Professional Documents
Culture Documents
Institutional affiliation
Date
CYBERSECURITY INCIDENT REPORT 2
Introduction
The recent improvement in the mobile industry has revolutionized the whole sectors of
economy exponentially. Bring your device (BYOD) is a new technique in the market that allows
the workers in an individual workplace to come with their tools and use them within the
company. The apparatus may include mobile phones, tablets, laptops and other devices that
connect to the internal network. Although this method is efficient, there are some of the setbacks
it comes along with. When several devices connect to the internal network of a company, then
there are security risks that accompany BYOD policy implementations as a proliferation of
security risks. A correctly implemented network access controls together with the Mobile Device
Management (MDM) tool, mitigates the associated risks with the BYOD policy.
without using electrical conductors, cables or wires (Bhatia et al., 2016). With the changing
technology, wireless connections are becoming fundamental for the transfer of information or
data to various devices (Boiten & Wall, 2017). There is a set known as communication, and the
data gets transmitted by air, through the use of electromagnetic waves like the satellite, infrared,
radio frequencies, and so on. The development made in wireless networking has seen the
introduction of a variety of technologies and devices such as Bluetooth, printers, computers, tabs,
laptops and smartphones (Thompson, 2018). The other wireless communication devices that
connect to the server and communicates using wireless medium are cordless satellite television,
computer parts, ZigBee technology, GPS units, mobiles and telephones (Briggs, Jeske &
Coventry, 2017).
CYBERSECURITY INCIDENT REPORT 3
Two fundamental WLAN types connect to the distribution system. The two are the access
points and the client devices such as smartphones and laptops connecting to the network
infrastructure of an organization. The DS gives access to the client’s instruments to the internet
and external networks. In other cases, there is the use of WLAN switches acting as
intermediaries between DS and APS. Switches are significant in that it helps the administrators
in managing the WLAN network as well as the entire infrastructure (Nilsen, Levy, Terrell &
Beyer, 2017).
The WLAN configuration design should get standardized for all the components such as
the APS and the Client devices. The importance of this feature in a network is that it enables the
organization to have a base level of reducing, vulnerabilities, security, and lessening the threats
associated with successful attacks. The standardized configuration improves the predictability
and consistency of the guard, together with awareness activities and training of the users. The
standardized configuration also reduces the time taken by the devices to analyses the threats thus
making the network secure, especially when the security check is automated (Miranda, 2018).
An organization should have their forms of allowed and prohibited connections all the
time. Once this is in place, then the links will be divided into these categories, and the prohibited
ones are blocked out (Russell et al., 2018). The implementation of the policies governing the
authorization should become the sole responsibility of the organization in the following
For All client WLAN devices: all the network devices not authorized for any purpose get
disabled (including during disaster recovery, contingency plans and so on), and implement a
policy that will block the client devices from altering the configurations from their endpoints and
prohibit all dual connected arrangements. Configure the machines, if feasible, to prevent
CYBERSECURITY INCIDENT REPORT 4
bridging. When implementing the bridging, it acts a precautionary measure in case of dual
connectivity within the WLAN. The configuration should allow the dual connections only when
necessary and prohibit the rest of the devices that might want to connect from that point dually.
For the implementation of a stringent BYOD policy, must ensure that all the employees
are aware of the laws and adheres to them. First, the BYOD policy must safeguard the
information that gets to the insecure endpoint devices and directs how the employees should
handle the data to secure customer data. The second step in mitigating the risks associated with
insecurity is to delete the data at the endpoint devices to reduce the risk of exposure by reducing
the surface areas across all devices (Lekota & Coetzee, 2019). The next mitigation plan is to use
such solutions as the mobile iron as an endpoint MDM/security for the mobile enterprise. On the
other hand, tracing the locations of the devices is crucial, and thus utilizing the find my device
service comes into place to secure the devices by erasing these devices safely. Before any
employee or employers use such a network, they have to have either a spyware or antivirus
scanning tools. It is, therefore, the responsibility of the employer and the IT experts to
recommend to their employees the type of spyware and antiviruses to install in the system
(Miranda, 2018).
