Title | CYB 200 Project Three Milestone |
---|---|
Author | Sam Fowler |
Course | Cyber Foundations |
Institution | Southern New Hampshire University |
Pages | 9 |
File Size | 455 KB |
File Type | |
Total Downloads | 92 |
Total Views | 144 |
Overview: As a professional in the field of cybersecurity, you should be aware of best-practice tactics and methods necessary for responding to a variety of cyber
threat actors. For this activity, you will research and determine factors to detect, characterize, and counter a range of threat a...
CYB 200 Project Three Milestone Decision Aid Template Complete the template by filling in the blank cells provided. I.
Detection
Awareness
1. Describe the following best practices or methods for detecting a threat actor. Training your end users is a great way for detecting threats. Since end users are a major vulnerability, it is imperative that they are educated on current threats and how to avoid them.
Checking and evaluating of systems and controls in place for data protection. Auditing A computer having the ability to continuously run a task without exhaustion is diligince. Diligence
Monitoring
Testing
Sandboxing
The process of continuously observing a system in order to detect breaches, threats and other vulnerabilities.
The practice of testing systems, networks, programs, and applications to ensure they can withstand attacks they are designed for.
Sandboxing is a practice where you can run code or hardware in a safe, isolated environment that mimics a specific live environment.
To attract someone who might want what you are offering. Enticing
Citations: Check Point Software. (2020, October 21). What is Sandboxing. https://www.checkpoint.com/cyberhub/threat-prevention/what-is-sandboxing/#:%7E:text=Sandboxing%20is%20a%20cybersecurity %20practice%20where%20you%20run,mimics%20end-user%20operating%20environments. %20Free%20Demo%20Contact%20Us
Citations: Joseph, T. (2020, October 21). Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain. QA Source. https://blog.qasource.com/cyber-security-testingchecklist#:%7E:text=Cyber%20security%20testing%20is%20the%20practice%20of %20testing,order%20to%20uncover%20any%20weaknesses%20within%20your%20application.
Walter, L. (2020, October 5). What Is Cyber Monitoring? Entrust Solutions. https://www.entrustsolutions.com/2020/10/05/what-is-cyber-monitoring/#:%7E:text=Cyber %20monitoring%20is%20the%20process%20of%20continuously%20observing,may%20pose %20threats%20to%20your%20data%20or%20systems.
What Is A Cyber Security Audit? (2020, August 7). Cyber Security Intelligence. https://www.cybersecurityintelligence.com/blog/what-is-a-cyber-security-audit-5121.html
Wikipedia contributors. (2021, March 25). Cyber security awareness. Wikipedia. https://en.wikipedia.org/wiki/Cyber_security_awareness
II.
Characterization
Individuals who are “shoulder surfers”
2. Briefly define the following threat actors. Using direct observation, such as looking over someone’s shoulder while they enter their PIN to an ATM.
Actors who disregard protocols, either intentionally or unintentionally. Individuals who do not follow policy Cybercriminals may use other’s credentials to gain access for monetary gain. Individuals using others’ credentials Closely following an individual as a way to sneak past controlled entrance and exit points. Individuals who tailgate
Individuals who steal assets from company property
Thieves are individuals who steal assets for monetary gain.
Citations: CIS (Center for Internet Security). (2019, October 17). Cybersecurity Spotlight - Cyber Threat Actors. CIS. https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/
U.S. Army Cyber Command. (2018, February 18). CYBERSECURITY FACT SHEET: Shoulder Surfing. https://www.arcyber.army.mil/Info/Fact-Sheets/Fact-Sheet-View-
Citations: Page/Article/1440819/cybersecurity-fact-sheet-shoulder-surfing/#:%7E:text=CYBERSECURITY %20FACT%20SHEET%3A%20Shoulder%20Surfing%20Shoulder%20surfing%20is,information %20from%20people%20engaging%20in%20activities%20such%20as%3B
3. Describe the following motivations or desired outcomes of threat actors. Financial Gain Power Fraud
Vindictive Gain support of a cause Sabotage
Vindictive Gain support of a cause Vandalism
Theft
Financial Gain Vindictive Power
Citations: Ablon, L. A. (2018). Data Thieves The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data [E-book]. Rand Corporation. https://www.rand.org/content/dam/rand/pubs/testimonies/CT400/CT490/RAND_CT490.pdf
Citations:
4. Identify the company assets that may be at risk from a threat actor for the following types of institutions. Remember: Each company will react differently in terms of the type of assets it is trying to protect. Personally Identifiable Information SSN Financial Credit Card Account Numbers Personally Identifiable Information Medical Information Medical SSN Medical Account Numbers Personally Identifiable Information Grades Educational Disciplinary
Government
Retail
Pharmaceutica l
Entertainment
Citations:
Personally Identifiable Information Sensitive Military Information Sensitive Communications Personally Identifiable Information Credit Card
Personally Identifiable Information Medical Information Medical Account Information Personally Identifiable Information Credit Card Credentials
III.
Response
Choose a threat actor from Question 2 to research for the response section of the decision aid:
Threat Actor Shoulder Surfers 5. Describe three potential strategies or tactics that you would use to respond to and counter the threat actor you chose. Hint: What are the best practices for reacting to this type of threat actor? Strategy 1 Physically move away from the threat
Strategy 2 Ask the individual to move
Strategy 3 Stop what you are doing until the individual has moved on.
Citations: Mackiewicz, A. (2019, August 23). How to Protect Yourself from Shoulder Surfing. ASG Information Technologies. https://www.asgct.com/how-to-protect-yourself-from-shoulder-surfing/
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a similar threat occurring again. Hint: What are the best practices for proactively responding to this type of threat actor? Strategy 1
Angle your computer or cell phone screen so that other people cannot see what you are typing.
Strategy 2 Try to avoid opening personal accounts in public.
Strategy 3 Use strong passwords to make it more difficult for someone to try and guess what you typed.
Citations: Mackiewicz, A. (2019, August 23). How to Protect Yourself from Shoulder Surfing. ASG Information Technologies. https://www.asgct.com/how-to-protect-yourself-from-shoulder-surfing/
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively respond to this threat actor. I chose shoulder surfing because of how often this can take place in everyday life. Shoulder surfing can take place at the ATM, using your mobile device while waiting in line, or at work while logging to your system or an application. I identified my responses in how I personally respond to a potential individual being in a space that makes it possible to shoulder surf. Physically moving allows you to change the viewing angle to something more secure and it also uses your body language to let the individual know that you know they are a potential threat....