ITC596-Assignment 3- Enisa PDF

Preview

Summary

Download ITC596-Assignment 3- Enisa PDF

Description

[Type the document title] [Type the document subtitle] Name [Pick the date]

Tabl eofcont ent s 1. Overview of Case Study ………………………………………………….. 3 2. ENISA Security Infrastructure ………………………………………….. 4 3. Strategies for combatting Insider Threats ……………………………… 5 4. Top Threats ……………………………………………………………….. 6 5. Key Threat Agents ………………………………………………………... 7 6. Social Hacking Issues ……………………………………………………... 8 7. Threats in Threat Probability ……………………………………………. 9 8. ETL process ……………………………………………………………….. 10 9. Emerging Threats …………………………………………………………. 11 10. Information Technology Security ……………………………………….. 12 11. References ………………………………………………………………… 13

pg. 2

1. Overvi ew ofCaseSt udy ENISA (European Network and Information Security Agency) is one of the European Union agencies which are dedicated to addressing and preventing network security and information security problems. ENISA works with EU institutions and member states to help consumers, citizens, public and business sector organisations in EU prevent and address security network and information security problems. In this case study we describe about the extraordinary changes in increased complexity of attacks, topmost threats, security vendors and successful internationally coordinated operations of law enforcement and also detailed about the attacks on security functions of the internet [ CITATION ENI14 \l 16393 ]. ENISA has performed more information collections by internet searches and by using the information provided by CERT-EU and also by using web platform. ENISA Threat Landscape has expanded to include the schematic representation of various courses of attacks, attack vector information, exploit vulnerabilities and indicate targeted assets. Case study includes the use case of the intelligence of threat by analysing various activities of threats and information produced in the various phases of the security management. Information about the threat are analysed and by making use of that information ENISA proves its security features to prevent the user’s information from the attackers. Main overview of this case study includes content and quality of the threat information, practical use case for threat information and regards to threat information with end user needs. Entire case study discusses about the threats and what are the methods to avoid the threats and a better way to prevent the information from threats. About the possible issues which can be emerge or rise in future, so the security infrastructure needs to be developed in order to stand against the issues. Efficient ENISA Threat Landscape is developed by analysing the current threats, attacks and emerging security issues in each year.

pg. 3

2. ENI SA Securi t yI nf rast ruct ure

Threat agent is identified

Originating of threats are identified

Relevant vulnerabilities is identified

Vulnerabilities is removed

Searching for relevant vulnerability control

Efficiency control is examined

Analyse the corresponding security methods

Security infrastructure of ENISA is mainly focus on identifying the vulnerabilities and removes it and also develops certain methods to handle the threats. First the threat agents are needed to be identifies in order to gather information about what kind of attack they possess and origin of the threats are identified, after all these are identified the vulnerabilities that possess over the information are identifies and removed. Then the security method is developed by analysing the impact of the threats and its working nature, so that in future these threats cannot affect the information of the individual or organisation.

pg. 4

3. St rat egi esf orcombat t i ngI nsi derThreat s Insider Threat is refer to malicious insider wilfully damaging, exposing, stealing internal system or data, employees motivated by profit or grievances are small part of the total threat. These threats are faced by the companies from employee’s inadvertently destructive cyber security. The employee might comprise the whole breach of the data. Insider threat seriously happen when partners and employees leaves the information door open for the bad guys through inadequate, personal negligence or poor security practices. Employee’s negligence in the organisation leads to insider attack, since they were using default and weak password and saving the credentials of login in server where attacker tries to access and gain data. Insider threats are noticed by technical controls, mainly technology is the main problem for this threat. Organisation goes beyond the solutions of technologies are need to sought, this needs are go hand to the employees and awareness process of guidance [ CITATION Mar14 \l 16393 ]. As the insider have authorized and legitimate access to the system resources it makes more difficult to identify the malicious insiders as they are exposed to confidential organizational information, it become a difficult task. Malicious insider is tries to use their knowledge about the controls of the security and break into defines and steal the information. To stop the insider threat, the organisation used to implement efficient security measures for responding and detecting the insider risks. For this organisation needs to enforce the security policies and guidelines to reduce the risk posed by unintentional and intentional security incidents. Robust access control system is one of the effective and common security controls employed in organisation, this system gives access to employees only to the information resource which requires for their daily tasks [ CITATION Bar13 \l 16393 ]. Access control mechanism enables the organisation to implement and specify auditing and monitoring requirements, so that each data are monitoring in effective as stealing of the information are avoided.

