The JL Company has now decided to move to the online marketing. JL has now started to send confidential documents and communicated to the clients through this online services. After some months employees were noticing that the operating system of the computer is progressively slow and were displaying random malware which were getting pop up on the system. Currently, the JL SOE has got Windows 10 laptops with recent updates of Microsoft. There are no such laptops that contain a security software. With the use of wireless router of D-Link DSL-2740B internet access is done with ADSL. They use WinSCP for QNap TS-412 NAS to keep backup of the data of the workstation. The admin account of the NAS has username/password as admin/admin. In the JL organization the Windows 2000 server was operational previously but unfortunately the power supply has surge in power whose function is no longer there. Also everyday employees are receiving around 40 spam messages on an average. In the year July 2017, JL has to pay for the ransomware attack in two of its workstation. The company has no policies or any kind of rules that has been provided to the employees as a guide though which they can best utilize the resources and confirm to the conscious behaviours of cyber security. Employees are getting unauthorised access to the email accounts and computers system of other employees. They did not use cryptographic techniques to stored/email confidential data. Just a week back a USB flash drive is found by the employee in the car parking. The employee plugged it to the computer that they use. Later the employee notice that the system is working of its own.
Now the role over here is to develop some recommendations with which the JL can fulfil the current and the future requests of the client (Khurana et al., 2015). The behaviour of cyber security has become so reluctant and comfortable for the employees. Though some of the employees believe that the company does not need any cyber security operational model. Now, they have decided that the workplace culture could be improve by addressing the issue of cyber security.
The manager of JL’s would now address to the issue of cyber security through which the culture of the workplace would be improved (Luo & Liao, 2017). In this section, the manager has requested to address five critical issues of cyber security.
It is a malicious software which threaten the user and deny to access their own data (Kharraz et al., 2016). Victims are made to pay some amount to restore their data and access them. Thus, it become effective for the employees to keep their operating system up-to-date and patched to ensure and exploit the vulnerabilities. The most immediate approach to be made by the employee is to regain control over their infected machine (Pathak & Nanded, 2016). However, the malware could be remove by restoring the files only after paying the amount for the ransom ware to the attacker for the amount they have asked for.
The issues need to be address by guiding the employees not to install any software or give administrative privileges to unknown user without knowing exactly the purpose of the software and how it works. It is advice to the employees to install antivirus software that we provide to them. There are several products that we have such as Trend Micro, Kaspersky, MalwareBytes, BitDefender Antivirus and provide information about the software to the employees to use that antivirus software in order to detect the malicious programs. In windows 10 certain steps will help in removing the ransom ware. In windows 10 certain step are to be followed that will help in removing the ransom ware. The first step is to reboot the software of Windows 10 in the safe mode. The second step is to install the antimalware software. In the third step, the employee need to find the ransom ware program by scanning the system. In the final step, the employee need to restore the system that they booted in the previous state (Scaife et al., 2016). This would not decrypt the files. The transformation will be happening unreadability.
The Ransom were attack mostly cost $150 – $600 to release the file depending on the cyber – criminals who honor the payment made and gives the decryption key.
|
Chosen solution |
Alternative approach |
||
|
Trend Micro |
BitDefender |
Kaspersky |
Malwarebytes |
|
60% |
30% |
20% |
11% |
|
It provides a secure banking and shopping browser, file encryption, file scanning, ransomware protection. The most interesting about it is, it does without two-way firewall. |
It has built-in rescue disk that get reboot from the interface of the application. |
It does not offer any extra feature as other product. |
It only clean the malware but cannot protect the PC from infection. |
Table 1: Ransomware Solution
Figure 1: Ransomware Solution
Source: (Created by Author, MS Excel)
The reason for addressing the issue immediately is because the cyber criminals will continuously guess the victims user password and check it against the password having cryptographic hash (Azadi & Khoei, 2018). The cybercriminal could enter into the system to steal the data that are stored and cause mischief.
