilities in order to improve information security system management. Systematic Approach: 1. Improved structure and focus of all parties involved in the manager of the ISMS.
  • 21.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 21 Business Risk Business Need Benefits Consuming too much time, resource, and labor on repeated customer auditing Reduces time and resource on repeated auditing. Reduces Frequent Audit: 1. Reduces the need for repeat customer audits. Excessive expenditures on data security due to inappropriate business practices Reduce expenditure caused by inappropriate business practices regarding data security. Reduce Cost: 1. Reduces the cost associated with consequences of data breaches. Loss of business opportunities and contracts Attract business opportunities and contracts. Increase Business Opportunities: 1. Create recognition by business associates, government agencies and large organizations.
  • 22.
    22 Recommended Audit On July15, 2020, social media giant Twitter experienced a phone spear phishing attack that affected affect its internal network, composed several user accounts, and launch a bitcoin scam. The was a nightmare experience for Twitter and brought the company to its knees as they had to create an environment of zero trust in order to restore normal operations. According to Muneer (n.d.) the success of the attack was due to several vulnerabilities found in Twitters cyber security protocols such as lack of dedicated personal with responsibility to safeguard information security, inadequate access controls and poor monitoring systems among others. Although Twitter had some number of safeguards in place, they were inadequate to prevent the twitter attack. Twitter in a July 30, 2020, blob stated that there have been concerns following this incident around the tool and levels of employee access as at the time of the incident more than 1000 employees had access to Twitter information systems (Twitter, 2020). It was reported in the Twitter investigation report that at the beginning of the year, the IT Department guided the regulated units to assess and determine the pandemic's novel security risks. However, based on the report, Twitter did not implement any risk mitigation controls after March 2020 to manage the remote working risks (DFS, 2020). This presented an opportunity for the hackers to leverage. The problem would have been identified easily and fast with the regular recertification of access to the account for the changed responsibilities and roles. According to Twitter's investigation report (2020), the attack on Twitter demonstrates that a cybersecurity vulnerability can have a far-reaching effect. The report found that a large social media company like Twitter lacked adequate cybersecurity protection and did not have a chief information security officer at the time of the attack. Although Twitter is subject to a
  • 23.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 23 number of regulations, such as the Securities and Exchange Commission, the Federal Trade Commission, and the New York SHIELD Act, the report notes that these regulations also apply to other companies; therefore, a dedicated regulator for social media companies is required. An important finding heighted in the report stated that Twitter and other large social media companies lack a dedicated cybersecurity regulatory framework; instead, they are self-regulated and bear no responsibility for significant cybersecurity breaches (DFS, 2020). The Twitter hack shows the problems of being self-regulated and highlighted the significance of regulatory guidance. The report further noted that it is imperative to establish proper controls in place to address the ever-evolving risks (DFS, 2020). Based on the previous discussion, it is obvious that Twitter was not in compliance with any dedicated regulatory institution that governs privacy and security of its information security systems. In context of this Twitter incident, an audit conducted in accordance with standards of ISO/IEC 27001 would have uncovered the vulnerabilities in Twitter’s system and reduced the impact of this attack. The ISO/IEC 27001 is the only standard which is specifically established to audit information security management systems and set the baseline for its systems requirements (ISO, 2013). Section 9.2 of the ISO/IEC 27001 framework contains guidelines for conducting internal auditing such as its planning, implementation, and maintenance. In addition, the ISO/IEC 27001 standard auditing guidelines ensure that an organization’s information system has adequate controls in place to reduce the likelihood of cyber incidents and the potential risks. If vulnerabilities are discovered during the auditing process, the ISO/IEC 27001 standard provides the necessary guidelines for mitigating those vulnerabilities.
  • 24.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 24 Risk Management Process Given the incident described in Part 2, the ISO 31000 risk management framework would offer Fastly substantial benefits in preventing a repeat of the disruption to their services cause by an outage which occurred on June 8, 2021. ISO 31000 was published as a standard on the 13th of November 2009 and provides a standard and guidelines for the implementation of risk management (Scannell & Curkovic, 2013). According to Scannell & Curkovic (2013), this risk management framework can be used by any organization regardless of its industry, size, or activity. This risk management framework provides organizations with a proactive approach to identifying, analyzing, evaluating, treating risks, and allocating resources for risk treatment more effectively (ISO, 2018). Each step of the risk management process is detailed below. • Establishing Context: At this first step Fastly is required to establish the context. This is a clear understanding of the type of industry, the jurisdiction which the company operates in and the laws and regulations which govern business operations in that jurisdiction. • Risk Assessment: Now that Fastly has established the context in which their company operates, the second step is to assess the risk by identification, analysis, and evaluation. Risk identification is the first stage, which entails assessing Fastly’s assets to determine its vulnerabilities and potential threats. Once the risk is identified, an analysis is conducted on the risk to determine the likelihood and impact level of the risk. The impact level of the risk can be classified as either significant, minor, moderate, major, or catastrophic. After the risk analysis, an evolution of the risk is performed to prioritize the risk. This is done by assigning values to the risk to indicate its level of severity such as high medium or low.
