Incident Analysis and Response
Vulnerabilities
Azumer, as a non-governmental organization, is an organization that is meant to provide water assistance in terms of artificial or natural disasters that can lead to water shortage. The organization provides water to the affected families and regions. The organization has ten full-time employed workers and primarily relies on volunteers whose information is stored in a database for safety and confidentiality. However, the web system, emails, and the sharing of passwords have posed a threat to the organization’s security system. The volunteer’s database has been captured by the hackers and is ready to be exposed to discourage people from volunteering from assisting by providing their labor.
Azumer organization has been facing computer security vulnerability which creates a faulty which can be abused by threat actors such as hackers to cross privilege within the computer system. In this case of the Assumers organization, it has been facing various computer security vulnerabilities, which have led to hacking and accessing the volunteer’s database. First, the organization has network vulnerability, and this issue involves problems with the network hardware or software or both that expose it to possible infringement from external parties. The Azumer organization has had insecure Wi-Fi, which volunteers access without even passwords (Pfleeger & Pfleeger, 2012). Also, there is a network vulnerability since the websites are passwords are not changed and secured. The password has remained unchanged for a long time, which means they can be accessed by ex-workers and other external parties who have to know the passwords. Secondly, there is an operating system vulnerability. The hackers identify the weakness of the operating system that they may use to gain access to data where the OS is installed or cause damage. Azumer organization there is the vulnerability of the operating system since there exist threats that were sent through an email link, leading to the access of the information in the operating system.
Thirdly, the Assumers organization faces human vulnerabilities, which refers to the weakest link in many cyber security structures due to human impact. These are errors made by the users which easily expose delicate data, create exploitable access points for attackers, and disrupt the system operations. In this case, John made the mistake of opening the link of an email without much thinking of the consequence, which led to the attacks by the external parties who accessed the volunteer’s database. Also, Mary and Pruhart Tech use weak passwords and rarely change them, which is a human vulnerability. Failure to secure the website, email, and database could have resulted in human vulnerabilities leading to cyber-attacks (Ali & Awad, 2018). Finally, Azumer organization faces process vulnerabilities created by specific process controls like clicking links. When John clicked the email link, that process made the organization’s cyber security vulnerabilities. Also, sharing information during the training process makes the entire system vulnerable since the volunteers do not use a secure network, which can lead to hacking of their personal information.
Data compromise using NIST
Assumers organization has been compromised by not following the NIST framework on a standard security company. First, the organization is compromised based on confidentiality, limiting access to data. In the case of Azumer organization, despite the data being limited to John and other few workers, the standard for confidently for the company since information can be easily accessed by the volunteers and other people since the password is not changed (Woodage & Shumow, 2019). Also, information can be easily retrieved due to weak passwords installed to protect the confidentiality of the information. Secondly, there is an issue about availability; the information can be readily available by those who need it. In this case of Assumers organization, the data is not readily available to those who need it. For instance, the volunteers have limited access to the information and only training using open networks. Also, the functional aspect is seen when John cannot access the volunteer’s database in which he is supposed to be protecting and upgrading. This poses a security threat to the information and data that other unauthorized personnel can access.
Federal regulation broken by Azumer
Azumer organization had broken various regulations by the federal government to secure their system against cyber-attacks. First, Azumer organization broke the federal government regulation of securing their systems and uses all reasonable data security systems to secure data from a breach. Despite the Assumers organization getting services from Pruhart Tech’s of safeguarding the system, they fail to monitor the company to ensure it gives a safe and secure connection to protect data from landing into unauthorized persons (Srinivas et al., 2019). Secondly, the Assumers defy the federal regulation about safeguarding sensitive data about clients, members, or volunteers from landing in the wrong hands. In this case, the Azumer organization failed to secure the volunteer’s data that the hackers accessed. Finally, the company fails to educate its workers on the best data protection mechanism and employs secure procedures to protect data. This is against the federal regulation where the company should educate its employees, such as John, on secure systems and ways to avoid cyber-attacks.
Ways to mitigate immediately after the incident
After the incident occurred of phishing, various ways could have been used to mitigate the incident. First, there is a need to change passwords regularly since the hackers of the incident had already accessed the password for the system. This would hinder them from accessing information about the organization that could have been stored online and on their various databases (Toapanta et al., 2020). The account and the database were accessed without John knowing it happened. Thus, adding an extra layer of protection through password rotation can prevent more ongoing attacks and potential lockout attackers. Secondly, there would be a need to access free or payable phishing ass-ons, which would enable identifying the signs of the malicious website to alert about the phishing sites. This would help avoid such an occurrence. Thirdly, it would be significant to inform the other workers of the existing attacks to secure their systems and be more careful and even inform them how the attack looks like to avoid more attacks. Finally, there is a need to avoid sharing important information and clicking on the link again to prevent more information from landing in the wrong hands.