Firms must be on the look for any suspicious attacks that might occur over general or
WLAN-specific attacks. There are two types of WLAN-specific attacks: passive and active
attacks.
Passive attacks are the technique that the malicious person or group that is unauthorized
gets access to the network and does not cause any generation, alternation or modifications of the
system but listens to what is going on. The attacker gets to understand the policy by monitoring
CYBERSECURITY INCIDENT REPORT 5
the sharing, the communications and the contents passing from the client to the servers through a
technique called eavesdropping. Another means is the active attacks that can modify, generate or
When a new user gets assigned to the network, they are not given access to the database
immediately. The user has to undergo some modifications within the system to enable them to
before a user can gain access to the database or streamed outside the same network. On the other
Wired network a more secure as they are not physical to the public unless an individual
has physical access to the company’s network devices and buildings, this makes it more secure,
as in cases of cybercrime, criminals can be easily traced as its exposure depends on who has
physical access to the company’s network facilities or building (Nilsen et al., 2017). Also,
criminals can be easily noted by security measures put in place by the company before they get
into the building. Though the wired network is relatively safer, it also has some disadvantages.
One mainly being, devices have to be tethered to the router. And thus, for one to use the internet
one is supposed to take one physical location because you have to connect your devices to one
end of the Ethernet port on the network router and the other one to the invention, this restricts
mobility when one is using the network as compared to wireless Wi-Fi network (Russell et al.,
2018). Also, the wired network has a restriction to the range of tools that can connect to, that is,
for one to connect their devices to a wired network their devices must have a port where one
compares with the Ethernet cables (Miranda, 2018). Key network transmitters of the wireless
CYBERSECURITY INCIDENT REPORT 6
network. Which make it so hard for the wired network to be used with devices like a mobile
phone.
The wireless network uses radio waves to connect to any devices that need to be
connected to the company’s network (Lekota & Coetzee, 2019). For one to connect to a wireless
network they don’t have to be physically present at a precise physical location on the company’s
premise but rather be just found within the network coverage proximities, this makes it very
convenience and cheaper to establish in a company as one only needs to buy a wireless network
emitting router, and that single device serves all the other devices with wireless network as
compared to wired network where one has to lay down Ethernet cables that connects the router
and all the accessories that will need to connect to the system (Briggs et al., 2017). This makes
the wired network relatively cumbersome and expensive to set up by a company. When one is
connected and using wireless network one is not supposed to remain in a specific point in order
for them to use the internet, as compared to a wired network where one is supposed to sit in one
particular position where an Ethernet cable port is available in order for them to use the internet,
but rather can move around within the network proximity and still be able to enjoy the network
services
Remote management is a feature that enables a network system administrator to have full
control of a system from any point in the company. And can make any required changes to any
part of a network without having to be present physically present, at the part of the system that
needs attention. This makes the task of network administration and management so relaxed and
friendly. In cases of a security issue incident network administrator can shut down or modify
network features to prevent any form of cybercrime without being physically present in the point
CYBERSECURITY INCIDENT REPORT 7
of the crime incident (Lekota & Coetzee, 2019). This improves the company’s cybercrime
response rate as the network can be shut down or controlled from any location at any time
because it does not involve any form of physical movement, which takes time.
A well-installed remote-control system makes sure that in case of any change made on
the system administrator is notified or have a consent of the changes to be made. In other words,
it gives the network administrator the power of allowing or denying the network system from
performing a particular task or variations on the network system. Its works by configuring all the
company’s components and operations into one database and manages it from one central point.
Such that no device is allowed into the organization's network system without the approval of the
security officer in charge of managing the security system, all data and tools traffic first must be
approved from one central point before being allowed into the system (Miranda, 2018).
