Update SAR

User Generated

zzz2012

Writing

Description

There are 2 to 3 comments that need to be answered. It is not going to take 2 pages to do the work. Probably 1/2 page but no longer than a page. This is a small revision. But the comments are on different pages

Unformatted Attachment Preview

Running head: Security Assessment Report 1 Project 3: Security Assessment Report Abstract This is a summary of the security assessment made by the Information Assurance Management Officer regarding the security breach that occurred at the Office of Personnel management that Security Assessment Report 2 resulted from compromised credentials. Government and cooperate agencies are experiencing far more frequent cyber security attacks, than they were even a decade ago. These attacks result in the organization suffering severe negative impacts; for instance, data loss on personnel. The security threats and vulnerabilities should be assessed and remedied in order to prevent future attacks. This report will contain in-depth information about the purpose of this research, its scope, security assessment methodologies, data findings, recommendation, and conclusions. Most security breaches can be prevented in organizations. The case in point is the breach of the Office of Personnel Management (OPM) which was the largest government data breach in the United States history. OPM has since enacted preventative measures such as encryption. Security Assessment Report 3 Purpose The reason for routine security audits or network assessments is to necessitate quality security control measures against security breaches to organizational projects that could be available to hackers in the computer system. Assessing and monitoring the entire computer systems and the organization’s infrastructure, including its policies and processes, should regularly be conducted. It is particularly important to examine the system for vulnerabilities when a new system or additional infrastructures are added. The assessment must include making certain that the organization’s is for making certain that the organization’s Information Systems (IT) resources are compliant with the Federal Information Security Modernization Act (FISMA). Organization OPM is a medium sized government entity that has a goal of providing quality, confidential and uninterrupted services to the consumers. The functional organizational structure has leaders with divided roles, responsibilities, and powers to manage different sectors each sector being led by its manager. The structure of the organization is provided in Figure 1 below. CEO Marketing Sales Marketing, Sales, and Services Figure 1. Organization Structure Services Security Assessment Report 4 Enterprise Network Computer and data networking are the interconnections of different computers for the primary reason of sharing resources using dedicated data link connections between the nodes. Commonly used are: Wireless Fidelity (Wi-Fi), Ethernet, and Fiber-Optic Cables). Networking enhances communications and sharing among devices. Networking can serve two computers or an extensive number of computers, their applications, and their services. The networking can include the use of hardware devices such as printers, fax machines, and storage devices and the ability to access the Internet. There are several common types of computer networks. • Wireless Local Area Network (WLAN): WLAN is a local network supported by Wi-Fi technology • Local Area Network (LAN): LAN is a network that covers a short distance, for example, a networked school, home or office building. • Wide Area Network (WAN): WAN is a geographically widely distributed groups of LANs • Metropolitan Area Network (MAN): MAN is a network covering a larger area than LAN but smaller than WAN (Mitchel, 2018). Below is an example of a computer network which depicts one server connecting four PCs and one printer through the use of one modem and one network switch. Security Assessment Report 5 Figure 2. WAN Network https://oikos-international.org/penn/about-us/network/ Given this is a medium-sized government organization, I propose the use of both LAN and WAN networks for efficiency because one can supplement the other in case of difficulties or threats. The advantages and disadvantages of LAN and WAN are noted at the end of the document in Figures 3 and 4 below. ADVANTAGES DISADVANTAGES High speed Its strength is limited to a small area Easy to set up Low cost Figure 3. Advantages and Disadvantages of LAN (Freeman, 2015) Security Assessment Report 6 ADVANTAGES DISADVANTAGES It covers near an infinite geographical area It is expensive Can be used for large and more intricate Not easy to setup networks Figure 4. Advantages and disadvantages of WAN (Freeman, 2015) Computer networking aside from the many advantages, has a high risk of cybercrimes as it is easy for the hackers to gain unauthorized access of the organization's data by deploying a computer worm or viruses to attack the system or by directly hacking into the network and gaining access (Stallings, Brown, Bauer & Bhattacharjee, 2012). Worms and viruses can be be downloaded easily as the networking system’s software often comes from unsecured sources or through links that carry viruses. To prevent breaches, there are precautions such as encryption of data and personal passwords and access codes into the networking system. Encryption is a process of encoding a piece of information such that it is only accessible to authorized personnel (Stallings et al., 2012). Strong encryption and security policies ensure that LAN and WAN networks cyber threats are prevented. An example of a strong password encryption is one that makes it very hard for a hacker to ‘guess’. It would have least 8-10 characters inclusive of random capitalized letters, numbers randomly placed with the password, and symbols also randomly place such as mZj10$4@ym7& (Sebastian, 2013). Security Assessment Report 7 Other networking computing platforms that can be implemented and are available. Cloud computing which is the use of Internet-hosted remote servers over local server/computer systems in managing, accessing, processing and storing data, information, and programs (Dikaiakos, Katsaros, Mehra, Pallis, & Vakali, 2009). Distributed Computing has distributed systems located in different networks but achieves a common goal through passing information to each other. An example of a distributed system is a multiplayer online game (Dikaiakos et al., 2009). Centralized Computing involves using a central computer in all computing process as long as the computer peripherals are connected to the central computer which is in control either using terminal servers or physically. These computing platforms achieve the same goals of communications, coordination, and sharing of resources like other networks and should be included in the organization’s network system because of their unique features for the smoother running of programs (Dikaiakos et al., 2009). Enterprise Threats From the OIG report, there are several security deficiencies mentioned that contributed to the vulnerability of OPM networks leading to a breach. These threats can be described as internal threats and external threats. Internal threats refer to the security threats that occur from within the organization (Yeh & Chang, 2007). Research has shown that approximately 40% of the total security breaches are a result of internal threats (Yeh & Chang, 2007). There are various types of internal security threats including; weak authentication mechanisms, poor vulnerability assessment scanning tools, lack of a life cycle plan of management for information systems, no remedy actions on previous audits, non-compliance activities and inadequacy of OPMs assessment of the information systems plus a lack of trained personnel in accordance to the organization policy (Yeh & Chang, 2007). The OPM threat occurred as a result of internal Security Assessment Report 8 threats which was caused by poor authentication and expired security agreements between the party handling OPM information systems and OPM itself. All these securities have significant risks to the organization because in one way