pg. 5

4. TopThreat s Malicious Code like Trojans and worms are listed as top threats. As in the reporting period the interesting of the observe increase of adware, also by software delivered in bundle free software and also called Potentially Unwanted Program. Basically worms are kind of virus which is designed to spread from system to system across networks, as it having capability of travelling without any help of human action. Worms takes advantages of information transport features in the system. The issue of worm is it having capability to replicate the entire system and worm can make thousands of copies of it and spread over many systems which connected to it. Due to its most effective copying nature of worm , its capability to travel across the network are results in consume of large amount of memory, causing network servers, individual computers and web servers to stop responding [ CITATION Mih07 \l 16393 ]. Trojan horse is malicious software which appears to be normal software but in behind it damage the system once gets installed. Trojan horse at the receiving end is tricked into the start as because it appears to be like legitimate software. Trojan is developed to be more aggravating than other malicious codes and they can able to cause severe damage to the system by destroying the information and deleting the files of the user. Trojans also opens a backdoor on the system that gives easy access for the malicious users to gain over the information, but Trojan do not replicate any other of its code or self-replicate [ CITATION Vid08 \l 16393 ]. So the malware defence tactics are needed to revise to avoid to the malware code. Even though many malicious defences are there currently, it should not be based in detection of end points and rather involve counter measures at the level of architecture of network. Worms and Trojans are evolved day by day as there are new techniques are implemented by the attacker to increasing their attacking strategy.

pg. 6

5. KeyThreatAgent s Threat agents are place their attacks which have been identified within the reporting period, threat agents which are active seems to be perform many targeted attacks. Cyber threat agents are highly effective in means of finding the identification of opportunities of windows. The new trends of the threat agents are cyber-criminals are better targets of attacks and exploitation of vulnerabilities is successful and effectively using attack methods and malicious tools. The top threat agents are Hacktivists, Cybercriminals, Cyber War, Cyber Espionage and Insider Threat. Hacktivists, this threat agent group has great media attention, this is targeted to select in the way of media attention to create cyber-attacks successful in high visibility. Insider attacks are motivated by revenge, profit, extortion as the significant role in materialization of data breaches and cyber threats. Cyber war is nationally motivated by citizens who possess significant power of striking [ CITATION DrS10 \l 16393 ]. These threat agents are threatened by regional or national and it is capable of launching cyber-attacks. Cyber espionage, this threat agent is formed by targeting the corporate information. Its aims to steal the competitive information, business intelligence collecting and breach the intellectual property rights. Cybercriminals, this threat agent group is in top of the threat agents and its objective to obtain turnover from criminal or illegal activities in cyberspace. Most of the observed incidents are attributed to this group in the reporting period [ CITATION Con04 \l 16393 ]. Cybercriminal is involved in fraud regarding in many kind of sectors engaged in e-payments, cybercrime as a service, e-finance, development of malicious infrastructure and tools. The utilization of encryption, virtual currencies and allows cyber criminals to move in dark market, by attribution and detection efforts.

pg. 7

6. Soci alHacki ngI ssues Social hacking are the act of trying to handle the outcomes of the behaviour of social through the action of orchestrated. Gaining access to restricted information and physical space without the permission are functions of social hacking. This type of attacks are achieved by impersonating a group or individual who are indirectly or directly known to the representation or victims of the group or individual in the authority position. This kind of attack is done through pre-meditated planning and research to victim’s gain of confidence. To present overcomes of trustworthiness and familiarity are the great measures of the social hackers to elicit personal or confidential information [ CITATION Mel15 \l 16393 ]. The social engineering is the component of the social hacking. Social hacking are involves over the human behaviour than the computer and it is also used to reference the increasingly and behaviour of online and social media activity. Social hacking are involves in many ways as they affects the public conversely and perception and public awareness increase in social hacking activity. The social hacking techniques are role playing, phishing and dumpster diving. Phishing is one of the social engineering in which an attacker can able to acquire the information which is sensitive from impersonation a trustworthy of third party. Phishing attack having greater elements in incorporates of contexts which are more effective [ CITATION Kal15 \l 16393 ]. An attacker can gain the trust of victims by getting the information by their shopping preferences. By the personal information from social networks the phishing attacks are invoked. Social hackings are made by the fraudsters and cybercriminals. Phishing attacks are initiated for publicly available personal information get from the social networking. Social hackers targets the individuals or specific organisations by sending emails and messages that looks to be trustworthy but it gains the information from the user system and this is the major issues of social hacking.

pg. 8

7. Trendsi nThreatProbabi l i t y In the trends of the probability compare to the trends of 2013, 2014 has improved many of its threat awareness and controlled many threats compared to 2013. Many threats are introduced new in the year 2013 and threats are arranged according to their effectiveness over the information security. In the top threats of 2014, malicious code stands in the top of the list as it is more harmful and dangerous compared to other threats in the list. Malicious codes are the software which extracts the user information and affects the system in a major way. Followed to the malicious code web based attacks, web application attacks, botnets and other threats are there. The improved threats in trends of 2014 are malicious code, web based attack web injection attacks, Denial of service, Phishing, Physical damage, Data breaches, Information leakage, identify fraud and cyber espionage. These trends are increased compared to previous year 2013. Insider threat is a new threat introduced in 2014, as the insider threat is caused by the employees inside the organisation by intentionally or unintentional incidents. Malicious insider is tries to use their knowledge about the controls of the security and break into defines and steal the information. Insider threat are more vulnerable next to outside threat, as it is a new threat security policies and infrastructure are want to be modified according to avoid this threat in future. Botnets, Spam, Exploit kits and Ransom ware are the threats which are controlled or decline in the trends of 2014, as these threats are noted as one of the increasing trends in 2013, after that security infrastructure are reframed according to avoid this threat. The trends of 2014 are avoiding many threats which are more harmful for the information security.

