IT Risk Management Cryptanalysis and Security Enhancement

Question: Describe the IT Risk Management and Cryptanalysis and Security Enhancement. Answer: 1. The case study is based on the activities of ENISA (European Union Agency for Network and Information Security) regarding the rising numbers of the cyber security threats and attacks. ENISA deals with these threats and attacks and takes suitable steps against the reported activities within the countries that are under the European Union (Enck et al., 2014). ENISA takes steps against all kinds of cyber attacks like Malicious Code Injection, Web-based Attacks, Denial of Service Attacks, Spamming, Phishing, Botnets, Exploit Kits and others. Before ENISA started working against cyber threats, there were rising number of cyber attack cases. In addition to regular virus and malicious codes attacks, some more methods of attacks were reported at various parts of the world (Sridhar, Hahn Govindarasu, 2012). Unethical hackers and software experts are always trying to invent new ways to break into secure systems without getting traced or detected. Some of these attacks are so strong that they cannot be prevented even using the strongest antivirus softwares. Due to these attacks, many international business organizations, commercial and government sectors lose huge amount of confidential information and business statistics. ENISA is taking a number of steps for stopping these attacks (Peltier, 2013). They have already arrested a number of hackers who have invented strong undetectable hacking softwares. ENISA is also very active in designing anti-virus and anti-hacking softwares that will be able to shut down the strong hack tools permanently. In addition, they are trying to create an awareness among people so that they do not fall trap to malicious web links and softwares. However, in spite of the activities of ENISA, nothing will be successful unless the internet users are more careful while using the internet and take suitable protection for their computer systems before using the internet. 2. ENISA security infrastructure can be represented as follows. Figure: ENISA Security Infrastructure (Source: Created by Author) As seen from the diagram, ENISA has a central network surveillance system that keeps checking data traffic through all the servers connected to it. If some unusual activity is detected, it is evaluated and classified (Humaidi Balakrishnan, 2012). If it is authorized and ethical hacking, it is released from the server. However, if it is an unethical hack or hacking tool, it is immediately banned using firewalls or anti-virus softwares. Moreover, suitable steps are taken to locate the hacker and arrest him. However, with advanced technology, hackers are creating undetectable attack softwares that are extremely hard to trace and detect. Hence, there is a need to design even better and stronger antivirus and firewall softwares with the latest technology available to detect and block these activities. 3. In addition to external threats, there are insider threats that must be mitigated in order to maintain an ethical environment within the organization. Some suitable strategies for combating insider threats are as follows. Internal Surveillance System Internal surveillance system should be implemented in order to keep tabs on the activities of the employees in the computer. For this purpose, surveillance cameras can be installed in the employees cubicles (Zissis Lekkas, 2012). Moreover, internal server surveillance should also implemented in order to monitor employees activities in the internet. Again, there should be an employee appointed to keep watch on the monitoring process so that no employee can tamper proof of his misdeed. Access Restriction System With the change in hierarchy of the job posting in the company, access to organization documents and information should be changed. In other words, with decreasing role in the organization, access should be more restricted (Kuperman, Gardner Pryor, 2013). For instance, the assistant manager should have lesser access to companys documents that the manager and so on. Website Blocking In order to prevent misuse of the internet and accidental downloads by the employees, certain malicious websites should be banned completely in the companys server. This will minimize the chances of the malicious file downloads by accidental clicking of unwanted links. In spite of all these, insider threats will still remain and can only be removed completely by the company by implementing strict guidelines on the use of the internet and websites. Moreover, the companys internal server must be monitored and maintained every day in order to detect any unusual activity (He Johnson, 2012). Moreover, some strong firewalls should be installed in every employees system to prevent unwanted and malicious attacks. 4. Of all the top threats, the most significant one is web application attack. It is most significant due to the following reasons. Literally Everywhere Web application attacks can occur anytime from any website, be it within secure domain or open server. These attacks come in the form of malicious links. These links appear anywhere in the internet in the form of some attractive offer or some advices regarding PC upgrade / repair (Crossler et al., 2013). Many internet users fall prey to these offers and whenever they click on the link, the malicious files get downloaded automatically. Accidental Click Sometimes, these links are hidden so properly that the user cannot differentiate between safe link and malicious link. Most of the times, the user accidentally clicks on the malicious links and downloads the malicious files that infect his computer immediately (Yang et al., 2013). Due to these hidden links, chance of accidental clicking increases substantially. Infected Download Links Sometimes, the hackers hide the malicious files even within some legitimate download link of a verified and trusted website (Power, Sharda Burstein, 2015). Whenever the user chooses to download that particular file or application, the malicious files also get downloaded and they infect the computer easily, without the knowledge of the user. Some of these links also come in the form of fake emails promising huge rewards for the user. Whenever the user downloads the link, his system gets infected. Ransomware There have many reported cases where even a ransomware has been found within the malicious files. This is the most extreme case of web application attack where important files of a user are encrypted by the ransomware within a few seconds (Kolkowska Dhillon, 2013). These files cannot be decrypted unless the user pays certain amount of money demanded by the ransomware. 