Cyber Security Quiz

User Generated

lnffrezf

Writing

Description

Attached is a Cyber Security Quiz, I need you to Answer one question from part A, Four questions from part B and one question from part C ( for part C after you choose which question you want to do, you are going to have to read a short paper to be able to answer that question either the book report or the research paper, so I'm going to attach both of them).

The quiz shouldn't be less that 2000 words and no more than 2200words. A good quality answers should provide support using examples and citations ( citations should include author and page number in parentheses).

NO plagiarism PLEASE!

Unformatted Attachment Preview

Book Report: Cyberphobia BOOK REPORT: CYBERPHOBIA 2 Book Report: Cyberphobia Many people express a relaxed attitude when it comes to cybersecurity. However, the cyberspace is as dangerous an accident at crossroads or an aircraft crash. In response to the matter, Edward Lucas’s book Cyberphobia where he lays bare the cyber threats people face, terming space as an insecure zone and carefully proposing safety measures to users. The book brings out the notion that people are becoming rapidly dependent on computers than the ability to envision the possible threat they expose themselves to in the cyberspace. Criminals and other malicious people are capable of gaining unauthorized access to information that may be critical in destroying individuals, businesses or governments. Lucas makes it clear that cyber-security is not just a technical issue but also a concern that need a comprehensive strategy. The book addresses humans rather than machines by suggesting a behavioral modification of habits that compromise safety, freedom, health, and happiness while online. The primary objective depicted in the book is to resolve the cyber-security problem through sensitization and education of the end-user. This paper will report on Edward Luca's book Cyberphobia (Lucas, 2015) detailing the plot, context, effectiveness and the take on the context. In his book, Edward Lucas condemns the attitude towards cyber-security. People think and hope that passwords are adequate to protect their information however they are no obstacle to malicious internet hooligans as they have developed strategies to get past them maintaining anonymity. The intention behind the internet was design a system to make information sharing easier and faster; it has become an information superhighway and a providence of invisibility for those seeking it. As more people are dependent on the Internet and smartphone technologies, the aspect of anonymity translates to the capabilities of infringing privacy of others by malicious information predators. The number of victims associated with identities and personal information theft is increasing; criminals wipe out banks and max credit cards. Moreover, stolen information is even trading in black markets. Again, some daring criminals hack national systems compromising national security and economy at large. For this reasons, people should track and cover their activities online and focus on targeting cyber-criminals to decrease the traumatic experience. Lucas outlines his book with numerous examples and demonstrations of how easy it is to attack the internet. For instance, he states that free sites like Facebook and LinkedIn sell user data to advertisers who enable the hacker to infringe without working hard to obtain access. Lucas concedes that publishing campaigns like fake emails, links and download attachments that can install malware on the user's device that can un-code personal information. He is keen to use fictional characters like in the case of Chip and Pin Hakhett, a couple to illustrate how they took great precaution in real life but none on the internet such that a hacker tricks them easily which has the devastating aftermath. The characters not only serve as a real-life example to help the reader comprehend better but also break the boredom in the literature. On another instance, Lucas utilizes first-person interviews and other primary sources to support his information. For example, he cites Game Over Zeus components which claimed close to a million computers as well as more than $100 million in financial damages. However, the indictment against its administrator went unsealed despite the documents from the authorities pertaining direct clues to the scheme. Such narratives evoke a change in attitude by the reader when the extent of potential BOOK REPORT: CYBERPHOBIA 3 damage is unleashed. Moreover, by sourcing evidence to support his claims, Lucas readily convinces the reader on the reliability and accuracy of the information in the book. Again, such narratives draw the attention of the reader by cultivating interest while simultaneously impacting the intended knowledge. Furthermore, Cyberphobia is ideal for cyber novices as the author, Edward Lucas touches on the basics that people usually encounter, may ignore or are not aware (Chon, 2015). He slows down the pace of the reader by familiarizing botnets and service attacks step by step, Whether an IT wizard or technophobic. The book highlights simple procedure for self-protection, for instance the author indirectly shows the importance of installing "patches" to software with plug gaps. However, since an old computer may be slow, get frozen or give instructions to wait, the user gets impatient and ignores it all. Unknown to them, the unpatched software (out-of-date) creates a potential loophole for attackers. No matter how dull the process may be, it is inconsiderate to ignore it. Exploring such simple but easily dismissed situations