Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW
HomeScience › Acme Bank Cyber Security Analysis

Acme Bank Cyber Security Analysis

Identify the TTPs (Tactics, Techniques, and Procedures) used by the attackers.

The attacker in the Acme Bak case was clever and used phishing as a tactic to attack the bank system. This was done by the attractive email they sent to lure an employee to click it, thinking it was a legitimate link. The attacker further used two techniques—watering hole attacks from the illegitimate website they used to deliver and initiate the attack. Also, a compromised email was another technique they used from the phishing email that was disguised as a regular employee email to trick them into clicking it. The attacker used the following detailed procedure to access the bank system:

Email phishing delivery

Deceptive Link clicked

Malware installation

Malware Execution

Malware replication in the network

Data exfiltration

Classify the security control types implemented by Acme Bank as either technical, operational, or managerial controls.

Acme Bank implemented all three control types as shown below;

Technical Controls

Advanced email filtering: Acme implemented this control to filter out malicious emails before they reach the employee’s queue.

Network detection system (NIDS); Acme Bank implemented this to detect unusual network activity within Theban systems and block further activity (IanIndexsy, 2023).

Security patches and updates: this was done by the bank to upgrade its security systems to ensure attackers do not have easy access to computer systems and resources.

Operational Controls

Asset inventory; the bank had to have a clear record of their assets to ensure security is implemented in all of them.

Access control was done by the bank to ensure employees and outsiders had different levels of access to the bank’s system and resources.

Training was done by the bank to ensure knowledge of threats, how to identify them, and their levels of impact.

Response plan: the bank created a clear incident response plan to ensure an attack is responded to faster to minimize risks.

Managerial Controls

Board oversight: Acme Bank improved its oversight of the bank’s board of management, which ensured better decisions were implemented that would improve the bank’s security.

Employing a new security team: Acme Bank employs a dedicated Chief Information Security Officer (CISO) who will oversee the overall security of the bank’s systems, ensure employee training, and hire an appropriate team to work under him.

Discuss the attack surface management that took place. Was it passive discovery or edge discovery surface management?

Edge security surface management was the type of attack surface management that took place in this scenario (Nolle, 2021). The email servers of Ace Bank were strategically positioned at the edge of the computer infrastructure to ensure seamless communication between internal and external systems to ensure focused security.

Describe the methods employed by Acme Bank to reduce the attack surface. Consider asset inventory, access control, patching and updating, network segmentation, removing unnecessary components, and employee training.

Asset Inventory: In order to comprehend and control its attack surface, Acme Bank kept an inventory of its assets.

Employee Training: Employees at Acme Bank received thorough training on how to identify and handle any security risks, such as phishing efforts.

Network Segmentation: Acme Bank separated its network into parts in order to lessen the effects of a possible hack and stop additional access, therefore lowering risks.

Patches and updates: this was done by the bank to upgrade its security systems to ensure attackers do not have easy access to computer systems and resources.

Access control was done by the bank to ensure employees and outsiders have different levels of access to the bank’s system and resources.

References

IanIndexsy. (2023, March 15). What is Network Intrusion Detection System (NIDS)? Sapphire. https://www.sapphire.net/cybersecurity/nids/

Nolle, T. (2021, November 8). Edge computing security risks and how to overcome them. IoT Agenda. https://www.techtarget.com/iotagenda/tip/Edge-computing-security-risks-and-how-to-overcome-them

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard

Related Essays

Past and Future Perspectives of CSCW

Introduction: Collaboration is an essential aspect of many ventures nowadays; hence innovative technology is required to support coordinated actions by teams or individuals. Computer-Supported Cooperative Work (CSCW) aims to create tech-enabled resources for better teamwork practices. This paper explores CSCW- its history, present & prospects- focusing on how well-established implementations have served collaborators thus far ... Read More
Pages: 6       Words: 1481

Emerging Disease and the Epidemiology Triangle

The COVID-19 pandemic, which resulted in millions of infections and hundreds of thousands of fatalities, profoundly affected humanity. The illness was correctly identified in Wuhan, China, in December 2019. It has since quickly spread throughout the populace, necessitating lockdowns, travel bans, and a wide range of significant public health measures (Ciotti et al., 2020) when ... Read More
Pages: 4       Words: 888

Annotated Bibliography on Technology in Nursing

Introduction Electronic health record (EHR) is a technological advancement in the medical field, bearing real-time and patient-centered records accessible to authorized personnel within the medical fraternity (The Office of the National Coordinator for Health Information Technology, 2019). I chose EHR technology due to its numerous contributions to improving health quality. For example, EHR has dramatically ... Read More
Pages: 6       Words: 1461

Lab Assignment: Assessing the Abdomen

It is essential to consider the likelihood of a condition, physical exam, imaging studies, and past medical history when assessing abdominal issues, including diarrhea, vomiting, or abdominal pain. In case of abdominal pain, it is crucial to identify the pain location. According to Ball et al. (2019), the patient should be supine when performing abdominal ... Read More
Pages: 4       Words: 1003

Leadership in Emergency Care

One area in healthcare I am interested in is emergency care. Emergency care is an essential part of healthcare that serves as the first point of contact and supports the development of timely emergency care. The key task in the emergency depart is the transformation of patients with indistinguishable emergent conditions into sufficient stable individuals ... Read More
Pages: 7       Words: 1915

Smallpox and Polio Epidemics

Health Strategies for Eradication of Small Pox and Polio at Population Level Center for Global Development (CGD) defines smallpox as a viral infection that is transmitted from one person to another through the air. The virus is dispersed by face-to-face contact with an infected person or when one touches contaminated clothing. An individual could stay ... Read More
Pages: 4       Words: 973
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics