Benchmark_Security Driven Solutions
.docx
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
425
Subject
English
Date
Feb 20, 2024
Type
docx
Pages
9
Uploaded by bryangallardowork on coursehero.com
1
Benchmark - Security Driven Solutions
Freddie Armer, Michael Lee, Jon Spaulding, Bryan Gallardo, and Nathan Balos
College of Engineering and Technology: Grand Canyon University
ITT-425: Analysis, Design, and Management of Secure Corporate Networks
Professor Joshi
January 28, 2024
2
Table of Contents
NIST Cybersecurity Framework Scoring
..............................................................................................
3
1. Security Survey: Information Systems Resources and Vulnerabilities (Understanding Patches and Software Updates, 2023; ATM Security, n.d.)
................................................................................
3
2. Possible Threats to Information Systems Resources (Wingard, n.d.; What Is an Advanced Persistent Threat (APT), n.d.; Insider Threat, n.d.)
...............................................................................
4
3. Gap Analysis
....................................................................................................................................
4
4. Mitigation Strategies (Data Loss Prevention (DLP), n.d.; What is an intrusion detection system (IDS), n.d.; What is a next-generation firewall, n.d.)
............................................................................
4
5. SOC Evaluation and Mitigation of Internal Threats (What is SIEM, n.d.)
........................................
5
6. U.S. Laws Motivating Cyber Operations (Brook, 2023; Lutkevich, 2020; Sheldon, 2023; Federal Information Security Management Act (FISMA), n.d.)
.........................................................................
5
7. Use of Crypto in the Bank's Security Infrastructure (What Is Cryptography, n.d.; Advantages and Disadvantages of Cryptography, n.d.)
..................................................................................................
5
7. Phases of a Well-Organized Cyber Operation (Cyber Kill Chain, n.d.)
............................................
7
8. Alternate Cyber Environments (
What is SCADA, n.d.)
....................................................................
7
References
...................................................................................................................................................
8
3
NIST Cybersecurity Framework Scoring
Asset Mgmt
Bus. Environment
Governance
Risk Assessment
Risk Mgmt. Strategy
Supply Chain RM
Protect
Identity Mgt
Awareness and Training
Data Security
Info Protection
Maintence
Protective Tech
Detect
Anomalies and Events
Continuous Monitoring
Detection Processes
Respond
Response Planning
Communications
Analysis
Mitigation
Improvements
Recover
Recovery Planning
Improvements
Communications
Identify
0
5
Cyber Security Framework
Summary chart summarizing "As Is" and "To Be" security posture based on the NIST Cybersecurity Framework
1. Security Survey: Information Systems Resources and Vulnerabilities (Understanding Patches and Software Updates, 2023; ATM Security, n.d.)
Customer Database (Resource) - Authentication Weakness (Vulnerability)
Online Banking Platform - Network Intrusion (Vulnerability)
Mobile Banking App - Data Leakage (Vulnerability)
ATM Network - Skimming and Physical Security (Vulnerability)
Payment Processing System - Malware and Fraud (Vulnerability)
Internal Communication Systems - Eavesdropping/Interception (Vulnerability)
Employee Workstations - Phishing and Malware Attacks (Vulnerability)
Corporate Website - DDoS Attacks and Defacement (Vulnerability)
Banking Software - Unpatched Software (Vulnerability)
IT Infrastructure - Insufficient Network Segmentation (Vulnerability)
4
2. Possible Threats to Information Systems Resources (Wingard, n.d.; What Is an Advanced Persistent Threat (APT), n.d.; Insider Threat, n.d.; Recovery procedure for a system failure, 2023
).
Cybercriminals conduct phishing, malware, or ransomware attacks.
Insider threats from disgruntled employees.
Fraudulent activities from external entities.
Advanced Persistent Threats (APTs) targeting financial data.
Technical failures lead to data loss or corruption.
1.
Cybercriminals conduct phishing, malware, or ransomware attacks.
Employee Workstations - Phishing and Malware Attacks (Vulnerability)
Payment Processing System - Malware and Fraud (Vulnerability)
IT Infrastructure - Insufficient Network Segmentation (Vulnerability, as a poorly segmented network can facilitate the spread of malware or ransomware)
2.
Insider threats from disgruntled employees.
Internal Communication Systems - Eavesdropping/Interception (Vulnerability, as disgruntled employees might intercept or misuse internal communications)
Customer Database - Authentication Weakness (Vulnerability, as disgruntled employees might exploit weak authentication to access sensitive data)
3.
Fraudulent activities from external entities.
Payment Processing System - Malware and Fraud (Vulnerability)
Online Banking Platform - Network Intrusion (Vulnerability, as external entities may attempt to intrude into the network for fraudulent purposes)
Corporate Website - DDoS Attacks and Defacement (Vulnerability, if the fraudulent activities include website attacks)
4.
Advanced Persistent Threats (APTs) targeting financial data.
Customer Database - Authentication Weakness (Vulnerability, as APTs often target databases)
Online Banking Platform - Network Intrusion (Vulnerability, especially if financial data is accessed through this platform)
Banking Software - Unpatched Software (Vulnerability, since APTs often exploit vulnerabilities in unpatched software)
5.
Technical failures lead to data loss or corruption.
IT Infrastructure - Insufficient Network Segmentation (Vulnerability, as network issues can lead to data loss or corruption)
Mobile Banking App - Data Leakage (Vulnerability, if the technical failure affects the security of the app)
Banking Software - Unpatched Software (Vulnerability, as technical failures could be due to software issues)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help