The working of a remote configuration management system can be based on the creation
of a network portal, where each company’s employee is given a primary identifier that identifies
them in the order, such id acts as a user name to log into the network with a password set by the
user. Such that the information collected by the network portal can be used to determine and
manage all the data traffic of every employee in the company (Steinke et al., 2015). This also
makes sure that for one to use the companies network to access the internet their data traffic will
have to pass through the cybersecurity office in charge of the network management portal, where
they determine the security features of the accessed sites; if it is secure and has no potential risk
to the company’s information system the user is given the permission to access the system
(Nilsen et al., 2017). But, if it has some inherent threats to the company’s information system,
the user is blocked from accessing the site. These features of remote configuration are of great
network system. This is useful in preventing attacks before the happen, and the necessary
measures are taken to counter the attack. This makes cybersecurity task so efficient and making
systems secure (Bhatia et al., 2016). Wi-Fi Protected Access Pre-Shared Key is a security
mechanism on networks used to verify and validate users on Wi-Fi network or wireless
networks. the pre-shared key is not similar to WPA security protocol. Also, the pre-shared key is
not the same as Wi-Fi or network password for point access on the internet. That is a password
let you have access to a point set in a web while a pre-shared key is used to allow computer,
printers and other devices to join or have access to a wireless network. It is used to validate or
authenticate users on a wireless network and make sure that no external devices are connected to
a web.
Apart from Wi-Fi other wireless protocols include Bluetooth, Z-Wave, ZigBee,
6LowPAN, and many others. Bluetooth is a wireless technology standard that operates on 2400-
2483 MHz range within an ISM 2.4 GHz frequency band and allows two different devices with
Bluetooth connection feature to share files over a short-range distance wirelessly. For example,
transfer files between a mobile phone and a computer or between two mobile devices and on the
headset. ZigBee is a standard-based protocol for a personal network with a short-range, it has a
low power operation and high-security measures. Z-Wave is a wireless technology that allows
communication between two smart devices, and it is mainly used for system automation, it is
optimized for reliable and low latency communication of small data packets
The company has adopted the use of bringing your device policy, which allows the
employees to get access to the company’s network through personal devices. This policy is
CYBERSECURITY INCIDENT REPORT 9
riskier as compared to the one where the employees are provided with tools. Among the
misconducts that the employees cause threats to the cybersecurity to include the following:
vulnerability to security threats. Once the hackers and malicious persons get access to the
passwords for the logged-in devices, it is easier to gain access to the company’s valuable
restricting the employees from sharing passwords (Boiten & Wall, 2017). Understanding the risk
associated with employee misconduct is necessary as it provides favourable room to mitigate the
risk. Clear communication and training towards eradicating the risk of cybersecurity threats. A
risk assessment indicates that employees pose a severe threat to cybersecurity (Briggs et al.,
2017).
devices, information about the network. The CIR manager needs to consider tailored training for
the employees with high-risk potential of misconduct and provide controls in [place to detect and
Loss of device.
The principle of bringing your device exposes the company’s security to a higher risk of
hacking, especially when an employee loses their devices. When an unauthorized person gets
access to the equipment, they can quickly get access to the company’s network and compromise
the information.
Cybersecurity threats are among the number one threats that companies in the current
economy face. Researchers have realized that most cases of cybersecurity threats within
CYBERSECURITY INCIDENT REPORT 10
companies happen because of the workers of the company. Employees have played a critical role
in helping cybercriminals, hackers and people with malicious intentions get access to intellectual
property, customer data and financial information en masse (Nilsen et al., 2017).. The influence
from the internal actors in aid of the cybersecurity threat is responsible for both intentional and
can be made from a device-to-device directly without making a connection through a router or
Wi-Fi access.
Layers of communication in the ad-hoc wireless network are critical with regards to the
vulnerability of the security of a company’s system. In a physical layer, the ad-hoc wireless
network is vulnerable to both passive and active attacks in communication (Zhang et al., 2016).
No centralized authority
The ad-hoc wireless network is vulnerable to security attacks from different malicious
partiers. The ad-hoc wireless network has no centralized power, and hence, its connection is
susceptible to attacks from the internal employees. Operations of the ad-hoc wireless system
work with the assumptions that all the employees operate in utmost good faith, something that
The ad-hoc wireless network allows for an on-demand, impromptu connection between
two or more devices without a Wi-Fi connection. Such a relationship is vulnerable because it is
open to attacks such Distributed Denial of services. A malicious user can transfer big files to the
network, which could cause the other devices in the system to hand or get very slow that they
As an incident manager, I could increase the implementation of the use of signal hiding.