makes the book efficient as the reader can relate to the scenarios and be enlightened to take the necessary action. On another note, in addition to exploring the dangers, the book recommends possible solutions to winning the information war. According to Lucas, anyone present on the cyberspace is vulnerable to malicious attacks. Therefore, he points out simple tools such as search engines and issuance of electronic IDs by the government for online banking to make it harder for unauthorized access. Edward Lucas is critical of the tech norms and ready to spread the geek feathers to ruffle the cynicism he terms as online openness and anonymity. He urges masses as well as the authorities to get real about tech security and embrace rigorous models such as infection control and aviation to restore freedom in the cyberspace. He also recommends national strategies for tracking the transgressors to keep them in check and user consciousness while interacting with the Internet. While the book is quite impressive, it is a little bit too long with 264 pages, which may make it tasking for a genuine reader to obtain the needed information. Secondly, Lucas applies a rather complex technical language, which may be incomprehensible to a layperson. Cyberphobia follows suit as many technological kinds of literature, while specialists may find many technology books exciting and a handy handbook, a technophobic person may find it hard to follow the context demanding difficult burden for interpretation consistently. Nevertheless, there are several real-life examples and illustrations that even the layman may relate to or introduce them to the cyber-security issue. More so, the book encompasses on a variety of problems that develop new topics of discussions and a broad range of information. It covers foreign spying, identity, ransom-ware, vulnerabilities, and politics. The blend of the subjects creates a broad framework of information useful for a comprehensive knowledge and capable of furthering future research on Cyberphobia. In conclusion, Edward Lucas illuminates the distressful problems glaring our security in every passing second both at an individual and national level. He unleashes the uncomfortable truth in his context in a spiteful tone of the norms people continue to embrace that jeopardize cyber-security. The book outlines numerous case studies depicting the complacency, diagnosing previous evidence on damages caused and possible future outcomes if nothing is done. Also, the BOOK REPORT: CYBERPHOBIA 4 literature creates urgency on the matter by comparing cyber-security issues fatality to automotive tragedies in the transport systems. It recommends that just like strong regulations are there to govern road safety and protect road users, so should controls be instituted to protect the user in the cyberspace. Furthermore, he strongly supports online behavior change to initiate the entire process. On the other hand, the book's downside; that it is lengthy and incomprehensible by laypersons is overshadowed by the educational aspect. Evidently, Lucas is compelling since complacency and carelessness on the Internet purport for digital foes. Lastly, the context is relevant as it puts forth a necessary alarm in today’s society and prescribes bold resolutions to the concerns. BOOK REPORT: CYBERPHOBIA 5 References Lucas, E. (2015). Cyberphobia: identity, trust, security and the Internet. Bloomsbury Publishing. Cyber Security Research Paper Abstract More than 40 million credit cards were stolen from about 2000 Target stores by getting to data on purpose of offer (POS) frameworks. This paper will investigate issues causes in the Target breach and consider the critical controls that could have been utilized to both keep this breach and alleviate misfortunes. There were various variables that prompted data breach: sellers were liable to phishing assaults, system isolation was deficient with regards to, purpose of offer frameworks were helpless against memory scratching malware and recognition methodologies utilized by Target fizzled. A conceivable answer for forestalling and moderating comparative breaches utilizing a protection as a part of profundity model will be introduced utilizing a multilayered security procedure. Introduction Between 27 November and 15 December 2013, Target was the subject of a data hack at its stores in the US. Upwards of 40 million clients saw their credit and check cards get to be liable to potential extortion after malware was acquainted with the POS framework in right around 1,800 stores. On 19 December, the organization openly recognized the breach for the first run through, one day after the story was uncovered by media. Target said the breach was being examined and those clients' names and installment card subtle elements, including card expiry dates and encoded security codes, had all been gotten. The following day, the retailer uncovered that early reports of credit card extortion emerging from the breach were few and far between as it tried to create some great PR by offering clients 10% off pre-Christmas in-store buys. After the celebrations had gone, on 27 December, the organization uncovered that scrambled PINs had additionally been gotten to in the breach, however it stated that the real PINs stayed secure. (Baldwin, H. 2014) Criminals could offer data from these cards by means of online bootleg market gatherings known as "card shops." These sites list card data including the card sort, termination date, track data (account data put away on a card's attractive stripe), and issuing bank. The banks regularly have not had adequate time to recognize and drop bargained