5. The most significant and key threat agents are as follows. Cyber Criminals These are highly skilled and powerful unethical hackers that use hacking tools for robbing money by ransom, leak of confidential data and others. These hackers have invented extremely powerful and almost undetectable hacking tools and malicious softwares, which they use as ransomware and spyware (Peltier, 2016). Using these softwares, these hackers access confidential data and steal or encrypt them for ransom. Hacktivists These are some hackers that are motivated politically for the unauthorized activities. Mostly, these hacktivists use their hacking techniques against some opposition political parties in order to leak confidential information or damage their database by destroying important files. Nation Threats These are international internet terrorists that are authorized by a countrys government to spy on some other country or leak their defensive strategies (Von Solms Van Niekerk, 2013). These hackers work from a country that has authorized them and hence, they are extremely hard to catch. Cyber Terrorists These are some skilled group of hackers that use the internet as mean for spreading the idea of terrorism among common users. These groups do not do hacking for money, they use hacking techniques for simply destroying confidential files of a country or use the web service to spread viral and hardcore videos like beheading a man alive, burning a woman alive, etc. They also break into the personal profiles of the citizens of a country or even some public sectors for creating a hazard (terrorism) in the future. In order to minimize their impacts on system, the systems should be strongly protected with security firewalls and additional encryption safety (Bin Muhaya, 2015). Moreover, automated malicious attack detection system can be designed and installed in order to warn the user regarding some unusual activities in the server. In addition to these, regular server maintenance and surveillance should carried out in hourly basis. 6. Social hackers are those who use social media for stealing someones personal information by phishing, hacking into account, etc. According to Van Huis et al. (2013), this is an extremely common type of hacking that targets mainly unprotected profiles (weak predictable passwords) and use the personal information of a user for making a fake identity. Cherdantseva Hilton (2013) said that these types of hackers have good engineering knowledge and they apply it for hacking others profiles in the social media. Although these hackers primary target is not money, they are a major threat to the community as they as act as someone else and use the fake identity for unethical purposes. In more serious cases, these hackers use someone elses identity for committing serious crimes in the internet and the user gets caught even though he is not responsible for the crime. On the other hand, Peltier (2015) said that these are generally low or medium skilled young hackers that do social hacking mainly for fun or testing skill. According to Cherdantseva Hilton (2013), social hacking is done by two ways phishing and hacking through some low cost hack tools. Phishing is done to record someones username and password and the hacker uses these records to break into the users profile. On the other hand, some hackers use cheap hacking tools to directly hack a users profile for stealing his personal information. Bin Muhaya (2015) has suggested that social hacking can be minimized by enforcing double or multiple security checks before the user is allowed to login to his account. However, social hacking is still extremely prevalent and the users must be more careful over using the social media in order to prevent social hacking. The user must a use a strong password encryption and should not share his personal information in the social media. 7. The threat probability and threat level has been shown in the table below. Threat Probability Extent of Threat Drive-by downloads (renamed to Web-based attacks) Very High High Worms/Trojans High Very High Code Injection Medium Medium Exploit Kits Low Very High Botnets High High Physical Damage/Theft/Loss Low Medium Identify Theft/Fraud High High Denial of Service High Very High Phishing Medium Low Spam Low Medium Rogueware / Ransomware / Scareware Medium Very High Data Breaches High High Information Leakage Very High Very High Targeted Attacks (renamed to Cyber espionage, merged with Watering Hole) Low High Watering Hole (threat consolidated with other threats/attack vector) Low Medium From the trend of the threats, it can be seen that the threats that deal with other users or companys confidential information are most likely to occur and in most of these cases, the possible threat extent is catastrophic. Other threats are less likely to occur but they can also cause some severe damage against a general user. However, there are also some common threats that are very like to occur but these attacks can be stopped by taking simple measures. On the other hand, some attacks like ransomware are less likely to occur but they can deal extremely severe damage to a companys servers and systems. As seen from the statistical table in the case study, the cases of strong hacking like ransomware and others are constantly rising as more and more advanced technologies are being used by the hackers. Unless suitable steps are taken against these cyber hazards, more and more secure data will be lost and many business organizations, commercial sectors will lose their business data, co nfidential information forever. 