or another they depend on each other. OPMs inability to monitor and assess its system regularly is the greatest weakness as it results in security breaches which could be prevented. Lastly described here are the external threats. External threats originate from outside the organization. External threats include, worms, viruses, installing malware and ransomware and hacking into a networking system’s passwords and thus releasing valuable information to the hackers. When weak security policies and software are not kept current, such as the case with OPM, breaches occur (Freeman, 2015). Threat Intelligence Threat intelligence is knowledge based on knowing how to identify threats, remediate them, and prevent them from occurring again (Freeman, 2015). The evidence that can comprise the knowledge of a threat is found in the mechanisms and context of the system (Freeman, 2015). Solutions and decision-making on how to control and prevent future threats can occur in brainstorming sessions with key individuals who have been screened thoroughly and are of no internal threat or risk to the company (Freeman, 2015). Network Assessment and Scanning Network traffic refers to the amount of data going through a specific networking device at a given time (Chapell, 2010). For project 2, Security Assessments Reports for the operating systems Window and Linux, the team used MBSA and Open VAS as the assessment scanning tools for Windows OS and Linux respectively. There are other assessment tools for scanning Security Assessment Report 9 threats and vulnerabilities in the system such as Wireshark, Nikto, Retina CS Community, Aircrack, Nessus Professionals and Tripwire IP360 (Yeh & Chang, 2007). In this project, I will use Wireshark as the analyzing tool for the analysis of the network. Wireshark is widely used as an analyzing tool for network protocols. I choose Wireshark because just like Open VAS and MBSA, Wireshark is an open-sourced software known for its powerfulness abilities in analyzing LAN. It is fully integrated, has advanced alerts and triggers, has flexible and module solutions to threats and can work with multiple network packets analysis with different IP addresses or hosts (Chapell, 2010). Security Issues Using Wireshark as a network analyzer and assessment tool to detect existing threats and vulnerabilities in the OPM network and system environment, the following threats were identified (Stallings, Brown & Bauer, 2012) • Incidents of invalid authorizations • OPM’s inability to monitor, assess and manage its network system environment • Non-compliance and inadequacy of frequent assessment and analyzing of the system • Inaccurate inventory networks and system devices which lower the effectiveness of security control measures that are in place • Lack of an established Risk Executive Function of the OPMs systems • Lack of skilled and trained personnel to operate the OPMs systems per its policy • Weak or non-existence of enforced life cycle plan for all OPMs systems projects • No remediation actions for previous audits Security Assessment Report 10 The key system development personnel control the network access that is granted to the employees. The use of strong passwords is encouraged as it reduces the percentage of security breaches that are experienced by the company (Sebastian, 2013). A strong password often involves the use of different case characters with numerical figures as well (Sebastian, 2013) Strong passwords can be the first step in keeping the computer system secured from threats and breaches as they are often difficult to decode (Sebastian, 2013). Firewalls and Encryptions Firewalls in computer networking security are network security measures which control and monitor the outgoing and incoming network traffics (data networks) basing on the organization security details (Chapell, 2010). Firewalls protect the networking systems from untrusted networks by stopping a popup that could carry a virus or other security threat (Chapell, 2010). Also necessary to put into place is encryption which is the process of protecting data from unauthorized access by encoding the data in the particular message and is only accessible by protected decryption key known only to a high level trusted employee who is involved in the networking system’s security. Auditing computer networking systems contribute to the valuable management of firewall data (Sebastian, 2013) Relational Database Management System (RDMS) has a RDM server that hosts both the server and the client database systems (Stallings et al., 2012). RDM supports some programming languages like C and SQL which can be exploited for injection attacks but RDMS assists in guarding data ensuring the primary objectives of security assessments are attained. These objectives of data in the information system are confidentiality, integrity, and availability (Stallings, et al., 2012) Security Assessment Report 11 Organizational Network Threats identification and remediation Above I outlined several system threats that lead to massive data breaches. There is a difference between system threats and network threats as it shall be seen at the end of this topic. Below, is a list of network attacks and threats that put the organization at risk of data loss (Sebastian, 2013): • Denial of Service attacks (DOS). DOS is an attack purposed to lock the intended live ware out from accessing any component of the computer system and network. • IP address spoofing. Spoofing involves the creation of fake Internet Protocol IP addresses to impersonate other system identities concealing attackers’ details. • Session hijacking attacks. Session hijacking thefts use HTTP cookies. This threat is also called cookie hijacking. It is a good practice to delete cookies from computers regularly. • Packet sniffing/ analysis. This is a strategic attack on network packets where at Ethernet level the attacker acquires the data networks and use it in retrieving sensitive data after analyzing it. • Distributed denial of service attacks- occurs commonly in organizations using distributed computing platforms where they attack the online system services making it the services inaccessible. These threats can be remedied through enforcement and configurations of firewall log files systems and encryptions methods as explained above under Firewall and Encryption to protect the network from unauthorized access. The use of Wireshark analyzer in analyzing and troubleshooting the WANs and LANs network frequently at least quarterly per year is a good practice to adopt. Security Assessment Report 12 Recommendation Frequently, hackers assess and scan Internet connections and ports for vulnerabilities and unprotected computer networks systems that are easy to exploit. If an active firewall was in place, the OPM’s system would have been able to counter these threats by blocking the untrusted network traffic. My recommendation is the use of NMAP which is application software that allows the OPM system to self-scan itself on a scheduled basis and can respond to stop an attack by also continually testing the strength of the firewalls that are in place and can prevent future cyber insecurities and attacks. Security Assessment Report 13 References Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009). Cloud computing: Distributed internet computing for IT and scientific research. IEEE Internet computing, Final Audit Report. (2015) “Federal Information Security Modernization Act Audit.” Freeman, R. L. (2015). Telecommunication system engineering (Vol. 82). John Wiley & Sons. https://www.symantec.com/connect/articles/security-11-part-3-various-types-network-attacks Mitchel, B. 2018). Introduction to LANs, WANs, and Other Kinds of Area Networks. Retrieved from; https://www.lifewire.com/lans-wans-and-other-area-networks-817376. Sebastian, Z. (2013). Security 1:1 - Part 3 - Various types of network attacks. Retrieved from; Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice. pp. 978-0. Pearson Education: New Jersey. Yeh, Q. J., & Chang, A. J. T. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480-491.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hi, see attached for your review:
Attached.

