Running head: CYBERSECURITY INCIDENT REPORT 1

Cybersecurity Incident Report

Name of the student

Institutional affiliation

Date
CYBERSECURITY INCIDENT REPORT 2

Introduction

The recent improvement in the mobile industry has revolutionized the whole sectors of

economy exponentially. Bring your device (BYOD) is a new technique in the market that allows

the workers in an individual workplace to come with their tools and use them within the

company. The apparatus may include mobile phones, tablets, laptops and other devices that

connect to the internal network. Although this method is efficient, there are some of the setbacks

it comes along with. When several devices connect to the internal network of a company, then

there are security risks that accompany BYOD policy implementations as a proliferation of

security risks. A correctly implemented network access controls together with the Mobile Device

Management (MDM) tool, mitigates the associated risks with the BYOD policy.

Wireless and Bring Your Own Device Security Plan

Wireless communications refer to information transmissions over a certain distance

without using electrical conductors, cables or wires (Bhatia et al., 2016). With the changing

technology, wireless connections are becoming fundamental for the transfer of information or

data to various devices (Boiten & Wall, 2017). There is a set known as communication, and the

data gets transmitted by air, through the use of electromagnetic waves like the satellite, infrared,

radio frequencies, and so on. The development made in wireless networking has seen the

introduction of a variety of technologies and devices such as Bluetooth, printers, computers, tabs,

laptops and smartphones (Thompson, 2018). The other wireless communication devices that

connect to the server and communicates using wireless medium are cordless satellite television,

computer parts, ZigBee technology, GPS units, mobiles and telephones (Briggs, Jeske &

Coventry, 2017).
CYBERSECURITY INCIDENT REPORT 3

Two fundamental WLAN types connect to the distribution system. The two are the access

points and the client devices such as smartphones and laptops connecting to the network

infrastructure of an organization. The DS gives access to the client’s instruments to the internet

and external networks. In other cases, there is the use of WLAN switches acting as

intermediaries between DS and APS. Switches are significant in that it helps the administrators

in managing the WLAN network as well as the entire infrastructure (Nilsen, Levy, Terrell &

Beyer, 2017).

The WLAN configuration design should get standardized for all the components such as

the APS and the Client devices. The importance of this feature in a network is that it enables the

organization to have a base level of reducing, vulnerabilities, security, and lessening the threats

associated with successful attacks. The standardized configuration improves the predictability

and consistency of the guard, together with awareness activities and training of the users. The

standardized configuration also reduces the time taken by the devices to analyses the threats thus

making the network secure, especially when the security check is automated (Miranda, 2018).

An organization should have their forms of allowed and prohibited connections all the

time. Once this is in place, then the links will be divided into these categories, and the prohibited

ones are blocked out (Russell et al., 2018). The implementation of the policies governing the

authorization should become the sole responsibility of the organization in the following

appropriate security manners:

For All client WLAN devices: all the network devices not authorized for any purpose get

disabled (including during disaster recovery, contingency plans and so on), and implement a

policy that will block the client devices from altering the configurations from their endpoints and

prohibit all dual connected arrangements. Configure the machines, if feasible, to prevent
CYBERSECURITY INCIDENT REPORT 4

bridging. When implementing the bridging, it acts a precautionary measure in case of dual

connectivity within the WLAN. The configuration should allow the dual connections only when

necessary and prohibit the rest of the devices that might want to connect from that point dually.

For the implementation of a stringent BYOD policy, must ensure that all the employees

are aware of the laws and adheres to them. First, the BYOD policy must safeguard the

information that gets to the insecure endpoint devices and directs how the employees should

handle the data to secure customer data. The second step in mitigating the risks associated with

insecurity is to delete the data at the endpoint devices to reduce the risk of exposure by reducing

the surface areas across all devices (Lekota & Coetzee, 2019). The next mitigation plan is to use

such solutions as the mobile iron as an endpoint MDM/security for the mobile enterprise. On the

other hand, tracing the locations of the devices is crucial, and thus utilizing the find my device

service comes into place to secure the devices by erasing these devices safely. Before any

employee or employers use such a network, they have to have either a spyware or antivirus

scanning tools. It is, therefore, the responsibility of the employer and the IT experts to

recommend to their employees the type of spyware and antiviruses to install in the system

(Miranda, 2018).

Tracking Suspicious Device Behavior

Firms must be on the look for any suspicious attacks that might occur over general or

WLAN-specific attacks. There are two types of WLAN-specific attacks: passive and active

attacks.

