Potential Malicious Attacks in ACME Inc - Assignment Example

Potential Malicious Attacks in ACME Inc. Potential malicious attacks that could be carried out against the network and organization. 1. Administration Attacks can occur when: There’s no encryption of passwords in transfer Configurations are not kept and no back-up s in place for network devices Passwords exist for an indefinite period on devices used in the network Weak administrative access controls are used There’s sharing of passwords on devices Negligible flow of data control is utilized (e.g. minimum use of virtual local area networks, virtual private networks, or access control lists) 2. Hardware Attacks on hardware can occur when: Non-critical staff has physical access to hardware equipment No definite security perimeter has the system is in place defining access points that must be secured There is insufficient physical security of network equipment 3. Wireless Connections Malicious attacks occur when wireless LAN technology is employed in the system network without proper data protection and/or authentication between access points and clients. The potential impact of malicious attacks When a malicious code attack happens, the main target on restoring operations as quickly as attainable sometimes overrides the will to gather knowledge on the direct prices to respond, the loss of productivity, or different kinds of impact that a malicious code attack has on a company. However understanding the prices related to malicious code attacks and also the impact that attacks will wear their organizations is what allows managers to form choices on what quantity to speculate in countermeasures. Although the methodology needed to trace time expenditures and corresponding value for a company is simple, a decline in productivity could result from a malicious code attack: • Immediate economic impact will embody harm to systems that needs human intervention to renovate or restore, interruption of business operations, and delays in transactions and income. • short economic impact will embody loss of contracts with different organizations in provide chains or the loss of retail sales, negative impact on associate organization's name, and hindrance to developing new business. • long economic impact will embody a decline in market valuation and/or stock worth, erosion of capitalist confidence, and reduced goodwill price. Decreases in productivity of workers or delays so as process or client service responses are often tracked and calculated by department managers. Experience shows that department managers might balk at the request for such knowledge as a result of they're therefore targeted on obtaining operations running swimmingly once more after associate attack. One rational motive that managers will use with people who might resist is that the info they supply can facilitate confirm what quantity ought to be spent on defensive measures so as to cut back the likelihood of future attacks. Proposed security controls against potential malicious attacks Adopting a diverse computing atmosphere offers important security worth for a few enterprises. Include the impact of recent worm attacks in the concerns of desktop software package decisions. a straightforward way to begin this method is to maneuver the setting organization that don't directly support the operating system desktops which don't need applications that area unit solely supported on OS onto an alternate software package or systems. Therefore, in case a malicious-code attack strikes, the desktops that run the choice systems will perform and may scale back the scope and period of the attack. Potential concerns for data loss and data theft Hackers will access networks that don't seem to be properly secured, thieves may gain entry to the workplace and steal instrumentality or employees may carry the information out of the workplace on moveable media. External threats by hackers are expected and also the risks may be reduced through the safety measures mentioned on this web site. Internal threats are harder to anticipate however may be equally devastating to your business. Employees could take away information unwittingly or deliberately for gain or revenge. Data can be taken out of the workplace in USB drives, writable CDs or DVDs, mobile phones or MP3 players. These devices can all hold giant amounts of data that may be a discreet means within which unauthorized persons may copy data. Security controls for data loss and data theft Conduct a risk analysis as part of the organization’s security planning. Create a plan for how to check, identify and counter cases that may occur. Develop personal user accounts for all employees with access the network staff in order to allow control in terms of who can gain entry to the firm’s data by limiting access to files, drives and folders to particular user accounts. Create clear policies for staff accessing the computer network. Train staff on how to handle data that is confidential. Implement access and use policies that summarize the penalty for breaches of the policy to make staff take them seriously. The policy covers: • How differing kinds of information and specifically lead ought to be treated, as well as restrictions on emailing information • use and security of passwords as well as protection access once faraway from the table and work off at the top of the day. • Rules on software installation and computer code • Rules on storage of personal files like video or music on computers • Use of remote access, notably securing instrumentation and or the affiliation from • Who will access business instrumentation and/or information • Details of any watching activity you may undertake, if any • working from home, if allowed, notably secure transfer and storage of information in an exceedingly home setting • Penalties of breaching the policy. (Hill, 2009; Roebuck, 2011; Stewart et al., 2012). References Hill, D. G. (2009). Data protection: governance, risk management, and compliance. Boca Raton, FL: Taylor & Francis. Roebuck, K. (2011). Data loss prevention (DLP). Lexington, KY. Stewart, J. M., Chapple, M., & Gibson, D. (2012). CISSP. Hoboken: John Wiley & Sons. Read More