The more complex the password is the stronger the password. This could reduce the probability of successful attack. Thus, when the issue occur it could get quickly identify the cause and resolve it. When creating a strong password certain points need to be kept on mind. The first point is to avoid the use of information such as name or DOB of self or the family. The second point is use different and unusual symbols and the third point is to avoid the use of similar password in different application.
The user can even have a 2-steps Verification which Google provide. In it the user need more than a password while login into their account. The user will get a text which contain the one time password to verify that the user is only login to the password.
The user can purchase a computing equipment and run the password cracker as many time as the user need it. The cost require to run the equipment of password cracker for years then the cost would be calculated through Cg>= pi BA. Where Cg amortized the cost of per guesses, pi is the probability on the i’th guess and BA is the cracking password for the adversary.
|
Chosen solution |
Alternative approach |
||
|
2 Step Authentication |
Tough Password |
Consolidation |
Taking Back Up |
|
60% |
40% |
10% |
30% |
|
It require the user password and text that the user receive. |
Different account should have different password. |
The password though may be combination of number of things still hacker would be able to get access at some point |
The password back up can be taken and store in document. But it is also not much secure. |
Table 2: Prevent from Crack Password
Figure 2: Prevent from Crack Password
Source: (Created by Author, MS Excel)
Hacking is the biggest cyber threat for the company. The hacker would be able to hack the personal details like name and credit details and distribute them over the internet. Hacker has got knowledge and power to access the data of the victim and get the precious data and control over the whole system. Once the hacker target the JL Company it can get huge amount of information of the company with one single search from the company website. Through it the hacker could exploit the Company weaknesses by controlling their security.
The propose solution to this is keep updating the OS and related software (Iasiello, 2014). It will keep the hackers from accessing the computer with outdated programs. It will keep the Microsoft product update along with other software. The company system contain lot of sensitive data. The mind of the criminal has become much cleverer that through the actual URLs they can hack the entire system.
The cost for the hacker professional more as much as time it takes to hack (Kirda & Kruegel, 2015). The longer the time the more it cost. For simple DDoS the cost could be $100, for botnet rental it could cost in between $250 and $500.
|
Chosen solution |
Alternative approach |
||
|
Upload OS and other Software |
Download up to date Security |
Speaking of password |
Sensitive data move to cloud |
|
40% |
20% |
30% |
25% |
|
It protects from hacking new data. Hacker will get to know only the old data. |
Usually a non-IT user may sometime download software from unknown source |
Some people can make the same voice which can even help them to access easily |
Cloud data are secure but security is not assure fully |
Table 3: Prevention from hackers’ attack
Figure 3: Prevention from hackers’ attack
Source: (Created by Author, MS Excel)
Phishing is related to fake login page that are associated with unsuspected reader where the hacker could access there password easily. Hackers can then use them for their own purpose. Phishing is the greatest risks to the integrity of the system. The immediate action to be needed in this case is because most user who are the victims have limited experience to computer system. Phishing usually get attempt only after receiving an email.
The method that could be proposed for the phishing attack is by avoiding and not opening the emails and other source of communications that are uncertain for authenticity. This is the most preventive measure that could be used.
The Phishing scam of the organization overlook the potential cost by victimizing the phishing scams. The cost analysis for the phishing include the contain malware cost to be about $208,174, not contain malware cost to be about $338,098, contain credential compromises cost to be about $381,920, not contain credential compromises cost to be about $1,020,705 and the loss in productivity through phishing whose amount would be $ 1,819,923. In total, the extrapolated cost would be within the estimation of $3,768,820.
|
Chosen solution |
Alternative approach |
||
|
Identify the Phishing email |
Information check from incoming mail |
Enhancing Computer Security |
Enter sensitive data to secure websites |
|
35% |
25% |
25% |
15% |
|
Usually phishing email looks like My Bank [email protected] user can identify through it |
Can check but is not advisable to click to the attachment |
Using password would be a secure way to increase computer security. However, the problem here is it would again get hack |
Data needs to be enter only to website that has https not http. But normal usually mostly don’t see it. |
Table 5: Types of Phishing Prevention
Figure 4: Types of Phishing Prevention
Source: (Created by Author, MS Excel)
The JL has no proper rules or any kind of policy that could be followed. The employees need to immediately follow certain rules like avoiding third party software installation on the system of the company, vandalising the property or stealing from others (Pahnila, Siponen & Mahmood, 2015).
