Disha NEET Physics Guide for classes 11 and 12.pdf
MATH215 Introduction To Analysis.docx
1. MATH215 Introduction To Analysis
Answers:
Introduction:
The Organization is a locally based small automated production company that facilitates
printing labels required in cardboard packaging. The Company has recently understood the
need for an incident response framework for reporting incidents (Shinde and Kulkarni
2021). The paper guides through the suitable incident response methodology to be selected.
The key terminologies related to pre-incident response are described. Next, the procedures
associated with detection are described along with critical components of security, types of
attacks and key terms of attacks. Further, the processes of handling incidents are narrated
along with the duties of the response teams. Finally, the paper explains the stages of
responding to an incident.
Incident Response Methodology:
The Company being automated are vulnerable to a wide range of attacks and issues that can
hamper the effectiveness of business operations. Incident Response facilities are the sets of
information security policies and guidelines describing best practices for identifying
containment and eliminating security threats and issues. Incident responses are structured
processes used by the Organization to deal with network security issues. The goal of
incident response is to manage an incident effectively, limiting the damages, loss of time and
cost, and collateral damages like hampering the reputation of the Company. The
Organization needs a clear plan for incident response. Thus, the paper selects the National
Institute of Standards and Technology incident response framework that has provided the
company’s standards, guidelines, and recommendations.
The NIST framework for incident response is cyclical activities that help with continuous
improvement, advancement and learning ways to protect the Organization from incidents
adhering to the best practices (Calder 2018). The four vital stages of the framework include
the preparation for the incident, detection or analysis of the incident, containment or
eradication of the issue and recovery from the incident (Staves et al. 2022). The process
needs the framework to identify the incident responding capabilities of the Company, the
creation of guidelines and procedures and a response plan. The incident response process
2. starts from preparation for a wide range of incidents and deriving methods to prevent
incident occurrence. Next, the incidents are detected as occurrences and analyzed for
selecting the best procedures. The Procedures are deployed to eradicate or contain the
incident. The incidents are monitored necessarily and addressed over a long period.
Identify Key Pre-Incident Response Preparation:
Preparation is the foundation of efficient incident response. Investigators have no prior
knowledge of the occurrence of the incident. Thus, controlling incidents are almost out of
control. Preparation for response involves obtaining tools and procedures for incident
response and taking actions for the networks and systems that are part of the Company.
Preparation of the Organization for developing strategies to make the operations and
incident response efficient and proactive (Carter, Drury and Amlot 2020). The Organization
needs to implement network-based security procedures, train the employees, employ the
intrusion detection system, create a perfect access control system, perform vulnerability
assessment with time, and ensure regular backups.
The preparation process for the incidents starts with prioritizing the assets of the Company
and capturing various baselines. A list of users, networks, databases, applications, and key
assets is identified according to their impact on the Company’s operation (Wild et al. 2020).
The asset values are quantified to accuracy. Traffic baselines and patterns are captured to
derive what is normal for the Company. These patterns and baselines provide the
foundation for spotting anomalies of potential incidents (Smith et al. 2021). The employees
need to be connected, communicated, and collaborated with to understand security
measures of the Company’s security measures, current security structure, reviewing
industry trends, and key concerning areas. The actions are taken on the Company for giving
direction and documentation of actions and delivery of regular updates. The team members
are needed to give ample instruction, direction and guidance of their responsibilities and
role in the Company.
Procedures Associated With Detection:
The incident response framework gives the foundation for the Company’s incident
detection procedures to be adopted. Incident detection is not a generalized term that
signifies corporate data protection and cybersecurity. The detection method is a rigid
method that watches out and detects new attacks to the network and system, forming
preventive measures building teams and protocols for action in case vulnerability arises
(Lin et al. 2020). The incident detection makes sure that the employees are aligned to the
Company’s goal regarding network security. However, there has been an increased
ignorance towards detecting security alerts as it often leads to fatigue and is
counterproductive. The managers have stated that they face problems while deciding and
analyzing incidents as critical or a lower risk does not require higher levels of attention to
be solved. Thus, a feasible procedure is needed to detect incidents in the Company. The
3. procedures for secure incident detection need identification levels of the criticality of the
problem.
The process starts with contextualizing the problems according to their level of risk to the
system to prioritize the possible alerts of critical tasks with urgency. There should be a
grounded infrastructure for the hierarchy of risk present for developing risk management.
The Company has to identify the false alarms while facing new alerts. The incidents that
occur are reviewed and analyzed to collect facts about the respective incident detected.
