Discuss about the European Union Agency for Network and Information Security for Security Infrastructure.
ENISA is a centre for the maintenance and implementation of security policies in the European Union and the associated organizations and agencies. It is referred to as European Union Agency for Network and Information Security and came up with the ENISA Technology Landscape (ETL) in 2014. The case study covers the current threats that exist and also lists the top threats for the year 2014 along with a comparison from the ones that were present in 2013. There were a number of measures that were taken to control the threats and ETL was designed with an aim to put a check on all the security loopholes. However, in spite of so many efforts and attempts, there were a number of occurrences. The case study covers the description of the top threats such as data breaches, insider threats, phishing, ransomware and many others. The case study also covers the threat agents that are involved in the execution of these threats and these agents are the cyber based agents such as cyber criminals, cyber terrorists and many others. Technology is something that is changing at a rapid rate and the emerging technology trends and landscape has also been covered in the case study. The areas to focus upon in order to improve the security have been concluded in the end (Enisa, 2016).
The diagram depicts the various security areas that must be present in the security infrastructure so that the overall security of the system and its associated components can be enhanced. There are a huge number of entities that are present under ENISA and the same are required to be safeguarded against all the security loopholes. These levels and the sub-parts to be covered in the security aspect of ENISA has been shown in the security infrastructure diagram below.
ENISA Security Infrastructure Diagram
The employees should be communicated about the policies and the list of do’s and don’ts as far as the security mechanisms are concerned so that there may be no instances of mistakes or inadequate due diligence. Also, there must be trainings and administrative checks that must take place in a frequent manner to keep the internal employees aware about the security parameters to be followed (Musthaler, 2016).
Physical security is something that is mostly overlooked and is not paid due attentions. However, physical controls must be applied such as display of identity cards, checking of the employee bags and likewise at all the entry and exit points (Cert, 2016).
There are a number of technical controls and checks that must be applied and installed to make sure that the insider threats are prevented. Technical and automated identity and access management with the use of multi layer authentication and similar measures should be applied. There should also be maintenance of the technical logs and records so that the activities can be scanned and monitored at a non-stop basis. Risk assessment, network monitoring, network scans and many other technical measures should also be adopted.
There are a number of threats that have been listed in the case study as the top threats that were encountered in the year 2014. Data breaches that took place make up the threat that is most significant since its impact, likelihood and the risk ranking as well (Ko & Dorantes, 2016). As per the data that has been recorded and analyzed in the case study, data breaches made up for the major portion of the threats that took place in 2014. Also, there were scenarios wherein the impact was extremely severe in nature. This threat has been judged and evaluated to be the most significant threat since it has the potential to hamper the confidentiality, availability and the privacy of the data. The information types that are associated with ENISA can be private or confidential such as there is a lot of healthcare information that the centre deals with. Any violation of the privacy of this category of data can be fatal for the organization and can result in some serious legal punishments. It is because of this reason that the threat has been evaluated to be the most significant out of all (Amato, 2016).
These threat agents have a huge impact on the security architecture as these are the prime entities involved in the execution of a threat. It is therefore necessary to control their impact and the same can be done by improving the security infrastructure. Employees as threat agents can be controlled by implementing the administrative, physical and technical controls as described earlier. The other threat agents can be controlled by making sure that the security loopholes do not exist and there is advanced security mechanism applied across all the entry and exit points.
Social hacking is a type of security assault that is executed by the social programmers as the operators of the dangers and incorporates the endeavor to change the social conduct of a client through various diverse means and methods. The present period is the time of social media and the nearness on this stage is right around an order for each and every person. The social programmers pick up favorable position through this wonder by performing dumpster making a plunge which the disposed of client profiles and information is gotten to recover imperative data and examples, for example, client name, contact data, email address and in like manner. Pretending is additionally a typical type of the social hacking issue that incorporates the pantomime of a specific client or association on a social stage to pick up data. Social hacking has come up a simple approach to break the web and system security as the nearness of the clients on the stage is enormous and it gets to be less demanding for the programmers to recover noteworthy data through various instruments. The effect of these social hacking issues can be moderate to amazingly extreme as these can possibly increase touchy and classified data through the medium. Such unapproved instrument of picking up the data can then be abused by the social programmers (Wood, 2016).
