Professional Documents
Culture Documents
ORGANIZATION
Contents
Module # 1..................................................................................................................................................2
1.1.1 Introduction........................................................................................................................................2
1.1.2 Physical security.............................................................................................................................2
1.1.3 Information security.......................................................................................................................2
1.1.4 Cloud security.............................................................................................................................2
1.1.5 Application security....................................................................................................................2
1.1.6 Internet security.........................................................................................................................3
1.2.1 Phishing attacks..................................................................................................................................3
1.2.2 Example..........................................................................................................................................3
1.3.1 SQL Injection.......................................................................................................................................4
1.3.2 SQLmap..........................................................................................................................................4
1.3.3 Example..........................................................................................................................................5
1
Module # 1
Introduction
Cryptech is a company with a variety of organizational departments for forensics, IT security
management, and secure progress. I joined the company as an IT security management trainee a couple
of days ago and am presently working on their new client board of intermediate and secondary
education. The BISE conducts exams for secondary and intermediate education. They observed some
interference and anomalies within their system, so they look forward to the company's ability to
establish and implement official information security for their organization.
Physical Threats
Physical threats play an integral role in ruining network data, hardware, and software. The organization
may be at risk of natural tragedies such as earthquakes, floods, harsh climates, and fires, theft of
documents, unaccounted visitors, and stolen identification. 4
Technical failure
It is distinguished by a crash in software, hardware, or telecommunications. Technical failure indicates
the risk for the system that hasn't backup
Blackberry
Blackberry launched a phone with a keypad and a touchscreen assuming the fact that the customer will
always prefer using keypads. Therefore, they suffered a massive loss of 500 million.
Samsung Galaxy Note 7
It was at first favored by clients but later on, because of defective batteries, it began malfunctioning. The
company had to cancel the whole flagship program. (Milner, 2022)
2
Figure 1, Technical failure
Data theft
It is the theft of any reserved digital data, such as passwords, social security numbers, online
subscriptions, and so on from PCs to gather sensitive information. The most commonly used ways of
data theft are weak passwords, system vulnerabilities, social engineering, database problems, publicly
available information, physical actions, and insider threats. (kaspersky, 2022)
Types of data theft
Phishing
The purpose of phishing is to trick a victim into visiting a malicious URL attached to an email or message.
This URL is used to collect the victim's information. By filling out a form on a fake company's website,
the victim gives hackers access to his data. This allows them to monitor and use his data. For example, a
phishing attack may begin with an email claiming to be from a legal site, such as PayPal. An email aims to
collect user-sensitive information. Therefore, it links to a web page that closely resembles the original
3
Human Errors
Human errors are actions that are performed by a person involuntarily or without having been notified
of the necessary measures the person needs to take. This may result in insecurity.
Basic Procedure
Acceptable use
The acceptable use approach specifies the rules and practices that a worker using IT resources of
an organization should follow to access the organization's network or the internet. Fresh staff
members receive a copy of this policy to study and sign before they are granted a network ID.
The organization's IT, legal, and security units decide what is covered by this policy.
Access control policy
Its purpose is to restrict workers' access to passwords, software controls, details, and confidential
information in an organization. Also included in the role is how resigned workers or workers
who are no longer associated with the organization can no longer access the system.
Information security policy
Among all the policies, this is the most prominent. This involves several security controls issued
at the primary level by an organization. This is to make sure the regulations are adhered to by
each worker using IT assets in the organization's range.
Continuity plan
This plan will organize action across all areas of the organization. It will rely on the disaster
contingency plan to restore software, systems, and data that are crucial to the continuity of the
organization.
Incident response
It is the responsibility of incident response to determine the procedures that will be used to
control an incident. This will enable us to shorten the recovery time and the financial
4
consequences of the incident. In addition, it will enable us to limit the impact on organizational
functioning caused by the incident.
Disaster recovery
Recovery from disasters consists mainly of fault-finding and locating any asset that is crucial for
an organization like equipment, physical services, and software. The second function is
concerned with describing the actions required to maintain their functionality in the event of a
disaster. Additionally, it is also responsible for governing how the organization will secure itself
from disasters. (cloudian, n.d.)
Network Security
The most harmful virus that can infect a computer network is malware. This is malicious
software programmed to damage the network by attacking the system's critical
information and stealing money from the organization.
The malware requires more than antivirus software and vigilant patch updates.
Organizations must conduct content reviews and purify email servers, which are
increasingly being targeted by hackers.
The organization must improve visibility, and deliver superior multi-layered protection in
advance
Organizations should continuously detect and block malicious activities in progress
It must be made compulsory for workers to enter the office within a fixed time
The organization should handover the organization card with specific ID numbers
mentioned for each employee
The supervisor should not allow any employee to enter the office without the
organization's allotted ID card
Each employee's fingerprint should be saved in fingerprint sensors and their attendance
should be recorded on gates.
