CYB 200 Project Three Milestone PDF

Preview

Summary

Overview: As a professional in the field of cybersecurity, you should be aware of best-practice tactics and methods necessary for responding to a variety of cyber
threat actors. For this activity, you will research and determine factors to detect, characterize, and counter a range of threat a...

Description

CYB 200 Project Three Milestone Decision Aid Template Complete the template by filling in the blank cells provided. I.

Detection

Awareness

1. Describe the following best practices or methods for detecting a threat actor. Training your end users is a great way for detecting threats. Since end users are a major vulnerability, it is imperative that they are educated on current threats and how to avoid them.

Checking and evaluating of systems and controls in place for data protection. Auditing A computer having the ability to continuously run a task without exhaustion is diligince. Diligence

Monitoring

Testing

Sandboxing

The process of continuously observing a system in order to detect breaches, threats and other vulnerabilities.

The practice of testing systems, networks, programs, and applications to ensure they can withstand attacks they are designed for.

Sandboxing is a practice where you can run code or hardware in a safe, isolated environment that mimics a specific live environment.

To attract someone who might want what you are offering. Enticing

Citations: Check Point Software. (2020, October 21). What is Sandboxing. https://www.checkpoint.com/cyberhub/threat-prevention/what-is-sandboxing/#:%7E:text=Sandboxing%20is%20a%20cybersecurity %20practice%20where%20you%20run,mimics%20end-user%20operating%20environments. %20Free%20Demo%20Contact%20Us

Citations: Joseph, T. (2020, October 21). Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain. QA Source. https://blog.qasource.com/cyber-security-testingchecklist#:%7E:text=Cyber%20security%20testing%20is%20the%20practice%20of %20testing,order%20to%20uncover%20any%20weaknesses%20within%20your%20application.

Walter, L. (2020, October 5). What Is Cyber Monitoring? Entrust Solutions. https://www.entrustsolutions.com/2020/10/05/what-is-cyber-monitoring/#:%7E:text=Cyber %20monitoring%20is%20the%20process%20of%20continuously%20observing,may%20pose %20threats%20to%20your%20data%20or%20systems.

What Is A Cyber Security Audit? (2020, August 7). Cyber Security Intelligence. https://www.cybersecurityintelligence.com/blog/what-is-a-cyber-security-audit-5121.html

Wikipedia contributors. (2021, March 25). Cyber security awareness. Wikipedia. https://en.wikipedia.org/wiki/Cyber_security_awareness

II.

Characterization

Individuals who are “shoulder surfers”

2. Briefly define the following threat actors. Using direct observation, such as looking over someone’s shoulder while they enter their PIN to an ATM.

Actors who disregard protocols, either intentionally or unintentionally. Individuals who do not follow policy Cybercriminals may use other’s credentials to gain access for monetary gain. Individuals using others’ credentials Closely following an individual as a way to sneak past controlled entrance and exit points. Individuals who tailgate

Individuals who steal assets from company property

Thieves are individuals who steal assets for monetary gain.

Citations: CIS (Center for Internet Security). (2019, October 17). Cybersecurity Spotlight - Cyber Threat Actors. CIS. https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/

U.S. Army Cyber Command. (2018, February 18). CYBERSECURITY FACT SHEET: Shoulder Surfing. https://www.arcyber.army.mil/Info/Fact-Sheets/Fact-Sheet-View-

Citations: Page/Article/1440819/cybersecurity-fact-sheet-shoulder-surfing/#:%7E:text=CYBERSECURITY %20FACT%20SHEET%3A%20Shoulder%20Surfing%20Shoulder%20surfing%20is,information %20from%20people%20engaging%20in%20activities%20such%20as%3B

3. Describe the following motivations or desired outcomes of threat actors. Financial Gain Power Fraud

Vindictive Gain support of a cause Sabotage

Vindictive Gain support of a cause Vandalism

Theft

Financial Gain Vindictive Power

Citations: Ablon, L. A. (2018). Data Thieves The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data [E-book]. Rand Corporation. https://www.rand.org/content/dam/rand/pubs/testimonies/CT400/CT490/RAND_CT490.pdf

Citations:

4. Identify the company assets that may be at risk from a threat actor for the following types of institutions. Remember: Each company will react differently in terms of the type of assets it is trying to protect. Personally Identifiable Information SSN Financial Credit Card Account Numbers Personally Identifiable Information Medical Information Medical SSN Medical Account Numbers Personally Identifiable Information Grades Educational Disciplinary

Government

Retail

Pharmaceutica l

Entertainment

Citations:

Personally Identifiable Information Sensitive Military Information Sensitive Communications Personally Identifiable Information Credit Card

Personally Identifiable Information Medical Information Medical Account Information Personally Identifiable Information Credit Card Credentials

III.

Response

Choose a threat actor from Question 2 to research for the response section of the decision aid:

Threat Actor Shoulder Surfers 5. Describe three potential strategies or tactics that you would use to respond to and counter the threat actor you chose. Hint: What are the best practices for reacting to this type of threat actor? Strategy 1 Physically move away from the threat

Strategy 2 Ask the individual to move

Strategy 3 Stop what you are doing until the individual has moved on.

Citations: Mackiewicz, A. (2019, August 23). How to Protect Yourself from Shoulder Surfing. ASG Information Technologies. https://www.asgct.com/how-to-protect-yourself-from-shoulder-surfing/

6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a similar threat occurring again. Hint: What are the best practices for proactively responding to this type of threat actor? Strategy 1  

Angle your computer or cell phone screen so that other people cannot see what you are typing.

Strategy 2 Try to avoid opening personal accounts in public.



Strategy 3 Use strong passwords to make it more difficult for someone to try and guess what you typed.

Citations: Mackiewicz, A. (2019, August 23). How to Protect Yourself from Shoulder Surfing. ASG Information Technologies. https://www.asgct.com/how-to-protect-yourself-from-shoulder-surfing/

7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively respond to this threat actor. I chose shoulder surfing because of how often this can take place in everyday life. Shoulder surfing can take place at the ATM, using your mobile device while waiting in line, or at work while logging to your system or an application. I identified my responses in how I personally respond to a potential individual being in a space that makes it possible to shoulder surf. Physically moving allows you to change the viewing angle to something more secure and it also uses your body language to let the individual know that you know they are a potential threat....