cards. Those acquiring the data can then make and utilize fake cards with the track data and PIN numbers stolen from credit and platinum card attractive stripes. Fraudsters regularly utilize these cards to buy high-dollar things, and if PIN numbers are accessible, the criminals can separate a casualty's cash from ATMs. Taking into account a perusing of underground discussions, hackers might endeavor to unscramble the stolen Target PIN numbers. On January 10, 2014, Target uncovered that non-money related individual data, including names, addresses, telephone numbers, and email addresses, for up to 70 million clients was likewise stolen amid the data breach. (Clark, M. 2014) Detail of Attack On January 12, Target CEO Gregg Steinhafel affirmed that malware introduced on purpose of offer (POS) terminals at U.S based Target stores empowered the burglary of money related data from 40 million credit and check cards. The malware that used a supposed RAM scratching assault, which took into account the gathering of decoded, plaintext data as it went through the contaminated POS machine's memory before exchange to the organization's installment preparing supplier. As indicated by reports by Brian Krebs, a customized form of the Black POS malware – accessible on bootleg market digital wrongdoing discussions for in the middle of $1,800 and $2,300 – was introduced on Target's POS machines. This malware has been depicted by McAfee Director of Threat Intelligence Operations as "completely unsophisticated and uninteresting." (Clark, M. 2014). Target breach is an example that illustrates how the remote hacking uses the third parties information to find a port to enter the Target system. Rapid changing in IT models make the security systems ineffectual and unprofitable, such as cloud data, networking, variety of credit cards provider and mobile sale points. (Pham, T. 2014) This appraisal is interestingly with the announcement of Lawrence Zelvin, director of the department of Homeland Security's National Cybersecurity and Communications Integration Center, who portrays the malware utilized as a part of the assault as staggeringly complex. Throughout the following weeks attackers could gather more than 11 GB of stolen data using a Russia-based server. Investigation of the malware by Dell Secure Works found that the aggressors exfiltrated data between 10:00 a.m. also, 6:00 p.m. Focal Standard Time, probably to darken their work amid Target's busier shopping hours. Different sources portray an assortment of outer data drop areas, incorporating traded off servers in Miami and Brazil. The 70 million records of non-money related data were incorporated into this robbery, yet open reports don't clarify how the assailants got to this different data set. Risk management assessment and security needs relied on the causes of damage to an organization and legal standard compliance in information security sector (Radichel, T. 2014) Data breach cost Target uncovered that it has booked $162 million in costs crosswise over 2013 and 2014 identified with its data breach, in which hackers broke into the organization's system to get to credit card data and other client data, influencing somewhere in the range of 70 million clients. The figure, uncovered in the organization's Q4 profit distributed, incorporates $4 million in Q4, and $191 million in gross costs for 2014, and in addition $61 million gross for 2013. Target says that the gross number was balanced to a limited extent by protection receivables of $46 million for 2014 and $44 million for 2013. Banks discounted most subsidizes stolen from credit and platinum cards, yet fraud was at a record-breaking high in the principal portion of 2014 because of substantial data breaches including Target. More than 140 claims have been documented against Target. Banks sued Target's PCI consistence inspector, Trustwave. Target is managing examinations including the Department of Justice, the FTC and SEC (Michaels, 2014). Singular state laws might bring about fines and lawful procedures far beyond PCI consistence fines. States are passing significantly stricter laws as an aftereffect of late breaches. Benefits dropped 46% in the final quarter of 2013 amid the basic Christmas season. General Target posted incomes of $21.8 billion, beating examiner gauges, and balanced profit per offer of $1.50, beating its direction. The organization likewise recorded a pre-charge loss of $5.1 billion identified with the organization hauling out of working in Canada. In pre-market exchanging, the organization's shares were up somewhat more than 1% to $77.85 per offer. (Krebs, B.2013). Security Strategy to prevent attack Target's security breach wasn't precisely the most virtuoso hacking ever, and could have been anticipated. Various levels of carelessness happened, and uncovered one in three Americans to fraud. Endless supply of what truly turned out badly, the FireEye security framework they utilize demonstrated that the notices had been there from the start, which means the security group in Bangalore missed them, or disregarded them. When they at long last let group in Minneapolis think about the breach, the notices went unnoticed. So as to keep a comparative event, Target's CEO Gregg Steinhafel claims they are amidst a noteworthy examination and "have effectively made huge strides, including starting the upgrade of our data security structure and the quickening of our move to chip-empowered cards. For organizations that have data resources, such as client data, licensed innovation, competitive advantages, and restrictive corporate data, the danger of a data breach is currently higher than any