question archive In this assignment you will be responding to a series of different scenarios
Subject:Computer SciencePrice:15.86 Bought3
In this assignment you will be responding to a series of different scenarios. There is one set of questions that you will use for all scenarios given. The questions will be answered and given in a document that you will be uploading. This is an exercise to get you to think and there are no exact right and wrong answers. You still may need to research some things to answer the questions to the best of your ability so make sure to use APA citations for all sources used if you research anything.
Questions to answer:
1. Who should you notify internally in your organization?
2. Who should you notify external to your organization if any?
3. What resources would you use to resolve the incident?
4. What would be your course of action? How would you recover? (give this in the form of a narrative timeline)
5. How would you prevent (or mitigate) incidents like these in the future?
Scenario #1
An employee casually remarks about how generous it is of state officials to provide the handful of USB drives on the conference room table, embossed with the State logo. After making some inquiries you find there is no state program to provide USB drives to employees. Further investigation subsequently found an unspecified password-stealing keylogger. The spyware was designed to upload stolen usernames and passwords to a server under the control of hackers.
Scenario #2
An employee calls to ask for the password for the Wi-Fi network, indicating they would like to use it on their personal cell phone so they can check Facebook on their lunch break. You don’t have a Wi-Fi network. A scan of the building indicates there are 4 Wi-Fi networks, clearly originating from within government space and broadcasting a variety of names that suggest people are using them for work purposes. In the course of follow-up to this report it is found that all 4 devices are plugged into your hard wired network. Two have logging enabled and show that they are being used by employees for official work purposes
Scenario #3
Upon review of your logs, several of your organization’s internet facing assets are being scanned. After investigation, the scans are originating from what seems to be a legitimate private cyber security company. The private company acknowledges the scans but refuses to disclose any information such as who ordered the scans due to a non-disclosure agreement (NDA). The scans from the same source continue to scan other external facing assets and the private company still refuses to disclose any information.
Computer Security
Scenario 1
According to Pierazzi et al. (2020), attackers use spyware to acquire basic information that may be used later for more sophisticated attacks. In this case, the passwords and identities of users are placed at high risk. Employees at the organization should be educated on the computer malware attacks associated with USB drives. As the internal members of the organization, this knowledge would help them develop a strong code of ethics where they do not inject every USB drive they come across into the company's network. Education of employees would involve hiring experienced cyber security officials, thus the use of financial resources. The course of action to detect spyware attacks should be preparation, detection and analysis, containment, and finally, recovery. In the future, such attacks would be averted by incorporating policy considerations and defensive architecture methods such as segregation of operating systems where every application has a different OS to ensure that the impact of spyware attacks is reduced.
Scenario 2
Public WiFi networks are associated with Man-In-The-Middle attacks where the attackers impersonate a public WiFi service to trick users into connecting. After connecting, the attackers can steal personal information such as personal data, login credentials, and financial information. The organization should strive to inform both its workers and customers on threats of public WiFi. Employees should be asked to stop utilizing such networks to perform organizational tasks, while the customers should be advised to avoid sharing sensitive information. VPNs can be used in a public network since they use unique security protocols and encryption (Skendzic & Kovacic, 2017). The company should thus use a VPN service since it encrypts all data sent in a network whether the WiFi connected to supports encryption or not. Upon similar threats, threat assessment would be conducted through network scanning to check for organization hosts connected to such networks. Any spotted users shall then be subject to disciplinary action. After that, security policies will be reviewed to determine the threshold for law enforcement intervention.
Scenario 3
In this case, the legitimate private company scans the organization's assets but refuses to disclose who ordered the scans. In such a scenario, the organization can consult its security teams and identify the open ports for scanning. Attackers can use these open ports to monitor and access critical resources at the organization. Despite the private company being legitimate, access to a company's network without authorization qualifies to be a security breach. As a result, the organization may feel uncomfortable since a third party is viewing its data. If such cases intensify, the organization should report to a court of law. Almseidin et al. (2017) denote that IDS compare recorded traffics with current traffics to detect new types of intrusion. In its network, it can implement an intrusion detection system (IDS) that analyzes network traffic. As a result, the organization can detect entrance to the network by either attackers or other private companies.