Discussion 2:

1) Work From Home being Exploited : The drift from working in office to working
virtually helped spreading the virus easily for the virtual private networks and their
service providers having weak security systems for themselves, less secured servers
and mail services. Attackers will continuously attack these systems and make them
vulnerable.

2) Blackmailing Athletes : According to the prediction, hackers will blackmail

Olympic athletes regarding drugs taken to increase the performance during Beijing
Olympics by hacking into their personal accounts and knowing about it and blackmail
them to help perform cyber attacks on their countries.

3) Major vaccine producer to be attacked : Another prediction from James Carder

says a major covid-19 vaccine production company will be attacked with
ransomware, and will avoid the booster shots and other vaccines production and
increases foreign import of vaccines.

Reference:
https://www.forbes.com/sites/edwardsegal/2021/12/06/8-crystal-ball-predictions-
about-cyberattacks-in-2022/?sh=56300963257e

Discussion 3:
1) Ransomware attack is one of the common attacks which people neglect but
should be aware of. Attackers also mix more that one attack like DDoS. Other attacks
which end users should be aware of are credential theft,web-based attacks, account
takeover,compromised or stolen devices, zero-day attacks, general malware, SQL
injection, phishing/social engineering, cross-site scripting.

2) Three progressive layers of protection are:

 End point Protection Platform: In this layer each and every file will be checked
before entering into the network.
 End point Detection and Response: This layer continuously keep an eye on the
potential threats and respond to it accordingly. It acts as backup for EPP.
 Extended Detection and Response: This layer is advanced to EDR and with the
stored data compares the incoming file, detects if any threat is there and
respond accordingly.

3) According to me enterprises turning towards AI and ML to fight ransomware will

be more significant because most of the companies and other sectors are opting
virtual engagement for work permanently which is a kind of benefit to the
organizations also and ransomware being the most common attacks during 2020 and
2021 more and more innovations will happen with AI and ML approaches.
Discussion 4:
1) Mandatory Access Control:
 Benefit: MAC is majorly used by military and intelligence agencies to maintain
classification policy access restrictions.
 Disadvantage: MAC systems are very difficult and costly to implement due to the
reliance on trusted components and the necessity for apps to be rewritten to
adhere to MAC labels and properties.
Discretionary Access Control:
 Benefit: DAC is more suitable for home and small business users as it is intuitive
in implementation and it is invisible to users hence it is cost effective.
 Disadvantage: Maintenance and verification of system security principles is very
much difficult in this approach as the user will have the rights over the owned
objects.
Role-based Access Control:
 Benefit: Each role is specified clearly and separated, centralized management of
roles and responsibilities and principles of least privilege is supported unlike
MAC and DAC.
 Disadvantage: This approach suffers from issues with membership, role
inheritance and need for finely grained customized privileges in administrative
level at large environments.

2) I would prefer Role based Access Control for UNCW because a institution will have
different level of committees and also students and employees. Few resources
should be accessible only with specific level of authorities, since role based access
control not only control which resources should be exposed to who but also how to
access the resources if it is being shared by two or more level of authorities.

3) Attribute based access control grants access based on attributes or characteristics

like considering department, time zone, location and the type of access.ABAC is
implemented to reduce risks due to unauthorized access, as it can control security
and access on a more fine-grained basis. This is definitely something our institution
should consider for more secured access to it’s resources. One example for
companies who might get benefited from ABAC are the companies which are into
finance and management, companies storing huge amount of data.

4) I feel all the five steps in the RBAC implementation is very much necessary and
important as without each other, the implementation will not be successful. For
example, assigning the people into roles will not make sense if one does not know
whom to give what access which in turn does not make sense if one don’t know
which resources need to have access.
Discussion 5:
1) . Most MFA systems rely on possession factors like sim cards, ATM cards, key
cards, etc because even with the knowledge factor the problem of passwords prevail
as passwords can be easily breached and hackers will use number of tricks to try and
obtain passwords for online accounts.

2) Asymmetric cryptography is a type of truly password less cryptography which will

have two keys public key which is accessible by anyone and a private key which is
known by only intended user. Only authorized users will have permission to use
private key and both keys are required for all sorts of operation. Private key serve as
lock and public key will unlock it.

3) I would suggest Okta Adaptive MFA would be suitable for small business with the
reasons being it is very simple to set up and use, it has single sign-on feature with
various MFA notification options.The main thing with passwords are their security,
and for Okta strong password is a no password at all i.e, it authenticates without a
password and it goes well with thousands of web apps.