time in recent memory. To screen and shield data from hackers, malignant and good natured insiders, associations ought to choose arrangements taking into account an operational model for security that is danger based and substance mindful. Here are some stages that any association can take; utilizing demonstrated answers for altogether diminish the danger of a data breach. (Mellow, Jr. 2014) •Stop invasion by targeted assaults the main four method for hacker attack into an organization's system are through abusing framework vulnerabilities, default watchword infringement, SQL infusions, and targeted malware assaults. To avoid attacks, it is important to close down each of these parkways into the association's data resources. •Identify dangers by associating constant cautions with worldwide knowledge To recognize and react to the risk of a targeted assault, security data and occasion administration frameworks can hail suspicious system action for examination. The estimation of such continuous cautions is much more prominent when the data they give can be connected progressively with ebb and flow exploration and examination of the overall danger environment. (Keith and Jason 2014) •Proactively secure data in today's associated world, it is no sufficiently more to protect the edge. Presently you should precisely distinguish and proactively secure your most delicate data wherever it is put away, sent, or utilized. By upholding brought together data insurance strategies crosswise over servers, systems, and endpoints all through the venture, you can logically decrease the danger of a data breach. •Automate security through IT consistence controls To keep a data breach brought about by a hacker or a good natured or pernicious insider, associations must begin by creating and implementing IT arrangements over their systems and data insurance frameworks. •Prevent data exfiltration In the occasion a hacker invasion is fruitful, it is still conceivable to keep a data breach by utilizing system programming to identify and hinder the exfiltration of secret data. Goodnatured insider breaches that are brought on by broken business procedures can in like manner be distinguished and halted. Data misfortune counteractive action and security occasion administration arrangements can join to avoid data breaches amid the outbound transmission stage. •Integrate counteractive action and reaction systems into security operations so as to avert data breaches, it is key to have a breach anticipation and reaction arrange for that is incorporated into the everyday operations of the security group. Conclusion Target put intensely in security spending, and sadly hackers were still ready to discover a route through their protections. This breach makes it clear that PCI consistence, lawful and industry commands don't give satisfactory security to data because of confinements in extension and a continually changing risk scene. Progressed persistent threats are going to search out and abuse the weakest connection in any framework, system or procedure. They will utilize unpredictable and protracted assaults to mine data from organizations any way they can. They are continually updating their technique and looking for gaps in the defensive layer of business security usage. The enemy can adjust speedier than the regulations can be placed set up. Security must be drawn closer all the more deliberately as an approach to ensure basic resources, business notoriety and gainfulness. The security system for a business ought to consider the particular needs of that specific business. A substitute result for the Target situation was given Critical Controls set up. Steps taken by the assailants could have been halted at various focuses amid the assault. Isolating the POS frameworks, end-to-end encryption, stock of frameworks and detailed logging would have kept hoodlums far from credit card data. Appropriate encryption would have kept card data from being perused in memory. Sufficient, well trained staff with time to fittingly break down logs would have revealed the malware and system movement to moderate misfortunes had the breach still happened. References Pham, T. (Nov & Dec 2014). A Modern Guide to Retail Data Risks. Retrieved from http://www.ciosummits.com/Online_Assets_Duo_Security_Modern_Retail_Security_Risks.pdf Cornell, B. (2014). Target 2014 Annual Report. Retrieved from https://corporate.target.com/_media/TargetCorp/annualreports/2014/pdf/Target-2014-AnnualReport.pdf?ext=.pdf Baldwin, H. (Mar, 2014). The other shoe drops for Target's CIO. Retrieved from http://www.forbes.com/sites/howardbaldwin/2014/03/11/the-other-shoe-drops-for-targetscio/#536026e60ca0 Aorato Labs. (Aug, 2014). The Untold Story of the Target Attack Step by Step. Retrieved from https://aroundcyber.files.wordpress.com/2014/09/aorato-target-report.pdf Clark, M. (May, 2014). Timeline of Target's data breach and aftermath: How cybertheft snowballed for the giant retailer. Retrieved from http://www.ibtimes.com/timeline-targets-data-breachaftermath-how-cybertheft-snowballed-giant-retailer-1580056 Horton, T. & McMillon, R. (2011). Security technologies: Encryption and tokenization. http://files.firstdata.com/downloads/thoughtleadership/primer-on-payment-security-technologies.pdf Mellow, Jr., John. P. (Mar, 2014). Target breach lesson: PCI compliance isn't enough. Retrieved from http://www.technewsworld.com/story/80160.html Experis ManPower Group (2014). Security Breach: Is Any One Safe? Retrieved from http://experis.us/WebsiteFilePile/Whitepapers/Experis/experis_security_breaches_white_paper_may_2014.pdf
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