Benefits of the risk management plan
There are various benefits that Azumers organization would incur from having a risk management plan. First, the risk management plan helps to reduce downtime. For instance, after the phishing incident, if the company could have a risk management plan could help reduce time wastage from the incidence. The time that would be taken to retrieve or develop another volunteer’s database, the risk management could have provided the immediate solution after the incident. There will be backup in the cloud server if data is lost, saving time (Henrie, 2013). Secondly, the Azumer organization could have helped develop and maintain public trust. In this case, if Azumer organization had a risk management plan, they could have maintained the volunteer’s trust even after the occurrence of an emergency. Loss of data could have made the volunteers trust the organization since they could understand that the organization understands and has the risk management plan. Finally, the Assumers could have ensured that they comply with the federal regulation that needs them to protect their client’s sensitive data.
Risk Assessment and Management
Information assurance levels
There are various processes to increase the information assurance levels in a company through boosting confidentiality, availability, and integrity. Assumers organization significant challenges involves information link. Thus confidentiality should be installed by ensuring that the system is secure and password being restored and changed to ensure no unauthorized access to that sensitive information. This would ensure that the organization is within the federal regulation that states that it must protect sensitive information about its clients (Woodward et al., 2013). In this case, the volunteer’s information should be confidential by securing the system. Also, the organization should develop a management plan that would ensure information is available when needed. For instance, the information about the volunteer’s database would be available if they had the backup system. This would be in conjunction with federal regulation of having a security system and a backup plan in case of failure of the system.
The technical solution to curb cyber attacks
Various technical solutions can be used to prevent cyber-attack that Assumers organizations should adopt. First, Assumes organization should consider developing cyber-security policies. These policies should ensure that the system is secure and safe from external and internal threats. This would have prevented the Assumers from getting attacks from hackers who used the vulnerability to access the sensitive information. Through developing strong passwords that would protect the computer system Secondly. Azumer organizations should consider installing spam filters and anti-malware software (Asante & Feng, 2021). This software would enable the system to detect attacks and alert the users; others would block the users from accessing the information they intend to gain. Thirdly, the Assumers organization should also consider deploying next-generation firewalls to ensure network security inspect and filter incoming and outgoing network tariffs based on the organization’s security policies. Finally, the Assumers organization should consider installing the endpoint detection security, which would provide a secure connection by continuously monitoring the end-user devices to identify and respond to cyber threats that may threaten the security systems.
Organizational structure for IT and security management
Azumer organizations should develop an IT and security management to ensure that the data is safe and the system is secure. The organizations should develop a technical department responsible for keeping the system safe. They should appoint a tech department manager responsible for the security system and managing other workers in the technical department (Sennewald & Baillie, 2020). Also, they should have an enterprise architecture expert responsible for ensuring that the laid down security measures are in line with the organization. Moreover, the organization should have a system administrator who should maintain and upgrade and ensure reliable operation of the computer system. Finally, the organization should have IT experts working at various levels in the website, email, and database to ensure the computer system and data safety.
Risk management approach
The Assumers’ risk management approach would first involve backup systems that would ensure all the company’s data is backed up in case of an incident. As per this incident, which made vital information get lost through cyber-attacks, it would be significant to back data in cloud accounts that are secure system and retrieve it back in case of loss of the information whenever needed (Ramim & Levy, 2006). There is a likelihood of data loss through attacks or errors and thus the need to back up information. Also, the risk management there would be needed to have a security system to protect data and ensure the system’s safety. Having strong passwords and codes and installing a secure and robust system to protect data would be adequate to spot risks and threats before they attack the system. Cyber-attacks would most likely happen, and thus the need to have a secure system.
References
Ali, B., & Awad, A. I. (2018). Cyber and physical security vulnerability assessment for IoT-based smart homes. sensors, 18(3), 817.
Asante, A., & Feng, X. (2021, June). Content-based technical solution for cyberstalking detection. In 2021 3rd International Conference on Computer Communication and the Internet (ICCCI) (pp. 89-95). IEEE.
Henrie, M. (2013). Cyber security risk management in the SCADA critical infrastructure environment. Engineering Management Journal, 25(2), 38-45.
Pfleeger, C. P., & Pfleeger, S. L. (2012). Analyzing computer security: A threat/vulnerability/countermeasure approach. Prentice-Hall Professional.
Ramim, M., & Levy, Y. (2006). Securing e-learning systems: A case of insider cyber-attacks and novice IT management in a small university. Journal of Cases on Information Technology (JCIT), 8(4), 24-34.
Sennewald, C. A., & Baillie, C. (2020). Effective security management. Butterworth-Heinemann.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188.
Toapanta, S. M., Quimis, O. A. E., Gallegos, L. E. M., & Arellano, M. R. M. (2020). Analysis for the evaluation and security management of a database in a public organization to mitigate cyber-attacks. IEEE Access, 8, 169367-169384.
Woodage, J., & Shumow, D. (2019, May). An analysis of NIST SP 800-90A. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 151-180). Springer, Cham.
Woodward, B., Imboden, T., & Martin, N. L. (2013). An undergraduate information security program: More than a curriculum. Journal of Information Systems Education, 24(1), 63.
write