Device security
The virus on the device is a malicious piece of code that is recreated and copied into
other programs. It changes the device's manner of functioning. The steps of procedures to
prevent the virus from spreading are outlined below
5
Install anti-virus on the PCs in the organization. If a user downloads a file, the content of
the file in hexadecimal or binary is compared against the list of known viruses. However,
antivirus software in the computer once detected will be removed or quarantined from the
computer to ensure that the computer functions normally
Log in to the virus detector on your device
Unlink the device from the internet as few viruses propagate via the internet
Reset the device using secure means
Remove unwanted or non-permanent files from the PC
Let the virus detector run through an anti-virus
If the virus is detected, remove the folders from your PC to avoid further virus spread.
By rescanning examine the device for any remaining threats and delete them to
Restart your device
Update all the PC's passwords since they may have been impacted by a virus.
Update the portal, and system within the PC to minimize the probability of threats as
much as possible (kaspersky, n.d.)
File
When any file or folder on an organization's PC becomes corrupted, it is recommended that the
format of the folder on the PC be updated. By changing the format, the concerns will be resolved
and it will work as expected. In the case of a JPG file, for instance, it would be appropriate to
convert it to a PNG file as both of these are image formats. (tenorshare.net, n.d.)
6
MODULE 2
ISO 31000 RISK MANAGEMENT
METHODOLOGIES
7
Firewall
The primary goal of a firewall system is to develop a protective barrier between public and
private networks. In its system, objectionable traffic is avoided, while desired traffic is permitted.
A firewall is responsible for blocking unauthorized individuals' access to the system. An
incorrect configuration can negatively impact the organization in many ways. For instance, a
client's earnings could continue to be stolen until the bug is fixed. Moreover, a misconfigured
firewall can be the source of criminal activities such as stealing data
Example
During the process of finding cyber threats or specific holes, if any significant risk is discounted
or if the firewall configuration is ignored accidentally by the organization, the survey can reveal
the client's concerns about architecture. (sunnyvalley, n.d.)
Example
when you order internet from your Internet service provider they will set up your internet
connection. After the setup is finished, internet activity is routed through your ISP servers.
Therefore, ISP can see and log all of your internet activity so that they can see each site that you
visited
Demilitarized zone
Demilitarized means the organization segregates devices, such as computers and servers, on the
opposite side of the firewall, to improve the security of its network. For example, The network
8
belongs to an organization. It has servers and computers that are behind a firewall. Whether it is
email servers or web servers, the organization's servers need to be accessed from the internet to
remain in business. Now as these servers are behind the organization's firewall they are inside the
organization's private network. This means the organization is letting people from an untrusted
network like the internet gain access to the organization's firewall. This will allow them access to
the organization's private network where the servers are. However, this could cause a security
concern as people are accessing these servers. Hackers could use this as an opening to cause
havoc on the organization's network. This is because they managed to get past the firewall. After
all, the servers are behind the firewall. Hackers can now access other sensitive data from devices
outside the firewall such as servers that store sensitive data, and they may try to plant a virus, but
if the organization puts email and web servers outside the firewall and on the opposite side, the
servers will still be in the same building, but they won't be beyond the organization's firewall
later on when people access the servers from the internet they will not be beyond the firewall
where the sensitive data is kept these servers are cut in front, facing the internet and fully
exposed so these servers are now in the DMZ, which is also known as a perimeter network
A more secure DMZ uses two firewalls. One extra firewall will be added and then placed in front
of the DMZ. This second firewall adds an extra layer of protection to make sure that only
legitimate traffic can access the DMZ. It also makes it more challenging for hackers to penetrate
an organization's internal network. This is because they would have to go through two different
firewalls if they attempted to access the internal network of the organization. In this way, DMZ
implementation improves network security.
Example
In military terminology, a demilitarized zone (DMZ) is a zone in which opposing parties agree to
set aside their differences to develop an environment of peaceful coexistence between them. For
instance, South Korea and North Korea are separated by a narrow strip of land (BasuMallick,
2022)
Static IP
Static IP also known as dedicated IP refers to an exclusive IP address that has been assigned to a
single user. Whenever you connect to a VPN your network communication will be routed
through the same IP. Only a handful of VPN services such as Pure vpn offer static IPs as a
premium add-on.
Example
An employee of a company has an IP address of 193.124.698.20. He can access his main desktop
server from his computer at home using this IP
9
NAT
NAT stands for network address translation. The purpose of this service is to translate a set of IP
addresses into another set of IP addresses. It is used in routers. A router that has an interface on a
worldwide or community network is configured for NAT. When the packet passes over globally to the
local network, it turns that inside IP address into the outside address. This is because when a packet
passes into a private network, its public IP address turns it private. Implementing NAT can improve
security because whenever the internet makes computers inside the internal network available, they are
only able to see the IP address of the router. Furthermore, by hiding the original root address and the
target address, NAT adds an extra layer of security to a network.