SURNAME: 1
Name
Course
Tutor
Date
Cyber Security Quiz
Part A
Question 1
Traditional warfare can also be referred to as conventional warfare. The best way to define
traditional warfare is that type of warfare that goes on to apply conventional means, that is,
having the parties involved use tactics that include weapons as well as weapons in the target
against another state or country. This application method takes into account open confrontation
between parties. Either party's military is the target of the confrontation and involves parties that
are well trained, well defined and uniform. This type of warfare calls for confrontation in a
battlefield of sorts so that the parties are facing each other and confronting each other in a bid to
solve a dispute where the one who can put the other down is the winner. Cyber warfare, on the
other hand, can be defined as the form of warfare which applies advanced weaponry in
confronting the other party (Tsagourias, Nicholas, and Buchan, 412). Cyber warfare includes the
use of hacking techniques to get through to the other party's information so that the subject party
can use this information against it. The hacking helps the team in conduct sabotage and spying
work so that they may be able to access the information that will be used in impacting negatively
on the other party. Such warfare is usually applied in political matters where some politicians or

SURNAME: 2

other parties want to gain an upper-hand over the other. It is an attack considered to be massive
such that a successful attack will call for efficient synchronization of a digital nature. It can be
conducted by certain citizens or even the government against another or even against other
citizens (Tsagourias, Nicholas, and Buchan, 487).
Cyber warfare and traditional warfare both have similarities and differences. In terms of
similarities, it is important to note that both have parties that are trying to attack each other and,
therefore, each party holds a grudge against the other. The two parties share bad blood which
means that the only way they know how to settle disputes is through getting into arms with each
other so that the one who manages to put down the other is considered or emerges the winner.
The beginning of the warfare in both cases is a dispute, which can either be minor or major based
on how seriously they consider the matter and the type of grudge they end up harbouring against
the other party. Another similarity stems from the fact that either party does not forgive the other
for the dispute at hand. The parties do not consider dispute resolution methods in dealing with
the issue or issues at hand. Other than this, another similarity is that both cases apply weaponry
of some s...


Anonymous
I was having a hard time with this subject, and this was a great help.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags