Saturday, December 7, 2019

European Union Agency Network and Information Security

Question: Discuss about the European Union Agency for Network and Information Security. Answer: The case study is developed for European Union Agency for Network and Information Security which is commonly referred to as ENISA and is a centre that looks after the security across the entire EU and associated entities. The case study is spread over seven chapters in which the first two chapters talk about the basic aim and purpose of the case study such as the threat information that as associated with ENISA and the requirements of a threat landscape. The third chapter lists the top threats that took place in the year 2014 and resulted in the violation of security. There are a number of agents that become the medium or the carriers of attacks and the same have been covered in the fourth chapter of the case study. There are a number of attack workflows and attack patterns that are seen and these form the attack vectors that are discussed in chapter five followed by the discussion of emerging technologies in the sixth chapter. The last chapter described the various elements that are acquired through the case study in the form of the lessons and also includes an overall conclusion of the case study along with the areas of improvements (Enisa, 2016). Security Infrastructure Depicted through Diagram ENISA Security Infrastructure Diagram ENISA is not an organization or a firm that is confined to a particular location or an area. However, it is spread over a huge number of entities and has a number of components present under it. The security infrastructure associated with ENISA is therefore spread across many levels and covers the security aspects at each level through the mechanisms of security that must be applied over the same. There are applications and components along with the services that are associated in the security infrastructure of ENISA and the involvement of the Government and regulatory policies cannot be ignored either. All of these entities together form the security infrastructure that has been shown above. Insider Threats Steps to Mitigate Insider threats are common to the threats that have been listed in regards to ENISA and the components that are associated with it. The following strategies can be executed and applied to control these threats. There are a number of technical controls and measures that must be applied as per the change in the technology. There must be a team that must be deployed for assessing the human behavior and the deviations found if any. This study can give a lot of detail regarding the employee and his or her intent. Not all the insider threats are deliberate in nature and there are many that are accidental and are caused due to an error or inappropriate knowledge about a particular tool or activity. The employees should be involved in the trainings to make them aware about the security aspects and the severity of their actions in case of a fault (Musthaler, 2016). Audits must be carried out from time to time to keep a check on the user behavior. The privileges and the accesses that are provided to the employee must be dissolved immediately when the services of the employee are terminated (Cert, 2016). Web Based Attacks Most Significant The most significant attack that has been evaluated out of the listed top threats in the case study is the web based attack and occurrences. These attacks are significant as their probability and likelihood is the maximum. Web is something that is being used by a majority of the users for home and business purposes. There is endless number of web based applications that the users use for their personal and professional tasks (Ko Dorantes, 2016). Due to such marked presence over the web, there are a number of entry points that are created for the attackers and they can utilize the same for introducing their attack. Injection attacks, confidentiality attacks, network attacks, integrity attacks and availability attacks are some of the web based attacks that are a common occurrence in case of ENISA (Amato, 2016). Also, the threat agents in case of the web based attacks are also numerous and therefore it becomes troublesome to put a check on each and every entity. The ease of occurrence and the difficulty to prevent and control the attacks are the two primary reasons that make the web based attacks as the most significant attack out of all the ones that are listed. Agents of Threat and the Controlling their Impact The first kind of the threat agents are the cyber criminals who are human and non-human entities that are the carriers of the threat and have a malicious intent involved with their activity. Social engineering attacks and social hacking issues are very significant and are caused by the social hackers as the threat agents behind the same. There are many threats that have a motive that is political in nature and these are caused by the Hacktivists as the threat agents. Cyber intelligence and capabilities exist with many of the Nation States that also act as one of the primary threat agents. The workforce that is involved with the organization can also be a threat agent and may give rise to all the insider threats that take place (Casey, Koeberl, Vishik, 2010). A number of controls can be applied in terms of the security to put a check on and reduce the impact of the threat agents that have been described above. These include the involvement of the administrative staff so that the administrative controls can be applied. Physical security and physical controls must also be applied so that the impact of the threat agents can be reduced. Many of the advanced and automated tools can also be utilized so that the impact of the threat agents can be nullified. Issue of Social Hacking Social media and the presence of the users on numerous social media platforms is a common phenomenon in the present era. The same gives rise to the social hacking issues that have emerged as a serious cause of concern in the world of security and privacy. Social hackers make use of the details of the users that are present on the social platforms and utilize them to draw out some patters or meaningful information. There are some users that intentionally or unintentionally do not put the privacy controls on their information and thus private information is easily retrieved by the social hackers. The same results in the social engineering attacks and a number of integrity and confidentiality attacks by making use of the data and information that is acquired. There are many cases of fraud and identity thefts that also take place through the social platforms and the impact of the same are extremely severe (Wood, 2016). These social hackers are especially skilled for the task and make use of the loopholes and their knowledge to make misuse of the information that they acquire or pass on the same to the entity that hires them for the activity to be executed. Threat Probability Trends that were Inferred High Probability Threats in the year 2014 Low Probability Threats in the year 2014 New Threats introduced in the year 2014 Identity Theft or Fraud Malicious threats such as attack of viruses, worms and likewise Security and data breaches (Nichols, 2016) Phishing attacks Web application and web based attacks such as injection attacks Leakage of the information or data during transfer Cyber Espionage Availability attacks such as denial of service attacks