Passive attacks are the technique that the malicious person or group that is unauthorized

gets access to the network and does not cause any generation, alternation or modifications of the

system but listens to what is going on. The attacker gets to understand the policy by monitoring
CYBERSECURITY INCIDENT REPORT 5

the sharing, the communications and the contents passing from the client to the servers through a

technique called eavesdropping. Another means is the active attacks that can modify, generate or

alter with the information (Boiten & Wall, 2017).

Continuous Improvement Plan

When a new user gets assigned to the network, they are not given access to the database

immediately. The user has to undergo some modifications within the system to enable them to

get administrative privileges. Here a two-step person security confirmation is a requirement

before a user can gain access to the database or streamed outside the same network. On the other

hand, the consideration of the encrypted data if stolen should be in place.

Wired network a more secure as they are not physical to the public unless an individual

has physical access to the company’s network devices and buildings, this makes it more secure,

as in cases of cybercrime, criminals can be easily traced as its exposure depends on who has

physical access to the company’s network facilities or building (Nilsen et al., 2017). Also,

criminals can be easily noted by security measures put in place by the company before they get

into the building. Though the wired network is relatively safer, it also has some disadvantages.

One mainly being, devices have to be tethered to the router. And thus, for one to use the internet

one is supposed to take one physical location because you have to connect your devices to one

end of the Ethernet port on the network router and the other one to the invention, this restricts

mobility when one is using the network as compared to wireless Wi-Fi network (Russell et al.,

2018). Also, the wired network has a restriction to the range of tools that can connect to, that is,

for one to connect their devices to a wired network their devices must have a port where one

compares with the Ethernet cables (Miranda, 2018). Key network transmitters of the wireless
CYBERSECURITY INCIDENT REPORT 6

network. Which make it so hard for the wired network to be used with devices like a mobile

phone.

The wireless network uses radio waves to connect to any devices that need to be

connected to the company’s network (Lekota & Coetzee, 2019). For one to connect to a wireless

network they don’t have to be physically present at a precise physical location on the company’s

premise but rather be just found within the network coverage proximities, this makes it very

convenience and cheaper to establish in a company as one only needs to buy a wireless network

emitting router, and that single device serves all the other devices with wireless network as

compared to wired network where one has to lay down Ethernet cables that connects the router

and all the accessories that will need to connect to the system (Briggs et al., 2017). This makes

the wired network relatively cumbersome and expensive to set up by a company. When one is

connected and using wireless network one is not supposed to remain in a specific point in order

for them to use the internet, as compared to a wired network where one is supposed to sit in one

particular position where an Ethernet cable port is available in order for them to use the internet,

but rather can move around within the network proximity and still be able to enjoy the network

services

Remote configuration management

Remote management is a feature that enables a network system administrator to have full

control of a system from any point in the company. And can make any required changes to any

part of a network without having to be present physically present, at the part of the system that

needs attention. This makes the task of network administration and management so relaxed and

friendly. In cases of a security issue incident network administrator can shut down or modify

network features to prevent any form of cybercrime without being physically present in the point
CYBERSECURITY INCIDENT REPORT 7

of the crime incident (Lekota & Coetzee, 2019). This improves the company’s cybercrime

response rate as the network can be shut down or controlled from any location at any time

because it does not involve any form of physical movement, which takes time.

A well-installed remote-control system makes sure that in case of any change made on

the system administrator is notified or have a consent of the changes to be made. In other words,

it gives the network administrator the power of allowing or denying the network system from

performing a particular task or variations on the network system. Its works by configuring all the

company’s components and operations into one database and manages it from one central point.

Such that no device is allowed into the organization's network system without the approval of the

security officer in charge of managing the security system, all data and tools traffic first must be

approved from one central point before being allowed into the system (Miranda, 2018).

The working of a remote configuration management system can be based on the creation

of a network portal, where each company’s employee is given a primary identifier that identifies

them in the order, such id acts as a user name to log into the network with a password set by the

user. Such that the information collected by the network portal can be used to determine and

manage all the data traffic of every employee in the company (Steinke et al., 2015). This also

makes sure that for one to use the companies network to access the internet their data traffic will

have to pass through the cybersecurity office in charge of the network management portal, where

they determine the security features of the accessed sites; if it is secure and has no potential risk

to the company’s information system the user is given the permission to access the system

(Nilsen et al., 2017). But, if it has some inherent threats to the company’s information system,

the user is blocked from accessing the site. These features of remote configuration are of great

importance in preventing cybercrimes as it can determine external devices or connections in the

CYBERSECURITY INCIDENT REPORT 8

network system. This is useful in preventing attacks before the happen, and the necessary

measures are taken to counter the attack. This makes cybersecurity task so efficient and making

systems secure (Bhatia et al., 2016). Wi-Fi Protected Access Pre-Shared Key is a security

mechanism on networks used to verify and validate users on Wi-Fi network or wireless

networks. the pre-shared key is not similar to WPA security protocol. Also, the pre-shared key is

not the same as Wi-Fi or network password for point access on the internet. That is a password

let you have access to a point set in a web while a pre-shared key is used to allow computer,

printers and other devices to join or have access to a wireless network. It is used to validate or

authenticate users on a wireless network and make sure that no external devices are connected to

a web.

