Can you please help me with the following: Media loves to tell the horror storie
ID: 3587819 • Letter: C
Question
Can you please help me with the following:
Media loves to tell the horror stories of disasters after security breaches. IS professionals must pro-actively plan countermeasures and continually study and learn from past events. Select a past news story of a failure caused by one of these events to provide an analysis of the failed system using some of the countermeasures you have learned in this unit. Recommend strategies to minimize the loss of IS services/data in those events as if you had been on the IT team during this event. Keep in mind that the focus of this assignment is the response to a crisis - after the event (not preventing the event).
Countermeasures to consider for your responses:
•Fix known exploitable software flaws
•Develop and enforce operational procedures and access controls (data and system)
•Provide encryption capability •Improve physical security
•Disconnect unreliable networks
Explanation / Answer
Fix Known exploitable software flaws:
=> while doing coding or writing a programme erors and bugs will arrive these are software flaws because of this flaws we may not get expected outcome and wrong output will come.
=>There are different kind of exploits one of the main thing is how the exploit reaches the vulnerable software.
=Some exploits will give the acces to auotherised persons to retrieve the data so have to provide security.
=> To reduce these exploits we need to secure tha data with encryption. and weekly patching work and monthly maintanance work will decrease the vulnerabilities.
=>Some softwares have secured source of data so we can use those.
=>we have to check the authentication issues and execution issues then we can easily detect before the exploit.
Develop and enforce operational procedures and access controls:
=>company have to take care of account mangement giving the access to groups and individual persons.
=>Server acces should give only to authorised persons then issue of data leakage will not come.
=> Acces control will reduce the authentication issues.
=> for confidential data we need to set a operational procedure menas set of steps to reachout the data only authorised people kmow these steps so they only can read the data.
=> Instead of native account we can use LDAP account by this way we can secue the dat. only authorised people can acces the data with their own credentials.
Provide encryption capability:
=> We have to encrypt the data with public or private key then people can acces the data who have the cipher key.
=> cipher text is nothing but encrypted data only authorised people can view the data by decription.
Improve physical security:
=>we have to provide security person near to server rooms.
=>Most vulnerable devices and important doccuments we need to keep in locked rooms.
=>Pendrives and personal laptops we have to keep in safe side.
=> Whenever we are going away from our system we have to lock that.