Rogueware Spamming Botnets Explore Kits Insider threats or attacks are the newly seen threat that is mainly executed by the employees as the threat agents and may include the violation of identity or access to a particular area or information, exposure of information to unauthorized entities and likewise. These types of threats may or may not be deliberate in nature. Due to these threat being new in nature, the control and prevention measures associated with them have not yet been devised and it has come up a new issue for the security teams and departments to deal with. ETL Processes Areas of Improvements ETL procedure could have been enhanced by including the propelled security systems in the security foundation. There are countless applications that are included with ENISA and disregarding the security design and structure that is taken after; there are incessant dangers and assaults that are seen. It is recommended to consolidate the moved security countermeasures in the ETL techniques. Encryption is one of the key measures that should be grasped to keep up a key separation from and keep all the security perils that are associated with the systems. Encryption of data still, data in-development and the data of the applications is an absolute necessity. Sharing of data on the interpersonal association applications or by method for Bluetooth is an ordinary framework that is taken after. Use of un-secured applications should be stopped the customer's end to avoid the perils that happen in the midst of information sharing. Use of contraption passwords, for instance, swipe outline, pin l ock or watchword to guarantee the device should be engaged at all times. Passwords can in like manner be put on the applications. Auto-wipe is another measure that should be enabled which wipes off the data after a particular number of failed tries. Confirmation based character and usage of bio-estimations similarly enable suitable realness and endorsement. It is additionally important to incorporate the survey, outputs and observing of the procedures and segments that are included to ensure that the security dangers don't happen. There must be an arrangement of procedures in the request as essential, institutionalized, excused and dynamic that must be incorporated (Microsoft, 2016). List of Challenging Threats and Attacks Web based attacks that have been discussed and described above can be challenging for ENISA due to their vastness and the trouble that would be involved to control them. The threat agents are also countless in number and therefore there can be some extremely severe impacts of these attacks (Panetta, 2016). Threats that are associated with the data sources and data storage can also be very challenging for ENISA. There are many entities that are associated with ENISA and the data that is involved is also collected and dealt with many different sources. These data sources may or may not be secure in nature and the challenge would be of another level in case of the sources being external in nature. There would be difference of policies and practices that would be negotiated and brought to common terms. Also, the data is stored at many locations and the security of all these storage points may also be very challenging. Data and security breaches are the third form of threats and attacks that are difficult to curb. These breaches exist due to presence of a number of entry points for the intruders and the attackers and therefore the possibility of putting a check on the same can be very troublesome. Network attacks are also very common in case of the security attacks and are also difficult to control as there are a number of nodes that are present on the network which can be used by the attackers to introduce the attack. ENISA Security State and the Required Improvements Current State The security state of ENISA is not very great in terms of the required security measures that should be present. It is because of the reason and the conclusions that can be extracted from the case study that there have been numerous efforts put in by the security experts. However, they have not succeeded in putting a complete check on the security and the threats such as data breaches, web based attacks and many others are on an increasing pace (Aws, 2016). It is therefore extremely necessary to introduce and implement improved security measures in the security infrastructure of ENISA. Suggested Improvements Use of biometrics based identification and encrypted information especially during the transfer is highly recommended in order to maintain and improve the security aspects that are associated with ENISA. Apart from these, the latest technical and physical controls must be applied across all the entry and exit points and the administrative controls should also be updated regularly. It is also essential to not ignore the basic level of security that must be present all throughout along with the latest and improved security measures. Use of one time passwords, single sign on, single sign offs, network scans, activity logs, session logs, multi layer authentication etc are also recommended to improve the current state of security in ENISA. References Amato, N. (2016). The hidden costs of a data breach. Journal of Accountancy. Retrieved 23 September 2016, from https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html Aws,. (2016). Overview of Security Processes. Retrieved 23 September 2016, from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf Casey, T., Koeberl, P., Vishik, C. (2010). Threat agents. Proceedings Of The Sixth Annual Workshop On Cyber Security And Information Intelligence Research - CSIIRW '10. https://dx.doi.org/10.1145/1852666.1852728 Cert,. (2016). Insider Threat Best Practices. Retrieved 23 September 2016, from https://www.cert.org/insider-threat/best-practices/ Enisa,. (2016). ENISA draws the Cyber Threat Landscape 2014: 15 top cyber threats, cyber threat agents, cyber-attack methods and threat trends for emerging technology areas ENISA. Enisa.europa.eu. Retrieved 23 September 2016, from https://www.enisa.europa.eu/news/enisa-news/enisa-draws-the-cyber-threat-landscape-2014 Ko, M. Dorantes, C. (2016). The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Retrieved 23 September 2016, from https://jitm.ubalt.edu/XVII-2/article2.pdf Microsoft,. (2016). Microsoft Core Infrastructure Optimization: IT Security Processes - Best Practices for Business IT. Microsoft.com. Retrieved 23 September 2016, from https://www.microsoft.com/india/infrastructure/capabilities/itprocesses.mspx Musthaler, L. (2016). 13 best practices for preventing and detecting insider threats. Network World. Retrieved 23 September 2016, from https://www.networkworld.com/article/2280365/lan-wan/13-best-practices-for-preventing-and-detecting-insider-threats.html Nichols, A. (2016). A Perspective on Threats in the Risk Analysis Process. Sans.org. Retrieved 23 September 2016, from https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63 Panetta, K. (2016). Gartner's Top 10 Security Predictions 2016 - Smarter With Gartner. Smarter With Gartner. Retrieved 23 September 2016, from https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/ Wood, P. (2016). Social hacking: The easy way to breach network security. ComputerWeekly. Retrieved 23 September 2016, from https://www.computerweekly.com/tip/Social-hacking-The-easy-way-to-breach-network-security

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.