Apart from Wi-Fi other wireless protocols include Bluetooth, Z-Wave, ZigBee,

6LowPAN, and many others. Bluetooth is a wireless technology standard that operates on 2400-

2483 MHz range within an ISM 2.4 GHz frequency band and allows two different devices with

Bluetooth connection feature to share files over a short-range distance wirelessly. For example,

transfer files between a mobile phone and a computer or between two mobile devices and on the

headset. ZigBee is a standard-based protocol for a personal network with a short-range, it has a

low power operation and high-security measures. Z-Wave is a wireless technology that allows

communication between two smart devices, and it is mainly used for system automation, it is

optimized for reliable and low latency communication of small data packets

Employee Misconduct analysis

The company has adopted the use of bringing your device policy, which allows the

employees to get access to the company’s network through personal devices. This policy is
CYBERSECURITY INCIDENT REPORT 9

riskier as compared to the one where the employees are provided with tools. Among the

misconducts that the employees cause threats to the cybersecurity to include the following:

Sharing the passwords to unauthorized persons

Sharing personal passwords to unauthorized persons increases the chances of

vulnerability to security threats. Once the hackers and malicious persons get access to the

passwords for the logged-in devices, it is easier to gain access to the company’s valuable

information. As a cyber-security incident manager, it is essential to come up with a measure

restricting the employees from sharing passwords (Boiten & Wall, 2017). Understanding the risk

associated with employee misconduct is necessary as it provides favourable room to mitigate the

risk. Clear communication and training towards eradicating the risk of cybersecurity threats. A

risk assessment indicates that employees pose a severe threat to cybersecurity (Briggs et al.,

2017).

Secondly, employees can provide, either intentional or unintentional, information about

devices, information about the network. The CIR manager needs to consider tailored training for

the employees with high-risk potential of misconduct and provide controls in [place to detect and

investigate potential malpractices from the employees (Steinke et al., 2015).

Loss of device.

The principle of bringing your device exposes the company’s security to a higher risk of

hacking, especially when an employee loses their devices. When an unauthorized person gets

access to the equipment, they can quickly get access to the company’s network and compromise

the information.

Cybersecurity threats are among the number one threats that companies in the current

economy face. Researchers have realized that most cases of cybersecurity threats within
CYBERSECURITY INCIDENT REPORT 10

companies happen because of the workers of the company. Employees have played a critical role

in helping cybercriminals, hackers and people with malicious intentions get access to intellectual

property, customer data and financial information en masse (Nilsen et al., 2017).. The influence

from the internal actors in aid of the cybersecurity threat is responsible for both intentional and

unintentional compromise of the company’s data.

An ad-hoc wireless network is an improved wireless connection where the connection

can be made from a device-to-device directly without making a connection through a router or

Wi-Fi access.

Layers of communication in the ad-hoc wireless network are critical with regards to the

vulnerability of the security of a company’s system. In a physical layer, the ad-hoc wireless

network is vulnerable to both passive and active attacks in communication (Zhang et al., 2016).

No centralized authority

The ad-hoc wireless network is vulnerable to security attacks from different malicious

partiers. The ad-hoc wireless network has no centralized power, and hence, its connection is

susceptible to attacks from the internal employees. Operations of the ad-hoc wireless system

work with the assumptions that all the employees operate in utmost good faith, something that

could not be a reality.

The ad-hoc wireless network allows for an on-demand, impromptu connection between

two or more devices without a Wi-Fi connection. Such a relationship is vulnerable because it is

open to attacks such Distributed Denial of services. A malicious user can transfer big files to the

network, which could cause the other devices in the system to hand or get very slow that they

cannot be functional (Bhatia et al., 2016).

CYBERSECURITY INCIDENT REPORT 11

As an incident manager, I could increase the implementation of the use of signal hiding.

This reduces the incidences of attacks and other security threats by unauthorized persons.

Detecting unauthorized access to the network is usually a hard task, especially for the incident

manager because of the continuous collision between the employees and the unauthorized

persons. Some of the potential measures to detect and curb the intruders to the internet

connection include the following methods (Boiten & Wall, 2017).

A provision that all the employees should connect to the company’s network through a

connected network portal reduces the instances of intruders to the system and hence reduces the

cases of security threats (Steinke et al., 2015). Every employee is given a user name and

password that allows them to connect to the internet using their devices. For people who do not

have usernames and passwords to the network, the portal would not be able to use the internet,

and hence, one can easily monitor the users accessing the company’s network (Thompson,

2018).