The table displays the comparison between the threats that occurred in the year 2013 and the threats that took place in the year 2014. The inclination and decline of the threats has also been displayed through the medium of the table. The threats that are seen to be more probable in 2014 and in the upcoming years are as listed below:
There are also attacks that have been seen and analyzed as less probable in the current era such as those associated with the botnets, spam, explore kits and scareware. There is a newer form of attacks which has been categorized as the insider attack and the probability that is associated with these threats is very high. It is because of the reason that there are lesser control and prevention measures that have been developed in order to put a check on them. The threat probability can therefore be defined as highly probable for the attacks that are on a rise as listed in the points above along with the insider threats. It would be lesser for the threats that are on a decline.
The ENISA Technology Landscape was designed and implemented to make sure that the occurrences of the security threats and incidents could be minimized. However, in spite of so many efforts and measures there were still many threats that were seen with low o very severe impact. It is therefore necessary to bring about certain sets of improvements in the ETL processes which are as listed below (Microsoft, 2016).
There are many of the top threats that have been listed for ENISA in the case study. The most challenging threats out of all are as listed below (Panetta, 2016).
ENISA must not be satisfied at all with its present scenario of IT security. The reasons behind this are many such as the technology and the structure of technology is something that is not at all constant. It is changing with every passing second and therefore it would be necessary for ENISA to keep up with the same. There are also a number of security threats and attacks that are introduced in the agencies and organizations that are monitored by ENISA in spite of a number of countermeasures that have been developed. It is necessary to keep up the effort and come up with stronger parameters and mechanisms so that the attackers do not success in security breaches of any kinds and the number of threats also get reduced by a good margin. The effort that is required towards the support, maintenance and updates regarding the security measures must never be put to rest and it is essential to involve an element of innovation and technical advancement with the same to not allow the attackers to succeed in their attempts (Aws, 2016).
References
Amato, N. (2016). The hidden costs of a data breach. Journal of Accountancy. Retrieved 22 September 2016, from https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html
Aws,. (2016). Overview of Security Processes. Retrieved 22 September 2016, from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
Casey, T., Koeberl, P., & Vishik, C. (2010). Threat agents. Proceedings Of The Sixth Annual Workshop On Cyber Security And Information Intelligence Research – CSIIRW ’10. https://dx.doi.org/10.1145/1852666.1852728
Cert,. (2016). Insider Threat Best Practices. Retrieved 22 September 2016, from https://www.cert.org/insider-threat/best-practices/
Enisa,. (2016). ENISA draws the Cyber Threat Landscape 2014: 15 top cyber threats, cyber threat agents, cyber-attack methods and threat trends for emerging technology areas — ENISA. Enisa.europa.eu. Retrieved 22 September 2016, from https://www.enisa.europa.eu/news/enisa-news/enisa-draws-the-cyber-threat-landscape-2014
Ko, M. & Dorantes, C. (2016). The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Retrieved 22 September 2016, from https://jitm.ubalt.edu/XVII-2/article2.pdf
Microsoft,. (2016). Microsoft Core Infrastructure Optimization: IT & Security Processes – Best Practices for Business IT. Microsoft.com. Retrieved 22 September 2016, from https://www.microsoft.com/india/infrastructure/capabilities/itprocesses.mspx
Musthaler, L. (2016). 13 best practices for preventing and detecting insider threats. Network World. Retrieved 22 September 2016, from https://www.networkworld.com/article/2280365/lan-wan/13-best-practices-for-preventing-and-detecting-insider-threats.html
Nichols, A. (2016). A Perspective on Threats in the Risk Analysis Process. Sans.org. Retrieved 22 September 2016, from https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63
Panetta, K. (2016). Gartner’s Top 10 Security Predictions 2016 – Smarter With Gartner. Smarter With Gartner. Retrieved 22 September 2016, from https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/
Wood, P. (2016). Social hacking: The easy way to breach network security. ComputerWeekly. Retrieved 22 September 2016, from https://www.computerweekly.com/tip/Social-hacking-The-easy-way-to-breach-network-security
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download