Threat Vectors For Cyber Security - 965 Words

Threat Vectors There are three main areas identified as threat vectors for cyber security in relation to CIP: IT networks, insider threats, and equipment and software. Normally, ICS operate on an internal network, called OT (Operational Technology). Occasionally, this isolated network requires a connection to the organization’s corporate network (IT) for routine operation and management. As displayed in the Ukraine blackout, cyber threats infiltrate an organization’s IT systems in order to access ICS networks on the OT network. The methods used to achieve access are often not complex procedures and â€Å"can be achieved using a wide array of methods, such as spear phishing, malicious URLs, drive-by attacks† (p. 1). Upon infiltration of an IT network, the threat searches for a lapse in the cyber security program in order to access the OT networks that regulate CI. The second threat vector, insider threat, entails IT networks and OT networks. This threat can arise from negligence or sabotage by members within the organization (intentional or accidental). The structure of an OT network is normally not as complex as an IT network and more susceptible to insider threats. As stated by Epstein (2016), â€Å"OT networks are usually flat with little or no segmentation, and SCADA systems have outdated software versions that go unpatched regularly† (p. 2). Thus, an unsuspecting employee that disregards protocol by disabling/weakening security settings or connects a private network to theShow MoreRelatedCyber Security Case Analysis961 Words   |  4 Pagespolicy and the perspective attach vectors, an impact assessment was completed and counter measures identified. The counter measures also addressed the areas of current weaknesses and emerging weaknesses in hopes to maintain a strong cyber security posture. For current technology vulnerability the outdated antivirus was used an example that pertains to all corporations to include Yahoo!, where malware can be introduced into the companies system. The attack vector for this vulnerability occurs throughRead MoreInformation Assurance Certification And Accreditation Process1987 Words   |  8 PagesCisco 2014 Midyear Security Report estimates there will be 50 Billion things on the Internet by 2020. Combine this with 91% increase in targeted attacks, 62% increase in data breaches, 552M identities compromised in 2013 reported by Symantec in their 2014 Internet Security Threat Report and visions of cyber security chaos begins to appear. The scope of this paper cannot cover cyber security threat to the entire Internet or such a broad topic as cyber security threat in general. The intent of thisRead MoreIntegration Of Threat Intel And Incident Response. In Today’S1100 Words   |  5 PagesIntegration of Threat Intel and Incident Respons e In today’s modern world of security threats, intelligence and the ability to respond to incidents are the keys to survival. As technology continues to change and advance, we also must change our security procedure and techniques. Dina Evans from LookingGlass has a good definition of threat intelligence, â€Å"We define threat intelligence as the combination of technical and contextual information regarding existing or emerging threats from all availableRead MoreCritical National Infrastructures And National Security1563 Words   |  7 PagesInfrastructures and National Security Week Seven Research Paper Russian and Chinese Advanced Persistent Threat Groups Utica College October 15, 2016 Introduction In this paper I will discuss a total of four Advanced Persistent Threat Groups (APT). I will discuss their motives, attack objectives, targets of the attacks, tactics, techniques, and procedures (TTP), and attack vectors. I will propose strategies that would deter and provide defense against the group or that type of threat. I will also discussRead MoreCyber Threat Intelligence Based On Cyber Threats1612 Words   |  7 PagesIntroduction Security Officers must obtain a consensus for which mitigating controls are key, which can be a trying negotiation between the CISO, Chief Technology Officer, Cyber Threat Intelligence (CTI), Infrastructure Engineering, Audit and Assurance teams, and the Investment and Audit committees. How do you harness your entire organization to focus on a common agreed-upon list of key security controls? By defining key controls based on cyber threats (translated into business risks), an organizationRead MoreA Brief Note On Terrorism And The European Charter Of Human Rights1073 Words   |  5 PagesIt’s noted that the greatest threat Europe faces isn’t cyberwarfare, cyber terrorism, or espionage, but rather software and hardware failure. (Information Management Journal, 2015). One of the key challenges to resolving infrastructure weakness is that each country approaches it differently. In recent years, cybersecurity was an intermediary international concern in Europe and privacy was the principal concern for Europeans. On the Internet, Europeans promote the â€Å"right to be forgotten† and theyRead MoreWhy Security Controls Is Important Than Which Controls You Put On A Compliance Checklist1624 Words   |  7 PagesIntroduction Where to put security controls and how to design them is more important than which controls you put on a compliance checklist. Identifying and prioritizing key security controls, however, is part art and part science. By defining key controls based on cyber risks (translated into business risks), an organization can more easily right-size the its control set and adapt it to their needs. Information Security risk assessment processes that are near real-time, gated by a change controlRead MoreSecurity Controls For Effective Cyber Defense1196 Words   |  5 PagesMitigating Actions Using the 20 Critical Security Controls†, was written from the view of an external security consultant â€Å"Philip G. Rynn†, and published by the SANS Institute, which is an educational organization that has the largest collection of research documents regarding information security. The paper correctly examined the United Airlines breach in May 2015 and offered near, mid and long-term actions that should be executed by the United Airlines’ senior security staff to alleviate the effects ofRead MoreCyber Case Study912 Words   |  4 Pagesfor cyber criminals these days. At the same time, greater conne ctivity provides more potential attack vectors. Below are some of the cyber threats that educational institutions come across. IT security threats can be classified into mainly 4 categories: Internal External Physical Social engineering and software driven Internal security threats Employees - In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Employees can be a threat in variousRead MoreA Report On The Cyber Security Triad1133 Words   |  5 Pagestargeted- and breached- by cyber attackers that are intent on economic theft and/or operational disruption. Just a few years ago, industrial control system (ICS) operators could never have imagined the malicious attacks cyber adversaries are executing DAILY. The New Reality is clear: technical sophistication of attacks can only be offset by a sound defense-in-depth approach. ICS systems thrive on availability more than confidentiality and integrity (the â€Å"Cyber Security Triad†) which enables the