Tuesday, May 5, 2020
Security of ENISA Threat Landscape 2014
Question: Discuss about the Security of ENISA Threat Landscape 2014. Answer: Introduction ENISA (European Union Agency for Network and Information Security) is the leading center that provides recommendations as well as suggests effective practices with the help of expertise advises for reducing the impact of information security threats. This report is encompassing various strategies for combining threats and social hacking measures that are harmful for information system. This guidance provided in this report elaborates strategies that are helping in improving ETL process within organizations. This case study considers the most effective challenges for ENISA. Description of the Case Study According to the ENISA threat landscape report, it is nothing but the research outcomes of 12 months study about the threat landscape within the center (ENISA Threat Landscape 2014 ENISA, 2017). This case study is main encompassing the information about the information security threats and other important aspects going on within the organization. In addition to this, the description about the ETL 2014, include several kinds of cyber threats that involves various security threat properties within this discussion. The ETL 2014 is helpful in identifying the knowledge transfers and findings about these information security threats found during the research. Identification of Strategy for Insider Threats Periodic risk assessment: Risk assessment is important in order to be aware of the threats and information security threats involved within the information system. This process of risks assessment helps the organizations and other users in identifying the flaws of the system. Training awareness to employees: Training awareness program involves providences of guideline to the employees in order to manage the information system in an effective way (Amin et al., 2013). Separation of duties and least privilege: Information system heads are always responsible for managing the information within the organization (Cavelty, 2014). Therefore, their responsibilities should be maintained with respect to infrastructure. Strict passwords and account management policies: Strict passwords and setting involves high quality infrastructure that offers the user secured set up for managing information system architecture. Online checks against employee activities: Monitoring online actions are helpful in operating malicious threats that are implemented by the employees within the information system of the organization (Dunn Cavelty, 2013). Significant Threats and their Causes In the contemporary times, the threats of the information system are increasing day by day. These threats are randomly increasing as the information leakages involved in organizational information system are increasing due to various reasons (Fischer et al., 2014). There are various segments that incorporate information threats within the system architecture. These are mobile computing, virtualization of network, cyber operations etc. According to the surveys done on the information security threats, 2012 is found to be the most impactful year related to the cyber and information security threats (Holm et al., 2013). Information leakage is being considered as the most effective cause behind the information security threats. Discussion on Key Threat agents There are various kinds of threats agents available in the information systems. According to the ENISA threat landscape, some of the important Key Threat agents are being elaborated in this part of the report: Cybercriminals: Cybercriminal are categorized as the generalization of all the hackers and other people those are involved in violating information security. Online Social Hackers: Online social hackers are responsible for making activities viral. These kinds of people introduce various threats and hacking activities (ENISA Threat Landscape 2014 ENISA, 2017). Hacktivists: Hacktivist are that people those are responsible for managing all kinds of hacking activities within any server or information system. Script Kiddies: This target group is consisting of the young individuals those are thrilled about the achievements (ENISA Threat Landscape 2014 ENISA, 2017). These people are always present on every individual system architecture of the information system. Cyber terrorists: Cyber terrorists are those people who are responsible for making cyber attacks viral and effective to the society. Impact minimizing process of threats Monitoring plan: Monitoring plan helps the cyber security officers to check the impact of security threats within organization. Controlling plans: Controlling plan of security threats and information security challenges helps the information security officers in identifying the issues (JooBeom et al., 2014). Review collections: Review collection helps the CIOs to identify the impact and crucial effects of information security threats. Summary on Social Hacking Issues Social hacking issues are nothing but the attempt of manipulating the social behaviors with the help of orchestrated actions. The main issues associated with the social hacking concerns about the violation of permission within any personal information (Luiijf et al., 2013). Social hacking attacks are introduced by impersonating with individual groups of people. These people are indirectly or directly involved with the hackers. This is mainly done in order to make plan about confidence of victims. Social hacker presents position of the authority within the domain of hacking (Mansfield et al., 2013). Social engineers