Running head: Security Assessment Report

Project 3: Security Assessment Report

1

Security Assessment Report

2
Abstract

This is a summary of the security assessment made by the Information Assurance Management
Officer regarding the security breach that occurred at the Office of Personnel management that
resulted from compromised credentials. Government and cooperate agencies are experiencing far
more frequent cyber security attacks, than they were even a decade ago. These attacks result in
the organization suffering severe negative impacts; for instance, data loss on personnel. The
security threats and vulnerabilities should be assessed and remedied in order to prevent future
attacks. This report will contain in-depth information about the purpose of this research, its
scope, security assessment methodologies, data findings, recommendation, and conclusions.
Most security breaches can be prevented in organizations. The case in point is the breach of the
Office of Personnel Management (OPM) which was the largest government data breach in the
United States history. OPM has since enacted preventative measures such as encryption.

Security Assessment Report

3
Purpose

The reason for routine security audits or network assessments is to necessitate quality
security control measures against security breaches to organizational projects that could be
available to hackers in the computer system. Assessing and monitoring the entire computer
systems and the organization’s infrastructure, including its policies and processes, should
regularly be conducted. It is particularly important to examine the system for vulnerabilities
when a new system or additional infrastructures are added. The assessment must include making
certain that the organization’s is for making certain that the organization’s Information Systems
(IT) resources are compliant with the Federal Information Security Modernization Act (FISMA).
Organization
The functional organizational structure has leaders with divided roles, responsibilities, and
powers to manage different sectors each sector being led by its manager. The different sectors of
the organization are responsible for ensuring that the various security mechanisms are
implemented in the organization. The Information Assurance Management Officer is responsible
for conducting risk assessments and vulnerability assessments for easier identification of the
security risks. This will prevent the occurrence of security breaches such as the one that was
recently experienced in the organization. The information at the organization needs to be
safeguarded against hackers through the implementation of various security protocols.
There are various networks that need that may be used in the organization for easier
communication between the various offices. Some of the networks include Local Area Network,
Wide Area Network and Personal Area Network. The chosen network should be able to assist the
organization in achieving the organization’s mission, vision and goals.

Security Assessment Report

4
Enterprise Network

Computer and data networking are the interconnections of different computers for the
primary reason of sharing resources using dedicated data link connections between the nodes.
Commonly used are: Wireless Fidelity (Wi-Fi), Ethernet, and Fiber-Optic Cables). Networking
enhances commu...


Anonymous
Very useful material for studying!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags