Assignment On IT Risk Management: ENISA Security Structure And Strategies For Combatting Cyber Threats

ENISA Security Structure

Discuss about the Assignment on It Risk Management.

The report of ENISA is based on the analysis and collection of threat information of the year 2014. “The changes have been analyzed which increases the attacks complexity and coordination of operation for the enforcement of the law” (Mateski, 2012). The changes has been observed in the cyber security community such as Botnet has control the communication between infected machines, Blackhole has reduced the use of exploit kit, DDos attacks are reduced due to the use of infected server, SQL injection is the main tool which is used for compromising with the website, and many more. From the research it has been observed that the core security protocols are named as SSL and TLS are under immense pressure and flaws are also encountered in the implementation. The year of 2014 is categorized as the year of data breach. The agents of cyber threats are effectively works on the leakages in the security programs of government and business. The violation of the privacy, increment in the sophistication, and others are some of the negative aspect of threat landscape. In the report, the topics such as list of top threats, their impact, ETL process, and others are clearly discussed in brief. 

The security structure of ENISA is stands on five pillars which include defining the policy used for security, defining the scope of ENISA, assessment and management of risk, right choice in making the selection of control and lastly, the statement of applicability. The output of these pillars are developing the list of analyzed risk associated with the system, identification of weaknesses associated with the assets, strength of control used, documentation of the implemented application.. 

Strategies for combatting insider threats are discussed below:

• Training should be provided to the employees for recognizing phishing and other threats related to social media vector
• “Training should be properly given to maintain the knowledge and abilities of the employees” (Kim, 2013)
• The usage of security tools should be improved
• The usage of software should be improved for reducing the likelihood of human error
• Awareness of the insider threats should be improved
• Security practices should be provided effectively
• Strategies related to web compromise activities
• Attack related to the watering hole
• Space foundation against watering hole attack
• User should compromise with web page in accordance with invisible Iframe
• The Iframe which is embedded in the page loads another page secretly
• Redirection of page to another page
• Downloading to the victims computer to the another server
• Building of analytics for consistency and analysis of quality
• It also support real time data mining 

Answer: The most significant attack is Denial of service attack because it can evolved due to sophistication, unpredictability, asymmetric, volumetric, computational, stealthiness, and others are some of the agents of threats. “The bandwidth of the attack is continuously growing in comparison to the time window” (Kumar, 2013). These attacks are usually come into existence with the combination of other attacks. In the coming future, volumetric attack will become the main attack. The detection of DDOS attack is difficult without the decryption of SSL traffic. The attacks of the application layer are the strong tools as they provide the significant impact on the application layer. The distributed denial of service attacks is most prominent where the source of attack is more than one and having unique IP addresses. This type of attacks usually occurs when one or more web servers re interconnected within the application. 

Identify Strategies for combatting Insider Threats

The Key threats agents are listed below:

• Cyber criminals: The main objectives of cyber criminals are to obtain maximum profit by making use of illegal activities. “Intelligence and monetization are the main motivation behind these activities” (Gupta, 2010). Cybercriminals are available in every sector such as finance, e-payment, e-commerce, malicious tools, and etc.
• Online social hackers: They plays an important role in the attacks related to phishing and stalking. Online social hackers are equipped with knowledge of social engineering which is helpful in analyzing and understanding the behavior of social targets. The tools which are used are categorized as information related to social engineering, profile information of the user, and etc.
• Hacktivists: The activists who are politically motivated and have faced the media attention are known as Hacktivists. “There is a lack of central organization structure which help them to perform groups and sub groups” (Gu, 2007). The mobilization is usually due to the decision related to politics, social crises, injustice, and etc.
• Nation states: Cyber intelligence capabilities have been developed in various nation states. The severe threats can be caused due to the availability of budget and resources.
• Corporation: The focus is on the corporate information for the growth of such activities. The collection of the information such as rights of intellectual property, innovative ideas, and etc are usually takes place
• Employees: The basis of motivation are extortion, profit, and revenge etc. The cyber threats usually lead to the development of data breaches.
• Cyber fighters: The cyber fighters are the group of attackers who are politically motivated for data breaches.
• Cyber terrorists: They can harm to the large scale computer server. They usually focus on the critical infrastructure.
• Script kiddies: This group of individual can be thrilled about the achievement related to person, group, or organization 

The cyber-attacks can be minimized by following emerging technologies:

• Cyber physical system: They work on providing protection to the critical infrastructure
• Mobile computing: It is the next generation architecture for the IT
• Cloud computing: Cloud computing technology is used by the expert for providing security.
• Trust infrastructure: The trust infrastructure is the important component of cyber security
• Big data: Big data is the valuable assets which are mainly focused by the cyber attackers. 

Answer: Social hacking works on manipulating the outcome of action related to social behavior. Social hacking restrict the accessing of the information. “Social hackers take the significant steps to steal the personal information of the victim” (Anthony, 2012). There are number of social hacking techniques which can be categorized as dumpster driving, tailgating, roleplaying, spear phishing, and etc. Online social hackers are equipped with knowledge of social engineering which is helpful in analyzing and understanding the behavior of social targets. 

From the table the trend in the probability of the cyber threats is that the ranking of the malicious code, botnets, denial of service, spam, phishing, data breaches, and information leakages is continuous increasing whereas web based attack, exploit kit, physical damage, and identity theft is continuously decreasing. “The steps should be taken to stop the growth of the cyber-attacks” (Vidalis, 2009). 

The ETL process can be improved by focusing on the following areas:

• NV and SDN are working on the centralization for controlling the network.
• Security issues have been properly handled by NV and SDN
• They also helps in maintain the quality of servic
• Cyber physical system: They work on providing protection to the critical infrastructure. It ensures interoperability with the critical goods.
• Mobile computing: It is the next generation architecture for the IT. It is becoming the basis of technology convergence.
• Cloud computing: Cloud computing technology is used by the expert for providing security. It is mainly focus on the implementation of the security control.
• Trust infrastructure: The trust infrastructure is the important component of cyber security. These attacks bring the dynamic changes in the innovation.
• Big data: Big data is the valuable assets which are mainly focused by the cyber attackers. It is the most trustworthy tool for the security professionals. 

From the table, it can be predicted that denial of service attack and insider threats will be the most challenging issues for combatting in the year 2016. The bandwidth of the attack is continuously growing in comparison to the time window. These attacks are usually come into existence with the combination of other attacks. In the coming future, volumetric attack will become the main attack. The detection of DDOS attack is difficult without the decryption of SSL traffic.The distributed denial of service attacks are most prominent where the source of attack is more than one and having unique IP addresses. This type of attacks usually occurs when one or more web servers re interconnected within the application.Training should be provided to the employees for recognizing phishing and other insider threats related to social media vector. The usage of software should be improved for reducing the likelihood of human error which results into the insider threats.

ENISA is satisfied with the current state of IT security because it works on improving the business life, it makes the bridge between engineered system and cyber space, surveillance is the effective tool used for cyber threat landscape, and others. The major concern of the security expert is the unknown occurrence of data breaches. “The development of the new security measures takes place with every attack which takes place on the computer system” (Andrew, 2011). There is a continuous increment in the sophistication of the cyber-attack. There is a major challenge for the trust infrastructure. From the research it has been observed that the core security protocols are named as SSL and TLS are under immense pressure and flaws are also encountered in the implementation. The violation of the privacy, increment in the sophistication, and others are some of the negative aspect of threat landscape. The solution of the data breaches is depends on the usage of data. Big data, mobile computing social media should be properly used for preventing the information from data breaches.

References: 

Mateski, M. (2012). Cyber threats metrics (1st ed.). New Mexico. Retrieved from https://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-065.pdf 

Kim, D. (2013). Cyber threats trend analysis model using HMM (1st ed.). Retrieved from https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.331.3416&rep=rep1&type=pdf 

Kumar, A. (2013). Social networking sites and their security issues (1st ed.). Retrieved from https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.300.4675&rep=rep1&type=pdf 

Gupta, S. (2010). Social engineering the art of human hacking (1st ed.). Retrieved from https://sin.thecthulhu.com/library/security/social_engineering/The_Art_of_Human_Hacking.pdf 

Gu, Q. (2007). Denial of service attack (1st ed.). Retrieved from https://s2.ist.psu.edu/paper/ddos-chap-gu-june-07.pdf 

Anthony, W. (2012). Denial of service attack in sensor network (1st ed.). Retrieved from https://www.cs.virginia.edu/~stankovic/psfiles/computer02-dos.pdf 

Vidalis, S. (2009). Analyzing of threat agent and their attributes (1st ed.). Retrieved from https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.104.6908&rep=rep1&type=pdf 

Andrew, J. (2011). Threat agent library helps identify information security risks (1st ed.). Retrieved from https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/Intel%20-%20Threat%20Agent%20Library%20Helps%20Identify%20Information%20Security%20Risks.pdf