Real-time detection should be done by implementing technological solutions to automate
the detection and prioritization of risks and send appropriate alerts to dedicated personnel
(Thaika, Tasneeyapant and Cheamanunkul 2018). Tools are available in the market that
enhances manual incident detection capabilities. The Company is resilient towards being up
to date about the latest attacks to detect one when it occurs.
Network Security:
The Company has been operating locally, a small automation-based production line offering
printing label service for cardboard packages. Being automation-based and having a
wireless network for communication among employees throughout the Organization makes
the Company vulnerable to attacks. The Company stores its whole database in a central
server, making it susceptible to risks. The automated production network needs to be
sealed at the beginning by the implementation of a production firewall along with a firewall
for other automated operations in the system to create an infrastructure for a multi-layered
defense mechanism for the Company safeguarding their critical production line.
The CCTV is connected to the server are needed to be updated with the best security
measures and passwords for accessing video files. The WIFI network is needed to secure by
moving it to a secure location. Subnets are needed to be created to isolate guests, admins
and departments of employees. The WIFI needs to have a unique Service Set Identifier name
and a strong password, and the network needs to be encrypted for further security (Tran,
Le and Vo 2018). The database of the Company needs to have real-time monitoring facilities
to detect security incidents (Chen 2020). The database is needed to be backed up regularly
to secure the data. There should be enhanced user authentication in the database.
Critical Components:
Security considerations are important to be understood for improving the Company’s
network security and risk management. Designing a strategy is important to secure the
Company as it is mostly operated automatically. The attacks originate mainly from the point
of sale (PoS) system, third-party vendors and unprotected data. The practices need to
evolve with the recent technological trends of various cyberattack probabilities. Security
measures are needed to protect the Company’s valuable data from unlawful distribution
and theft. The most basic step needed in the Company is the implementation of multiple
4. firewalls over the production line, network and database for keeping unwanted personnel
to breach the Company.
The WIFI network should be able to police the traffic flow in the Company with effective
measures for security. The WIFI must have WIFI protected access 2 (WPA2), a form of
encryption used to secure the network with encryption keys for access (Kwon and Choi
2020). The database of the Company is needed to be secured by controlling user access and
conducting regular backups to secure the data. The database can also be encrypted for
further security of access. The hardware devices of the production line that helps in
automation are needed to be hardened, and communication among the members must be
secured (Gazzan and Alqahtani 2021). There should be the presence of real-time monitoring
and management of risks. There should be an ecosystem of tools and measures to achieve
end-to-end security to automated systems.
Attack Types:
Cyberattacks are common to companies that operate over the internet and are vulnerable to
various cyberattack types, hampering organizational operations’ capabilities. The attacks
have been developing with the recent technological advancements. Thus, the type of attacks
needs to be understood to protect the Company. The attacks can range from
The Company can face trouble with compromised credentials such as usernames and
passwords that unauthorized personnel can access, leading to attacks.
Credentials are often stolen, making the system vulnerable to access from the attacker.
Malicious employees can harm the Company from the inside exploiting the vulnerabilities
that affect the system (Miller et al.2021).
Unencrypted data are vulnerable to attacks, leading to a lack of data confidentiality.
Cyber-extortion is common with various attacks targeted to the Company leading to serious
breaches (Roškot, Wanasika and Kroupova 2020).
The relationship between the system and its users are needed to be regulated by securing
the domain of communication.
The software and hardware components are needed to be patched accordingly so that
unpatched vulnerabilities of the Company are needed to be secured.
Security breaches can happen over the WIFI network with targeted attacks to compromise
network security.
The database can be breached with scripting attacks exploiting the vulnerabilities.
Key Terms:
Cybersecurity attacks and threats are common in automated service-based companies. The
key attacks that occur in the label printing company are:
The intrusion of Network- The unauthorized access of the network must be mitigated to
stop data theft, traffic flooding and uneven multi-routing.
5. Ransomware: The Company’s system, network, or data are held hostage by unfair
encryption for extortion of money from the victim (Reshmi 2021).
Brute force attacks: The attacks that exert forceful attempts for gaining access to authorized
accounts
Attack from SQL injection: The database of the Company is vulnerable to attacks from SQL
commands being injected for modification or deletion of data.
Denial of Service Attacks- The denial of service attacks is designed to overwhelm the
system’s resources where the system cannot conduct service requests. During Distributed
denial of service attacks, the victim company fails to avail services to user access (Bhatia,
Behal and Ahmed 2018).
Phishing Attacks: The attacks are conducted to imitate being a trusted source to gain
confidential information by combining technical tricks and social engineering. The attacks
are conducted by sending unauthorized links and attachments that are communicated
around the business
Malware attacks: Malwares are suspicious software installed in automated systems without
consent, leading to data infection by allowing transmission using file infectors, boot-record
infectors, Trojans, and worms.