pg. 9

8. ETLProcess ENISA Threat Landscape gives more information about the threats and its effects over the data and information, then the trends of the threats in current year and security infrastructure that follow by the ETL. From this information we can get more idea and detailed information about each and every threat, so it will be easy to study about the threats and its nature. To increase the performance of the ETL process, from gathered information about each threats, security infrastructure are needed to be keep on develop security day by day to prevent the information against the threats. The security solutions are need to be given for each and every threats so that the user information are stored in safe and secure way. The strategic information of the threats is needed to be collected in higher level so that the each clear information about the threat can be useful for future security development process. The security investments, prospective measures are increased to know about the cyber security strategies and the level of information is needed to be improved. The tactical information of the threat are describes about the threats and its component such as threat trends, threat agents and emerging trends. The threat trends are needed to be tested before including in the trends and security assessments. Security policy are want to be update according to collate of threat assessment and the planning of the each security controls are analysed depend on the threats. These processes are helpful for the ETL in order to increase the information security against the attackers or hackers.

pg. 10

9. Emergi ngt hreat Emerging threats that will be challenges for ENISA on 2016 are malicious code and Insider threats. The Emerging threats are most commonly and more dangerous threats that are used by the attackers to gain over the information. Malicious Code: Worms or Trojans, it is software code which affects the computer which are connected over the network and it having the property of spread. It also sends email for message and steals the information and cause more damage to the files or information in the system. Malicious code can copy itself and spread over network and its cause significant damage to the system, where worms having this similar property. Trojan horses are malicious software which looks like a trusted software but after it get installed it will run the harmful software which is kept hidden, it will open the backdoor for the attackers to access the files in the system. Insider Threat is a malicious insider it expose, damage and steal the data of the user or organisation, this threat is caused by the internal employees of the organisation. It is a serious threat from the employees inadvertently disclosing data and it occurs when the partners or employees leaves the door open for the hackers either through poor, inadequate security and personal negligence. Due to their vital property these two threats malicious code and insider threat are high potential for security risks. So these two risks will have high threats in the ENISA 2016.

pg. 11

10.I nf ormat i onTechnol ogySecuri t y Current information security of the ENISA are controlled the threats alike botnets, spam, exploit kids and scareware. These are the common threats that cause more damage in previous year and they are controlled by the ENISA security. But the insider threats are the new threats that are taken into the account of ENISA and new methods and security measures are needed to be taken in order to avoid these kinds of threats to affect the information in the system. Currently malicious code and Denial of service are listed in top of the threats that are needed to avoid in future by the ENISA security [ CITATION Har15 \l 16393 ]. The attacks which cause more damage to many organisations in the recent years are rise of machine to machine attacks, headless worms and conceal attacks. Machine to machine attacks are affects any device that are connected to the infected one and it is an unprecedented opportunity for hackers. Massive problems are created by this kind of attacks. Headless worms are the attacks which can able to propagate from one device to another device, these are the malicious code which targets mainly the smart devices and it affected over millions of devices. Conceal attacks are the emerging threat which having forensic capability and used for evade of detection of hackers. It is designed to steal information, network penetration and it is more difficult to track. These attacks cause more data breaches and stealing of information which helps us in giving more details about the nature of this attacks and it leads to develop of defending mechanism against it. These kind of attacks are need to be avoided and information are want to be protect safely , so ENISA need to develop more of its security in order to overcome this attacks in future.

pg. 12

11. References Barrios, R. (2013). “A Multi-Level Approach to Intrusion Detection and Insider Threat. Journal of Information Security, 54-65. Christodorescu, M. (2007). Malicious Code: Attacks & Defenses. Information Secuirty. Conway, M. (2004). Cyberterrorism: academic perspectives. European Conference on Information Warfare & Security. Debroy, V. (2008). Malicious Code∗. IEEE Reliability Society . ENISA. (2014). ENISA Threat Landscape 2014. European Union Agency for Network and Information Security. Kalwa. (2015). Phishing just got personal – avoiding the social media trap. TechRadar. Omar, M. (2014). Insider threats:Detecting and controlling malicious insiders . Nawroz University. Pinola, M. (2015). . Analysis of a social site hack: Do feds need a 'higher standard' for social networking? GCN. Taylor, H. (2015). Biggest cybersecurity threats. CyberSecurity. Vidalis, D. S. (2010). Analyzing Threat Agents & Their Attributes. Journal of Information Security.

pg. 13...