Example
when a Wi-Fi router and a DSL modem are linked in a system with NAT enabled in each of
them. Through the use of a Wi-Fi router, the host devices are connected to the public network via
Wi-Fi.
Figure 2 NAT
Types of NAT
Static NAT
Requires you to manually type in the entries into the table. This tells the router which private
address and port number will translate into which public address and port number later on. When
the data comes in it checks the NAT table for the source address. When it finds a match, the
private address is exchanged for the public address.
Port address translation
PAT, which is also known as overload NA, is used by home computers to send data to the
router. The reader checks the source address and port number as well as the destination address
and port number. Port numbers identify which device the data belongs to, as well as which
application the data belongs to. It swaps out the private source address and port number for a
public address and port number. To keep track of which public addresses correspond to which
private addresses the router builds the NAT table.
10
Dynamic NAT
It is a one-to-one mapping of addresses. It creates a pool of public addresses manually. A router
checks the source and destination addresses when data is sent to it. It replaces the source address
with the first available public address from that pool when data arrives. Then it's sent. When the
data comes back it again looks at the source address and then looks at the destination address. If
it finds a match in the NAT table for the destination address, it switches to the private address. It
then sends it. The public address will then be returned to the pool ready to be used again once
this process is completed. It is used by organizations.
11
12
Risk assessment
Analysis
Analyze the appliances and how they are being used. In addition, train your staff on the safety
measures that must be taken when using pieces of equipment such as labs in your organization.
Furthermore, we need to fill the staffing needs of each department, since each requires a different
kind of personnel. For example, depending on the department, there will be a need for young
people, experienced people, and so on. Also, record these findings as per the law if there are
more than 5 employees in the office. This is because the process of risk assessment must be
written
13
Priority
Put the most sensitive departments and sources in your organization at the top of your priority list. Also,
record these findings as per the law if there are more than 5 employees in the office. This is because the
process of risk assessment must be written. This will include figuring out the high, low, and medium risks
by determining the cause, level, and source of the risk. In schools, for instance, one of the most critical
security measures is to ensure that only authorized members of the school staff and limited students
have access to the assets of the school.
Health measures
Ensure the physical and mental health of staff members and especially students is taken into account
during the assessment process. This is so that each individual in the organization performs properly
without any mental pressure and passiveness in a calm and stress-free environment.
IT risk assessment
IT risk assessment is responsible for determining the threat faced by your information systems, data,
and network. Assessing the potential adverse effects that you may face if you experience such adverse
events. Ideally, this should be done annually especially when significant changes take place inside the
organization.
Data protection is essentially the process of ensuring data safety by guarding against
activities such as loss of data or corruption of data. The requirement for data protection
increases with the growth of stored information, especially when the amount reaches
extraordinary proportions. By establishing and maintaining the data asset log, you ensure
14
that the preventative measures you bring in will cover all the relevant data assets. Doing
this is a helpful way to better understand the places and people associated with data.
Data privacy and safety are at the heart of the general data protection regulation (GDPR).
Employees must understand its significance. Let's suppose a laptop or any device
containing sensitive information about the organization is stolen or lost. It would be a
serious loss. In simple terms, human error has a negative impact not only financially, but
also on the organization's reputation. Thus, employees should be trained to handle assets
properly
Now a days limiting the access of staff to data has become a basic security measure to
safeguard data from unauthorized activities. This is because in most cases the personnel
of organizations are involved in criminal activities.
Risk assessment on a regular basis must be done to avoid data or physical breaches. It
will help to understand the current state or weak points of the organization's security
system.
To prevent the risk of data leakage and the possibility of viruses, you must use reliable
and licensed software when scanning for viruses.
Maintaining and updating such a huge amount of data is clearly a burden and requires a
lot of effort. The reason for this is that it is a time-consuming process, and it is
challenging to manage space for it and arrange them properly so that they can be found
easily. But on the other hand, losing a vast amount of data is a challenge ten times more
difficult than managing a backup of data. Therefore, it is crucial for organizations to
secure data by having backup
ISSO 31000 is an international standard provided by the international organization for
standardization whose aim is to sketch, execute and maintain risk management. The
principle of ISSO 31000 explains the properties of effective risk management. To do this,
an organization must obey the principles mention that says It produces and defends the
value, It is a decision making phase which is essential in organizational processes , It
follows a structure, is systematic, and timely, It is iterative and reactive to change ISSO
31000 process is concerened to understanding of following
15
Access control policy
The key scheme of an access control plan is to limit access not only physically but also
systematically. This means protecting the place where a system is kept and protecting its data.
This policy identifies how to manage and control access to information. It includes access
control programs, user and network access control programs, data processing controls and
password controls.
Password authentication
The leading reason behind data loss is associated with a breach of password. Passwords are
among the weakest forms of client authentication, usually used to protect their most sensitive
data. As a result, clients can only access secured assets such as databases, web pages, networks,
and services based on networks when they have been verified. (tomorrowsoffice.com, n.d.)
16