About Risk Analysis and Preventive Security

The advancement in computational power, particularly among computers, logical programmable units, communications link and networking, artificial intelligence, and robotics, has provided the world with a more efficient and faster way to improve the way we interact, whether by communications or performing complex tasks such as scientific computations, simulations, and even the storage of sensitive information on special cryptographic devices (European Network and Information Security Agency, 2014). All of this has increased quality and performance while still increasing data privacy and security. The advent of computing power has spawned numerous cyber security threats that are aimed at making sure that vulnerable systems are maliciously exploited through hacking be it remotely or through use of malware that are designed to infect systems and cause damages, steal sensitive data from data centers of targeted organizations (European Network and Information Security Agency, 2011).Company Profile and Security Risk ExposureThis Privately owned sensitive data such as intellectual property, can fetch billions of dollars on the black market as they might be intellectual properties such as sensitive military prototype projects or even state of the art spy gadgets or even some kind of proprietary software’s that is of immense importance to law enforcement or it could be entire bank database with valuable customer information from pin to credit card sensitive data. This kind of information normally takes the interest of cyber terrorism, hackers and even state sponsored cyber warfare and espionage making breach of highly valuable data and intellectual property as a target of immense price and of security concerns (European Network and Information Security Agency, 2011). Recently a company with a large industry portfolio having several branch offices in world premium venture capital cities such as London, Oslo, New York City and Sydney. The Oslo branch is where the parent company was founded and each of the offices in these cities run their own Network as well server file system, own mail server, a backup server as well as a web server (Beckers, 2015). The system administrator of the Oslo office branch has noticed that there were attempts made recently which involved trying to circumvent the file server firewall system with the aim of gaining access to company files (Erdogan et.al, 2015). The system administrator then notifies the CTO and the board decided to higher my company on a contractual basis to discuss the available options to the Oslo-based company concerning their intellectual property safety, this basically being available options to protecting their intellectual property (IP) (Beckers, 2015).Assumptions Made and Security Risks ScenariosMy task would surely be way complicated if I would proceed to offer available options to performing a security risk analysis and preventive security (Common Criteria, 2012). I am making assumptions that the data integrity might be compromised as I have not done preliminaries data integrity tests or even performed a penetration testing in order to determine where the exploit vulnerability might have come from. Secondly, I am assuming that this security breach might have been aborted before the exploit was executed there by chances of major damages and accessibility to intellectual property might be minimal. Thirdly, I am assuming that this vulnerability might have originated from either the company employees tasked with higher level clearance, or from malicious hacker or from malicious malware or virus code meant to open a back door throwback door operating system tunneling making the attackers have access to the malware or viruses and are as we speak just waiting to access all the company data (European Commission: COM, 2011).Lastly, I assume that the vulnerability could be due to technical errors such as outdated protection firewalls or even poor maintenance of the server files from incompetent information security expert. It is also safe to assume due to interconnectivity of modern networking infrastructures especially the critical infrastructures such as communications network which is largely interconnected. The connection protocols run by this network are either ubiquitous like IP or even proprietary. Due to these protocols they are openly accessible to potential attacks from hackers who can perform several of the following data access privileges ranging from remote network access, attach malware to the network, inject virus codes to the network and even perform network overrides to suit their attack agenda to such networks (European Commission: COM, 2011).The probability of getting a higher frequency of attacks is largely depended on the use of widespread IP as a solution to internetworking as it is likely to compromise interconnected networks systems that rely on the internet (Erdogan et.al, 2015). The last assumption is based on the type of computer applications running on computer systems and the type of access permissions this software’s are allowed to execute, as most might have ways to get into the main network. Most coding process is becoming complex and the apps and programs running on computer system connected to the file server network might also be used to launch unauthorized access. Circumventing the file server network firewalls of the company in Oslo especially this gets complicated if there is some form of virtualization used in hosting the computer programs within the network that also hosts file server system in the Oslo office. This will only make the security risk analysis more difficult, hard to check for the security flows as there is a lot of virtualization which just leads to increment in terms of computational risks and security of the data in the file server system (Erdogan et.al, 2015).Evaluating Options for the Risk Analysis and Preventive SecurityIt is fundamentally vital to take keen interest in networking infrastructure security their implementation of security measures. Evaluation of threats and forecasting through simulations of preempted attacks before they happen to this kind of interconnected infrastructure goes a long way to ensuring up to date security practices and risk management aimed at preventive security is uphold as this minimizes the chance of core data breach as the security architecture implemented will have catered for such eventualities or at minimum invoke firewall protocols that will enforce preventive measure against attacks. To prevent