A cross-site XXS scripting attack occurs when malicious data infects the network by
executing malicious scripts.
Eavesdropping attacks: The attack commonly intrudes on network security by gaining
confidential information from active or passive eavesdropping.
Incident Handling Procedures:
The NIST incident framework has guidelines for the Company to handle various security
incidents and effectively manage problems. The NIST framework provides a strategy for
handling, containing and eradicating incidents before the incident can harm the Company
by increasing damage. The incident containment and handling involve developing a
remediation strategy requiring active decision making. The management strategies of
incidents vary according to the level of priority of the risk (Akkuzu, Aziz and Liu 2018). The
different strategies for containment of every incident with the criteria for protection are
stated clearly for facilitating decision making.
The strategies are needed to be developed by determining the criteria for the incident
handling, including:
Chances of theft of Company’s resources and potential damage to operations
Need of preservation of pieces of evidence found
Availability of services from network connectivity to database access
Effectiveness of the strategy to mitigate network attacks
The duration of solving the issues.
The attackers can be sent to sandboxes, a type of containment to monitor the attacker’s
activities and gather more evidence. The incidents as they occur need to be isolated once
6. identified. The indicators of compromise are needed to be identified to understand the
effectiveness of the isolation procedure (Sasahara et al. 2021). The backups are needed to
be collected to understand whether the system could be contained or not. Forensic images
are needed to be created to understand how the system is affected to facilitate better
investigation
Response Team:
An incident response team consists of employees focused on responding to the
organisation’s incidents, protecting it from cyber-attacks, system failures, and data
breaches. The different roles in the responding team are a team leader, a lead investigating
officer, communication liaison, legal representatives and risk analysts. The three main types
of response teams are termed as Computer Security Incident Response Team (CSIRT),
Security Operations Centre (SOC) and Computer Emergency Response Team (CERT). The
CSIRT is the team that facilitates the prevention, detection and response of incidents for
incident reporting (Rantos et al. 2020). The SOC covers a broader scope of security
measures directed for incident response by monitoring and securing systems. CERT is
involved with operations like the CSIRT and focuses mainly on partnership and
collaboration with law enforcement, government industries and academies (Ballaranoa and
Macinab 2019). The CERT develops threat intelligence and configures best practices for
security responses.
An effective response team comprises a Team leader responsible for coordinating activities
performed by the team by reporting them to the upper-level management. Communication
liaisons manage the employees’ communication regarding the incidents stakeholders are
being perfectly involved. The lead investigator is focused on investigating the incident,
guiding efforts of other risk analysts facilitating in-depth evaluation. The business risk
analysts and researchers support the primary investigator facilitating threat intelligence
with context. The Company’s legal representative gives legal guidelines regarding
interaction and compliance with law agencies and regulates standards for forensics.
Selecting the right team with the correct personnel to manage various aspects of the
incident is vital.
Stages Of A Response:
There are four stages of responding to an incident in the Company adhering to the NIST
incident response framework: preparation, detection with analysis, containment and
eradication, and post-incident activities. The stages of response start from preparation for
the incident by preparing for the following incidents and identifying their importance,
which is critical for the Company. There must be a baseline for monitoring pre-incident
activities to determine what is needed to be investigated further. The type of the events is
derived for further investigation with the creation of steps of response before the incident
occur.
7. The next stage lies in Detection with Analysis, where detection controls data collection from
the system and identifies pre-indicators and precursors that might affect the Company. The
analysis facilitates the identification of a normal activity baseline correlating to recent
incidents and checking how the incident is a deviation from the normal behaviour. The aim
for containment and eradication is to mitigate the attacks by overwhelming resources or
damaging operations. The strategy of containing incidents depends on the levels of damages
that can occur from incidents, the need for critical services for the Company and the
duration of incident containment. It is important to identify the attackers and validate
services for containing incidents. The containment allows blocking communication between
the Company and the attacker (Thompson 2018). The final step contains the documentation
of post-incident activities for improving the overall process. The incident findings are
recorded, and the policies and guidelines for the Company to avail incident response are
regulated accordingly.
Conclusion:
The local automated label printing shop that helps in cardboard packaging has recently
determined to understand the need for an incident response infrastructure that can
mitigate the company's issues. The paper gives a clear view of the incident response
methodology suitable for the Company and identifies the key pre-incident response. Next,
the explanation is given on the procedures associated with detecting the incident and the
aspects of network security, its critical component, attack type and attack terminologies.
Further, the paper describes the procedures for handling incidents and the main duties of
the response team. Finally, the stages for responding to an incident is described.