8. The ETL process can be further improved with the help of more powerful technology. Hackers are designing new software and hacking tools every day. In fact, nowadays, hackers have invented some technology such that most of their unethical activities mostly go undetected or untraced due to the use of very high advanced technology (Bin Muhaya, 2015). ENISA should take more strict steps like monitoring every systems connected to the server as well as protecting systems using strong firewalls and encryptions. Moreover, ENISA can do back hacking i.e. they can monitor activities of traced hackers using their own technique (hacking). This will be ethical hacking and can be done by employing very highly skilled software experts and using them as threat agents to the hackers (Von Solms Van Niekerk, 2013). ENISA also needs to upgrade its networking infrastructure in order to do faster access to main server, more accurate tracing of a hacker, quick response to unusual activities in the server a nd others. Before ENISA started working against cyber threats, there were rising number of cyber attack cases. ENISA has already taken a number of steps for stopping these attacks (Power, Sharda Burstein, 2015). They have arrested a number of hackers who have invented strong undetectable hacking softwares. ENISA is also very active in designing anti-virus and anti-hacking softwares that will be able to shut down the strong hack tools permanently (Sridhar, Hahn Govindarasu, 2012). In addition, they are trying to create an awareness among people so that they do not fall trap to malicious web links and softwares. However, in addition to all these, upgrading to latest technology and using more powerful firewalls will help the company improve the ETL process significantly. On the other hand, the common users will have to be more careful and install latest firewall softwares to prevent unethical activities as much as possible. 9. As per the studies of different researchers, from 2016 onwards, there will be a rising number of identity theft / fraud, information leakage, cyber espionage and data breaches. Unethical hackers and software experts are always trying to invent new ways to break into secure systems without getting traced or detected. Some of these attacks are so strong that they cannot be prevented even using the strongest antivirus softwares (Sridhar, Hahn Govindarasu, 2012). Due to these attacks, many international business organizations, commercial and government sectors lose huge amount of confidential information and business statistics. ENISA is very active in designing anti-virus and anti-hacking softwares that will be able to shut down the strong hack tools permanently (Power, Sharda Burstein, 2015). They mentioned breaches are on the rising from 2013 although some of them have already been stopped, banned and mitigated. However, with the development of science and technology, more and more hackers are entering into the internet using fake account and fake names and are using them for unethical activities. With the advancement of technology, these attacks are occurring more and more using more powerful tools (Von Solms Van Niekerk, 2013). It is expected that in 2020, these attacks will occur so much that ENISA will be unable to shut them down easily unless they upgrade to the latest technology. ENISA should also install server surveillance system in order to maintain and monitor traffic activities in the server. However, all these upgrades and improvement of services must be done immediately before it is too late to recover. 10. ENISA should not be satisfied with the current state of Information System Security. Although they have done a very good work in banning many unethical websites and arresting unethical hackers, they should not be satisfied as there are still increasing numbers of unethical hacking and data security breach (Cherdantseva Hilton, 2013). ENISA has a central network surveillance system that keeps checking data traffic through all the servers connected to it. If some unusual activity is detected, it is evaluated and classified. If it is authorized and ethical hacking, it is released from the server. Again, if it is an unethical hack or hacking tool, it is immediately banned using firewalls or anti-virus softwares (Bin Muhaya, 2015). However, recently, hackers have developed certain tools that are extremely hard to detect or trace. To this, ENISA should further strengthen its cyber security and surveillance systems in order to stop the new types of attacks more effectively (Peltier, 2013). They should also invent new softwares to detect untraceable malicious files and prevent them immediately from entering into the system. Moreover, they should encourage people to use strong firewall softwares in order to prevent unethical activities while using the internet. References Bin Muhaya, F. T. (2015). Cryptanalysis and security enhancement of Zhu's authentication scheme for Telecare medicine information system.Security and Communication Networks,8(2), 149-158. Cherdantseva, Y., Hilton, J. (2013, September). A reference model of information assurance security. InAvailability, reliability and security (ares), 2013 eighth international conference on(pp. 546-555). IEEE. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013). Future directions for behavioral information security research.computers security,32, 90-101. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., ... Sheth, A. N. (2014). TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones.ACM Transactions on Computer Systems (TOCS),32(2), 5. He, Y., Johnson, C. W. (2012, October). Generic security cases for information system security in healthcare systems. InSystem Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on(pp. 1-6). IET. Humaidi, N., Balakrishnan, V. (2012). The influence of security awareness and security technology on users behavior towards the implementation of health information system: A conceptual framework. In2nd International Conference on Management and Artificial Intelligence IPEDR(Vol. 35, pp. 1-6). Kolkowska, E., Dhillon, G. (2013). Organizational power and information security rule compliance.Computers Security,33, 3-11. Kuperman, G. J., Gardner, R. M., Pryor, T. A. (2013).HELP: a dynamic hospital information system. Springer Science Business Media. Peltier, T. R. (2013).Information security fundamentals. CRC Press. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Power, D. J., Sharda, R., Burstein, F. (2015).Decision support systems. John Wiley Sons, Ltd. Sridhar, S., Hahn, A., Govindarasu, M. (2012). Cyberphysical system security for the electric power grid.Proceedings of the IEEE,100(1), 210-224. Van Huis, A., Van Itterbeeck, J., Klunder, H., Mertens, E., Halloran, A., Muir, G., Vantomme, P. (2013).Edible insects: future prospects for food and feed security. FAO. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security.computers security,38, 97-102. Yang, Y. P. O., Shieh, H. M., Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment.Information Sciences,232, 482-500. Zissis, D., Lekkas, D. (2012). Addressing cloud computing security issues.Future Generation computer systems,28(3), 583-592.