hackers from accessing the networks or even employees with dishonest intentions from accessing the vital information, or compromising data integrity by causing irreversible data loss or damages to backup as well as proprietary information (European Commission: COM, 2011). Since the interconnectivity and internet infrastructure makes it easy for most malicious attacks to be made to this kind of business or companies operating on widely interconnected networking systems. We need to make sure that mitigations are in place to prevent their access privileges towards proprietary information and the following measures can be used to try and make the process more secure. The use of risk analysis and preventive security methods may involve the following steps names:Context EstablishmentThis step in cyber security risk assessment and preventive measures involves trying to come up with the scenario prior to the vulnerability exploits that were done. This is the phase where the factors that may have led to the security breach, hacks, and vulnerabilities in the security system is hypothetically assessed with assumptions being introduced in order to eliminate what may be potential risk from just other risks that may not pose threats, at this stage. The security expert on cyber security or information security expert tries to forecast all the possible scenarios and security risks that may have led to the attacks (European Commission: JOIN, 2013). They just hypothesis to give a picture of what may be the root cause, which type of exploit attack is used, the malfunctions that may have led to this security flaws in the first place. Here also the motives of the attacker are established, why did they target the specific company in Oslo, is it for financial motives, is it to test the security features and strength of the firewall or is it to cause complete damage to the entire file server system (European Commission: JOIN, 2013).It is at this point that the information obtained from doing such hypothesized attack scenario is factored into two sets of the outcome. The possible exploits with a higher probability of success and the ones with least chances of having a successful data breach to the server files within the data center (European Commission: JOIN, 2013). The chain of threats that may have arisen from this kind of assessment will give the overview of where to look, and what to analyses both software and hardware. It is here also that the assessment is based on strategy utilization, the assessment will give the penetration tester a map of what to check as well as what to do before doing anything as some attacks may even be worsened by someone setting off a ransomware that they should have tried to avoid. The hacking methods have become sophisticated such that a bomb virus might have been injected into the file server or on the firewall and any attempts to get rid of it may trigger a full-scale attack that may result in compromising the security integrity of the data in the file server or even damages to the proprietary information which may be the only available copy.The overall verdict always shows that a data assets harmed under attacks depict some sort of risk and even loss incurred on the server data. However, it is imperative to understand that since only an attempt was made to circumvent the firewall on the server file in order to gain unauthorized access it is not useful to speculate on which kind of attack might have been used as it might have been just an attempt to crack the firewall of the servers and nothing bad done that is costly to the company in Oslo. Finally, the lists of all possible risks, threats to the server files and they are consisting of information that depicts server denial of services attacks, the hijacking of network sessions. Evidence of packet sniffing and also establishing if there is pattern to this attacks or they are just random and to do these it is recommended to use MITRE for pattern attack enumerations. In order to offer better insights of what could have transpired during the malicious attacksRisk identificationThe next stage in countering these security threats by establishing detailed identification protocols that will show the methods, strategies as well as the weaknesses of the adversary, who often is the individual who does try and have unauthorized access. Keeping in mind that the weakness on the part of the security system of the entire network chain is often the strength of the attacker. Being able to assess well the weaknesses will eliminate a lot of the risks that may arise from this kind of vulnerabilities which often includes old outdated software programs with security red flags, using old operating system kernels which have not have security patches do on the entire operation system or server OS making it easily bypassable (Beckers, 2015).Establishing a risk model will give comprehensive guide on how do counter any attacks on progress before they escalate to levels of uncontainable threats. It is easy to deal with small containable threat on a faster in an efficiently as opposed to dealing with system failure. Loss of crucial server functions, stolen vital company records and also risk of losing investment portfolios due to bad business reputations and lack of investor trust in the company’s security in its ICT architecture may mean investors may lose crucial data some private and may compromise even their other company’s data integrity (Beckers, 2015).Providing a documented evidence of the extent of risks exposed to the company servers after the attacks will give us an understanding of which model of risk assessment we should use. In addition, establish to how far the attackers have managed to overcome the security firewalls meant to curb such incidences in the first place (Beckers, 2015). After the documentation of the assets integrity data wise, if a conclusion of vulnerability is concluded then it would be wise to savor the damaged data from the ones protected in order to avoid having a data breach and spread of malicious malware to the entire system.Risk evaluationThese entails the qualitative as well as the quantitative assessment of the risk that have affected the file server it emphasizes on findings that are evidence-based. This is usually the evaluation done on the metadata, the traced hack, the digital footprints left by the attacker and most importantly the digital activity footprint embedded as log files such as download sessions, network hijacking sessions, the data packets sniffed to and from the network system