The solution that would be proposed for it is to appoint an officer for information security to avoid the access to the personal account of social media in the office, sending emails of sensitive data to home machine, connecting to unsecured networks with the devices of the company or keeping the password in a doc file (Soomro, Shah & Ahmed, 2016). The policy about the information security need to be kept updated.
The quality of cost models for the compliance would be equal to cost of conforming the requirements and the cost of Nonconformance of the requirement (Puhakainen & Siponen, 2014).
|
Chosen solution |
Alternative approach |
||
|
Appoint officer of Information Security |
Evaluation of existing information policy |
Security Awareness |
Consistent Monitoring and Improvement |
|
50% |
25% |
15% |
10% |
|
They develop and implement the policy and is design to protect the system, assets from unwanted threats. Among all the alternative This is more preferable. |
It needs to examine the principles and methods for the policy content, impact or implementation. |
Knowledge could be provided about the processes with regards to the assets. |
Checking through the change in the policy if needed as per the company requirement |
Table 5: Cyber Security Policy Compliance
Figure 5: Cyber Security Policy Compliance
Source: (Created by Author, MS Excel)
Conclusion
From the above report it could be concluded that the JL had to face the cyber security issue as it has no IT expertise or any literacy. It has plans though plan to expand the number of employees but without an IT expert it would be difficult for them to handle the technical issue that occur suddenly. Even boss’s who was handling the matters related to computer and network were not much experience enough. Thus, the report has address immediately regarding the issue, also proposed some solution to the issue. Even in the report alternative solution is provided with regard to the chosen solution. It has detail breakdown of the cost for each issue. Thus, all the details will help in improving the security issue of the JL Company.
Reference
Azadi, H., & Khoei, A. R. (2018). Numerical simulation of multiple crack growth in brittle materials with adaptive remeshing. International journal for numerical methods in engineering, 85(8), 1017-1048.
Cabaj, K., Gregorczyk, M., & Mazurczyk, W. (2018). Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Computers & Electrical Engineering, 66, 353-368.
Iasiello, E. (2014). Hacking back: Not the right solution. Parameters, 44(3), 105.
Jablon, D. P. (2016, April). Password authentication using multiple servers. In Cryptographers’ Track at the RSA Conference (pp. 344-360). Springer, Berlin, Heidelberg.
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W. K., & Kirda, E. (2016, August). UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In USENIX Security Symposium (pp. 757-772).
Khurana, H., Hadley, M., Lu, N., & Frincke, D. A. (2015). Smart-grid security issues. IEEE Security & Privacy, 8(1).
Kirda, E., & Kruegel, C. (2015, July). Protecting users against phishing attacks with antiphish. In Computer Software and Applications Conference, 2005. COMPSAC 2005. 29th Annual International (Vol. 1, pp. 517-524). IEEE.
Luo, X., & Liao, Q. (2017). Awareness education as the key to ransomware prevention. Information Systems Security, 16(4), 195-202.
Medvet, E., Kirda, E., & Kruegel, C. (2018, September). Visual-similarity-based phishing detection. In Proceedings of the 4th international conference on Security and privacy in communication netowrks (p. 22). ACM.
Mont, M. C., Pearson, S., & Bramhall, P. (2014, September). Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on (pp. 377-382). IEEE.
Pahnila, S., Siponen, M., & Mahmood, A. (2015, January). Employees’ behavior towards IS security policy compliance. In System sciences, 2007. HICSS 2007. 40Th annual hawaii international conference on (pp. 156b-156b). IEEE.
Pathak, P. B., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Puhakainen, P., & Siponen, M. (2014). Improving employees’ compliance through information systems security training: an action research study. Mis Quarterly, 757-778.
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.
Tari, F., Ozok, A., & Holden, S. H. (2017, July). A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proceedings of the second symposium on Usable privacy and security (pp. 56-66). ACM.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download