Some APTs may not be technologically advanced. Some of the APTs prey on the weakness of users, the weakest link. You are employed as a Cybersecurity Analyst at NCU-FSB, a financial organization that has invested in establishing a security program but is in the process of developing a risk-management strategy. This means that there is a critical need for implementing risk reduction strategies to prevent intrusions or attacks, like monitoring and response strategies, security awareness, training, and systems administration tools. In the second month of working for the organization, a user received a phishing email from a foreign country. After opening and reading the email, the user’s computer was compromised. Using ARP caching, the attacker was able to sniff password hashes and crack them, which escalated to spear phishing and whaling attacks (domino effect).
In this assignment, you will create a strategy in which you address the situation and provide a solution to the phishing attack. This strategy will consist of the steps to follow to respond, assess and mitigate a threat, assess tools to use, measures, and checkups to follow to certify perimeter protection. For this, you will modify the network diagram presented in the Week 1 scenario for NCU-FSB to implement countermeasures (hardware appliances) and recommend software solutions as part of best practices for security and risk mitigation.
Include in your analysis your recommendations on how to effectively measure risk during the assessment phase based on these questions:
Why is the threat factor a major determinant in the calculation of risk?
If you disagree with the formula Risk = Threat x Vulnerability, what formula is most appropriate? Define how your proposed formula might use threat factor to determine risk.
The paper to be submitted should include the outline or steps, the measures and tools to use, and the diagram and a checklist for follow up. This paper will be part of the Signature Assignment of this course—the corporate risk-management plan. In this week’s paper, you will discuss the main threats enterprises are facing these days, their impact, and a comprehensive analysis of how security must address these threats, attacks, and vulnerabilities.
Your recommendations should include:
Commercial tools to handle phishing attacks and similar intrusions attempts.
Preventive and detective controls and how to configure them.
Security awareness, training, and education.