and the changes made to the server file directory be it added files or deleted files all this will show up as runtime activities that can be checked on the server logs to establish if there was any form of malicious play initiated by the attackers, presumably the server is not a virtualized server file (European Commission: JOIN, 2013). There are forms of risk evaluations and they include:Evaluation of risk sources that are human and non-humanThese includes the assessment of risk that may be caused by both humans and non-human entities, for the non-human entities we need to evaluate security threats from sources such as viruses, Trojan horses, ransomware, hacking toolkits and malicious programs that automate hacking processes tailored towards causing destruction or stealing of data. For the human entities, we expect to evaluate the motives mainly for the attacks is it financial motives, is it state sponsored terrorism, state-sanctioned espionage, is it due to hacktivism or just a penetration testing in incognito to gauge the strength and weakness of the entire ICT infrastructure and security layout. The evaluation will also include methods of attack initiations, the extent of the attacks capabilities and various ways in which cyber security attacks are usually carried out or launched since some attacks are custom made specifically for malware making them special attacks in relation to the information worth of the target asset.Risk treatmentThese are the steps taken to give comprehensive management of the risk that the company may be facing, they are the defense strategies put in place to make sure that all the critical data infrastructure within the connected network system does not suffer a major failure of shut down due to a malicious attack on one of the components like for instance if the server file firewall was under attack the firewall should be made much harder to bypass by installing the latest and greatest firewall security features such as the ones used by Cisco Systems (European Network and Information Security Agency, 2014). The next course of action will be to find the attack, assess its damage extend, provide a counter solution may be in form of software patch or upgrade or installing a better hardware feature that is not vulnerable to such attack again, usually hardware system that encourages us of embedded security features which are likely not easily to hack, exploit or even bypass through software that might have some vulnerabilities on the old hardware installed (Bajpai, Sachdeva, Gupta, and J.P, 2010). Ensuring that high data integrity is maintained through frequent security updates, running of simulated hacking labs for the entire server file set up could prove useful in eliminating the unforeseen future attacks on the server file network (European Network and Information Security Agency, 2014).How to implement the Risk Analysis and Preventive SecurityThe major distinctive possessions of concern in cyber-risk valuation setting are information infrastructure and information, comprising of networks, services, and software. Preventive security and risk analysis of cyber-risks can be implemented using a number of ways. In order to be well acknowledged about the deep implications of cyber incidents and threats, a company must consider the assets and information that can be destroyed as a supplementary consequence (Bajpai, Sachdeva, Gupta, and J.P, 2010). Cyber-risks present themselves in many forms, thus a company must be ready to protect their customers. The appropriate aspects of concern in this scenario involve image, legal compliance, reputation, revenue, and market share. The latter aspects are important vis a vis privacy and data protection (Bajpai, Sachdeva, Gupta, and J.P, 2010). Additionally, though cyber systems and cyberspace are characteristically linked to the intangible and virtual, it is necessary to divert focus from these aspects alone. Cyber incidents and threats occurrence may cause various harms such as physical harms, for example, destruction of the environment, health, and life.ConclusionIllegal network access may destroy relationships of business partners and customers, who may be prompted to question the fitness of a corporation to protect private information. Data collection definition has been distorted by services such as cloud computing and additional trending services. Companies and individuals profit from the expandable service developments in the cloud, present at all instances from any machine, however, these intense changes and alterations in the business services company aggravate the threats in protecting information and the entries completed using it (for instance, businesses, individuals, governments and much more). Security architectures and policies must have comprehensive lifecycle methodology and principles, comprising whether the information is located on the server site, mobile on worker’s PC, or being kept in the cloud.ReferencesBajpai, S., Sachdeva, A. and Gupta, J.P., 2010. Security risk assessment: Applying the concepts of fuzzy logic. Journal of Hazardous Materials, 173(1), pp.258-264.Beckers, K., 2015. Pattern and Security Requirements: Engineering-Based Establishment of Security Standards. Springer.Common Criteria, 2012: Common methodology for information technology security evaluation –Evaluation methodology, v3.1, rev. 4.Erdogan, G., Li, Y., Runde, R.K., Seehusen, F. and Stølen, K., 2014. Approaches for the combined use of risk analysis and testing: a systematic literature review. International Journal on Software Tools for Technology Transfer, 16(5), pp.627-642.Erdogan, G., Seehusen, F., Stølen, K., Hofstad, J. and Aagedal, J.Ø., 2016. Assessing the usefulness of testing for validating and correcting security risk models based on two industrial case studies. In Business Intelligence: Concepts, Methodologies, Tools, and Applications (pp. 1016-1037). IGI Global.European Commission: COM (2011) 163 final – On critical information infrastructure protection Achievements and next steps: Towards global cyber-security (2011).European Commission: JOIN (2013) 1 final –Cybersecurity strategy of the European Union –An Open, safe and secure cyberspace (2013).European Network and Information Security Agency, (2011).: Deliverable-2011-12-09 – Protecting. Industrial control systems – Recommendations for Europe and member states.European Network and Information Security Agency, 2014: Incentives and barriers of the cyberInsurance market in Europe (2012) 16. EUROPOL: The Internet organized crime threatAssessment (OCTA).