References:
Akkuzu, G., Aziz, B. and Liu, H., 2018, July. Feature analysis on the containment time for
cyber security incidents. In 2018 International Conference on Wavelet Analysis and Pattern
Recognition (ICWAPR) (pp. 262-269). IEEE.
Ballaranoa, L. and Macinab, M., 2019. Transformation: volving from SOC to CERT. Next
Generation CERTs, 54, p.82.
Bhatia, S., Behal, S. and Ahmed, I., 2018. Distributed denial of service attacks and defense
mechanisms: current landscape and future directions. In Versatile Cybersecurity (pp. 55-
97). Springer, Cham.
Calder, A., 2018. NIST Cybersecurity Framework: A pocket guide. IT Governance Publishing
Ltd.
Carter, H., Drury, J. and Amlot, R., 2020. Recommendations for improving public
8. engagement with pre-incident information materials for initial response to a chemical,
biological, radiological or nuclear (CBRN) incident: a systematic review. International
Journal of Disaster Risk Reduction, 51, p.101796.
Chen, W., 2020. Intelligent manufacturing production line data monitoring system for
industrial internet of things. Computer communications, 151, pp.31-41.
Gazzan, M., Alqahtani, A. and Sheldon, F.T., 2021, January. Key Factors Influencing the Rise
of Current Ransomware Attacks on Industrial Control Systems. In 2021 IEEE 11th Annual
Computing and Communication Workshop and Conference (CCWC) (pp. 1417-1422). IEEE.
Kwon, S. and Choi, H.K., 2020. Evolution of Wi-Fi protected access: security challenges. IEEE
Consumer Electronics Magazine, 10(1), pp.74-81.
Lin, Y., Li, L., Jing, H., Ran, B. and Sun, D., 2020. Automated traffic incident detection with a
smaller dataset based on generative adversarial networks. Accident Analysis & Prevention,
144, p.105628.
Miller, T., Staves, A., Maesschalck, S., Sturdee, M. and Green, B., 2021. Looking back to look
forward: Lessons learnt from cyber-attacks on Industrial Control Systems. International
Journal of Critical Infrastructure Protection, 35, p.100464.
Rantos, K., Spyros, A., Papanikolaou, A., Kritsas, A., Ilioudis, C. and Katos, V., 2020.
Interoperability challenges in the cybersecurity information sharing ecosystem. Computers,
9(1), p.18.
Reshmi, T.R., 2021. Information security breaches due to ransomware attacks-a systematic
literature review. International Journal of Information Management Data Insights, 1(2),
p.100013.
Roškot, M., Wanasika, I. and Kroupova, Z.K., 2020. Cybercrime in Europe: surprising results
of an expensive lapse. Journal of Business Strategy
Sasahara, H., Ishizaki, T., Imura, J.I. and Sandberg, H., 2021. Disconnection-Aware Attack
Detection and Isolation With Separation-Based Detector Reconfiguration. IEEE Transactions
on Control Systems Technology.
Shinde, N. and Kulkarni, P., 2021. Cyber incident response and planning: a flexible approach.
Computer Fraud & Security, 2021(1), pp.14-19.
Smith, R., Janicke, H., He, Y., Ferra, F. and Albakri, A., 2021. The agile incident response for
industrial control systems (AIR4ICS) framework. Computers & Security, 109, p.102398.
9. Staves, A., Anderson, T., Balderstone, H., Green, B., Gouglidis, A. and Hutchison, D., 2022. A
cyber incident response and recovery framework to support operators of ICS and Critical
National Infrastructure. International Journal of Critical Infrastructure Protection,
p.100505.
Thaika, M., Tasneeyapant, S. and Cheamanunkul, S., 2018, July. A fast, scalable, unsupervised
approach to real-time traffic incident detection. In 2018 15th International Joint Conference
on Computer Science and Software Engineering (JCSSE) (pp. 1-6). IEEE.
Thompson, E.C., 2018. Cybersecurity incident response: How to contain, eradicate, and
recover from incidents. Apress.
Tran, M.A.T., Le, T.N. and Vo, T.P., 2018, November. Smart-config wifi technology using
ESP8266 for low-cost wireless sensor networks. In 2018 International Conference on
Advanced Computing and Applications (ACOMP) (pp. 22-28). IEEE.
Wild, J., Greenberg, N., Moulds, M.L., Sharp, M.L., Fear, N., Harvey, S., Wessely, S. and Bryant,
R.A., 2020. Pre-incident training to build resilience in first responders: recommendations on
what to and what not to do. Psychiatry, 83(2), pp.128-142.