This reduces the incidences of attacks and other security threats by unauthorized persons.
Detecting unauthorized access to the network is usually a hard task, especially for the incident
manager because of the continuous collision between the employees and the unauthorized
persons. Some of the potential measures to detect and curb the intruders to the internet
A provision that all the employees should connect to the company’s network through a
connected network portal reduces the instances of intruders to the system and hence reduces the
cases of security threats (Steinke et al., 2015). Every employee is given a user name and
password that allows them to connect to the internet using their devices. For people who do not
have usernames and passwords to the network, the portal would not be able to use the internet,
and hence, one can easily monitor the users accessing the company’s network (Thompson,
2018).
Secondly, the incident manager should make sure that the employees and all the persons
accessing the company’s network should be assigned IP addresses manually. Since the company
adopted the use of Bring your own device Policy BYOD, it is critical for the company to
manually assign IP addresses to all the devices connected to the network. Service set identifier is
particular system. It serves an essential role in the organization since the tools would gain access
to the desired network from a list of available networks (Briggs et al., 2017).
An incident manager should be sensitive to all the loopholes that could easily lead to an
attack or threat to cybersecurity. For example, the case of self-configuring networks, which
CYBERSECURITY INCIDENT REPORT 12
automatically adapts the configuration components without direct human intervention, is likely
to suffer attacks in situations where the system has a denial-of-service attack (Thompson, 2018).
A wireless traffic analysis involves a process in which the forensics and other
investigative leads can be obtained on how the system works. The management, especially the
incident manage, is likely to use the wireless traffic analysis report to learn who, how, and when
certain persons in the network got access to the system (Lekota & Coetzee, 2019).
In the current economy, businesses have adopted the use of wireless networks which
clear guidelines should be followed to avoid attacks, loss of information and other valuable
materials. Wireless traffic analysis is fundamentally crucial for the incident managers to
understand the network access to the networks and by which devices. Report on wireless traffic
allows the manager to identify possible threats to the systems and make a swift decision on
safeguarding the whole situation. As an incident content manager, I would take an approach of
using Event monitoring, trap and trace techniques and full content packet capture to make sure
that the wireless network is not only safe for the company but also for the entire population.
Bring your device policy requires the manager to be critical in the analysis of the network users
because it increases the vulnerability to the company’s networks. Among other issues that the
manager need to consider include watching out on accessing the network outside the working
hours. Regardless of the facts that an employee comes with their device, there must be a
restriction to the network access outside the working hours. Using the network portal, an incident
manager can know which machine is connected to the network at that time. If a particular device
with an individual IP address is connected outside working hours, then the manager can know
In the future, the organization would worry about the connections and encryption of the
data and networks. Other than encryption is the concept of hiding the system altogether since
when the wireless traffic is not visible, then the risk of vulnerability is low.
CYBERSECURITY INCIDENT REPORT 14
Reference
Bhatia, J., Breaux, T. D., Friedberg, L., Hibshi, H., & Smullen, D. (2016, October). Privacy risk
Boiten, E. A., & Wall, D. S. (2017). WannaCry report shows NHS chiefs knew of security
Briggs, P., Jeske, D., & Coventry, L. (2017, July). The design of messages to improve
Lekota, F., & Coetzee, M. (2019). Cybersecurity Incident Response for the Sub-Saharan African
Aviation Industry. In International Conference on Cyber Warfare and Security (pp. 536-
Nilsen, R., Levy, Y., Terrell, S., & Beyer, D. (2017). A Developmental Study on Assessing the
Steinke, J., Bolunmez, B., Fletcher, L., Wang, V., Tomassetti, A. J., Repchick, K. M., ... &
Russell, S., Jackson, C., Cowles, B., & Avila, K. (2018). 2017 NSF Community Cybersecurity
Zhang, Y., Shi, P., Liu, Y., Han, S., Mu, B., & Zheng, J. (2019, April). Study on Incident