  • 25.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 25 • Risk Treatment: During the risk treatment stage, controls are designed and implemented to decrease the likelihood of the risk such as occasionally, seldom, frequently, or unlikely. The risk treatment also involves an impact assessment, a decision to either avoid the risk entirely or transfer the risk to third-party control management. • Monitoring and Review: Following the risk assessment, monitoring, and reviewing procedures are implemented. This guarantees that Fastly has a resilient, proactive, and ever-evolving risk assessment management process. • Communication and Consultation: At this final stage, Fastly is required to open a line of communication especially among the impacted asset's primary stakeholders. This ensures that all stakeholders involved are made aware of and understand the decisions surrounding the actions taken and the choice of treatment selected.
  • 26.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 26 References BBC, 2020. Twitter hack: Staff tricked by phone spear-phishing scam. [Online] Available at: https://www.bbc.com/news/technology-53607374 [Accessed 31 July 2023]. Calder, A., 2018. Information Security & ISO 27001: An Introduction. s.l.:s.n. Dawson, S., 2019. The Benefits of Implementing ISO 27001. [Online] Available at: https://www.thecoresolution.com/the-benefits-of-implementing-iso-27001 [Accessed 19 August 2023]. DFS, 2020. Twitter Investigation Report, New York: Department of Financial Services. Fadhil, H. S., 2023. Social Engineering Attacks Techniques. International Journal of Progresive Research in Engineering Management and Science, 03(01), pp. 18-20. Hazout, R., 2023. Multi-CDN Strategy: Benefits And Best Practices. [Online] Available at: https://www.ioriver.io/blog/multi-cdn-strategy [Accessed 14 August 2023]. Iyengar, R., 2020. CNN Business. [Online] Available at: https://edition.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill- gates/index.html [Accessed 29 July 2023].
  • 27.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 27 Medina, A., 2021. Inside the Fastly Outage: Analysis and Lessons Learned. [Online] Available at: https://www.thousandeyes.com/blog/inside-the-fastly-outage-analysis-and-lessons- learned [Accessed 14 August 2023]. Moon, M., 2020. Twitter's changes since the June attack include requiring security keys. [Online] Available at: https://www.engadget.com/twitters-security-changes-july-attack-054328827.html [Accessed 11 August 2023]. Muneer, A., n.d. 2020 Phishing Attack on Twitter, its Analysis and Countermeasures, London: Northumbria University. NDCA, 2020. Three Individuals Charged For Alleged Roles In Twitter Hack. [Online] Available at: https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles- twitter-hack [Accessed 31 July 2023]. Popper, N. & Conger, K., 2020. Hackers Tell the Story of the Twitter Attack From the Inside. [Online] Available at: https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html [Accessed 10 August 2023]. Rockwell, N., 2021. Summary of June 8 outage. [Online] Available at: https://www.fastly.com/blog/summary-of-june-8-outage [Accessed 14 August 2023].
  • 28.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 28 Statista, 2023. Most commonly reported cyber crime categories worldwide in 2022, by number of individuals affected. [Online] Available at: https://www.statista.com/statistics/184083/commonly-reported-types-of-cyber- crime-global/ [Accessed 30 July 2023]. Suciu, P., 2020. Forbes. [Online] Available at: https://www.forbes.com/sites/petersuciu/2020/08/01/twitter-spear-phishing-attack- highlights-security-weaknesses-of-social-media/?sh=651f9f027a29 [Accessed 29 July 2023]. Sumner, R., 2019. What is a Content Delivery Network (CDN)?. [Online] Available at: https://www.ibm.com/topics/content-delivery-networks [Accessed 14 August 2023]. Thompson, N. & Barrett, B., 2020. How Twitter Survived Its Biggest Hack—and Plans to Stop the Next One. [Online] Available at: https://www.wired.com/story/inside-twitter-hack-election-plan/ [Accessed 8 August 2023]. Twitter, 2020. An update on our security incident. [Online] Available at: https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security- incident [Accessed 8 August 2023].
  • 29.
    Security Management –Assignment 1 a1-Franklin-R2104D12054733 29 Witman, P. & Mackelprang, S. M., 2021. The 2020 Twitter Hack – So Many Lessons to Be Learned. Journal of Cybersecurity Education, Research and Practice, 2(2), pp. 1-11.