Secondly, the incident manager should make sure that the employees and all the persons

accessing the company’s network should be assigned IP addresses manually. Since the company

adopted the use of Bring your own device Policy BYOD, it is critical for the company to

manually assign IP addresses to all the devices connected to the network. Service set identifier is

used by the cybersecurity professionals in identifying an individual device from accessing a

particular system. It serves an essential role in the organization since the tools would gain access

to the desired network from a list of available networks (Briggs et al., 2017).

An incident manager should be sensitive to all the loopholes that could easily lead to an

attack or threat to cybersecurity. For example, the case of self-configuring networks, which
CYBERSECURITY INCIDENT REPORT 12

automatically adapts the configuration components without direct human intervention, is likely

to suffer attacks in situations where the system has a denial-of-service attack (Thompson, 2018).

Wireless Traffic analysis

A wireless traffic analysis involves a process in which the forensics and other

investigative leads can be obtained on how the system works. The management, especially the

incident manage, is likely to use the wireless traffic analysis report to learn who, how, and when

certain persons in the network got access to the system (Lekota & Coetzee, 2019).

In the current economy, businesses have adopted the use of wireless networks which

clear guidelines should be followed to avoid attacks, loss of information and other valuable

materials. Wireless traffic analysis is fundamentally crucial for the incident managers to

understand the network access to the networks and by which devices. Report on wireless traffic

allows the manager to identify possible threats to the systems and make a swift decision on

safeguarding the whole situation. As an incident content manager, I would take an approach of

using Event monitoring, trap and trace techniques and full content packet capture to make sure

that the wireless network is not only safe for the company but also for the entire population.

Bring your device policy requires the manager to be critical in the analysis of the network users

because it increases the vulnerability to the company’s networks. Among other issues that the

manager need to consider include watching out on accessing the network outside the working

hours. Regardless of the facts that an employee comes with their device, there must be a

restriction to the network access outside the working hours. Using the network portal, an incident

manager can know which machine is connected to the network at that time. If a particular device

with an individual IP address is connected outside working hours, then the manager can know

and respond accordingly.

CYBERSECURITY INCIDENT REPORT 13

In the future, the organization would worry about the connections and encryption of the

data and networks. Other than encryption is the concept of hiding the system altogether since

when the wireless traffic is not visible, then the risk of vulnerability is low.
CYBERSECURITY INCIDENT REPORT 14

Reference

Bhatia, J., Breaux, T. D., Friedberg, L., Hibshi, H., & Smullen, D. (2016, October). Privacy risk

in cybersecurity data sharing. In Proceedings of the 2016 ACM on Workshop on

Information Sharing and Collaborative Security (pp. 57-64). ACM.

Boiten, E. A., & Wall, D. S. (2017). WannaCry report shows NHS chiefs knew of security

danger, but management took no action.

Briggs, P., Jeske, D., & Coventry, L. (2017, July). The design of messages to improve

cybersecurity incident reporting. In International Conference on Human Aspects of

Information Security, Privacy, and Trust (pp. 3-13). Springer, Cham.

Lekota, F., & Coetzee, M. (2019). Cybersecurity Incident Response for the Sub-Saharan African

Aviation Industry. In International Conference on Cyber Warfare and Security (pp. 536-

XII). Academic Conferences International Limited.

Miranda, M. J. (2018). Enhancing Cybersecurity Awareness Training: A Comprehensive

Phishing Exercise Approach. International Management Review, 14(2), 5-10.

Nilsen, R., Levy, Y., Terrell, S., & Beyer, D. (2017). A Developmental Study on Assessing the

Cybersecurity Competency of Organizational Information System Users.

Steinke, J., Bolunmez, B., Fletcher, L., Wang, V., Tomassetti, A. J., Repchick, K. M., ... &

Tetrick, L. E. (2015). Improving cybersecurity incident response team effectiveness using

teams-based research. IEEE Security & Privacy, 13(4), 20-29.

Russell, S., Jackson, C., Cowles, B., & Avila, K. (2018). 2017 NSF Community Cybersecurity

Benchmarking Survey Report.

Thompson, E. C. (2018). Eradication, Recovery, and Post-incident Review. In Cybersecurity

Incident Response (pp. 117-123). Apress, Berkeley, CA.

CYBERSECURITY INCIDENT REPORT 15

Zhang, Y., Shi, P., Liu, Y., Han, S., Mu, B., & Zheng, J. (2019, April). Study on Incident

Response System of Automotive Cybersecurity. In International Conference on Security

and Privacy in New Computing Environments (pp. 198-209). Springer, Cham.