are mainly responsible for introducing social hacking activities within information systems. Social media is completely affected by this activity. Explanation of threat probabilities In accordance with the ENISA threat probability analysis, it is found that there are changes identified in the year of 2014 in comparison with the year 2013. According to the threat probability analysis within these two years, the top threat in the year of 2013 Drive by Downloads is not the top threat in the year of 2014 (ENISA Threat Landscape 2014 ENISA, 2017). This threat has diminished value in the next year. The figure bellow is showing the reduced and increased probability of some considered threats involved in ENISA. Improvisation methods for ETL process The ETL process can be improved with the help of utilizing the following process. These are described as follows: Appropriate Analysis: Collection of information must use the appropriate analysis methods for reducing the chances of information threats (Robinson et al., 2013). This helps the information officer in identifying threats and issues involved in ETL process. Identification of issues in terms reduces the threats. Identification of methods for resolving threats: Identification of proper methods for choosing methods of resolving threats are important in order to reduce the impact of these threats. Utilization of effective methods: Effective utilization of identified methods for resolving threats and information security issues introduces effective threat agents (Von Solms Van Niekerk, 2013). Perfect strategies are able to minimize the threats. Discussion on threats that challenges the security system of ENISA According to the case study of ENISA, this is found that Phishing can be identified as the most effective and harmful attacks that is continuously affecting the information system from 2013 to 2014 (ENISA Threat Landscape 2014 ENISA, 2017). This attack has maintained its position list of impactful attacks. Phishing is nothing but such kind of attack that affects user data. This attack reveals personal and company information from users. This threat has ranked in the top ten threats in the list of threats in the year of 2014. Justification of satisfaction of ENISA for their present state in security system There are various reasons behind the satisfaction of ENISA in solving their issues associated with the information security or information system. These are explained in this part: National security formation of ENISA: National security should have to be managed by threat resolving techniques. Sharing practices of information in ENISA: ENISA is satisfied with their strategies as these would not involve security issues within their infrastructure (Wang Lu, 2013). Partnership among public and private departments of ENISA: Information security involves good public and private departments within the system architecture of the center. Conclusion This can be concluded that the threat landscape of ENISA 2014 is including important developments within their infrastructure that encompasses information about various threats. In addition to this, there are several changes that are incorporated within the threat landscape. In addition to this, this report is explaining the various information security threats and their resolution processes. Twelve reports are analyzed before preparing the ENISA Threat Landscape. All of this information is related to cyber security threats and mal-practices. In spite of this, there are various important threats that are impacting on the ENISA. These threats are elaborated in this report. References Amin, S., Litrico, X., Sastry, S., Bayen, A. M. (2013). Cyber security of water SCADA systemspart I: analysis and experimentation of stealthy deception attacks.IEEE Transactions on Control Systems Technology,21(5), 1963-1970. Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities.Science and engineering ethics,20(3), 701-715. Dunn Cavelty, M. (2013). From Cyber?Bombs to Political Fallout: Threat Representations with an Impact in the Cyber?Security Discourse.International Studies Review,15(1), 105-122. ENISA Threat Landscape 2014 ENISA. (2017).Enisa.europa.eu. Retrieved 6 January 2017, from https://www.enisa.europa.eu/publications/enisa-threat-landscape-2014 Fischer, F., Davey, J., Fuchs, J., Thonnard, O., Kohlhammer, J., Keim, D. A. (2014). A visual analytics field experiment to evaluate alternative visualizations for cyber security applications. InProc. of the EuroVA International Workshop on Visual Analytics. Holm, H., Flores, W. R., Ericsson, G. (2013, October). Cyber security for a Smart Grid-What about phishing?. InIEEE PES ISGT Europe 2013(pp. 1-5). IEEE. JooBeom, Y. U. N., Seung-Hyun, P. A. E. K., Park, I., Lee, E. Y., Sohn, K. W. (2014).U.S. Patent No. 8,839,440. Washington, DC: U.S. Patent and Trademark Office. Luiijf, E., Besseling, K., De Graaf, P. (2013). Nineteen national cyber security strategies.International Journal of Critical Infrastructures 6,9(1-2), 3-31. Mansfield, K., Eveleigh, T., Holzer, T. H., Sarkani, S. (2013, November). Unmanned aerial vehicle smart device ground control station cyber security threat model. InTechnologies for Homeland Security (HST), 2013 IEEE International Conference on(pp. 722-728). IEEE. Robinson, N., Gribbon, L., Horvath, V., Robertson, K. (2013). Cyber-security threat characterisation. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security.computers security,38, 97-102. Wang, W., Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges.Computer Networks,57(5), 1344-1371.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.