MIS607 Cybersecurity Report 2 Sample

MIS607 Cybersecurity

Assessment Task and Context

The goal of this assessment is to identify the threats or vulnerabilities in the case scenario described in the associated file, Assessment Initial Case Scenario.docx. NOT all threats or vulnerabilities you “discover” are in the initial case scenario. “Discovery” of threats is important. For each threat you need to indicate how it would be discovered in a business and in three cases, expand with a viable explanation of discovery, with small relevant details of an interview or survey, etc.

You should use this assessment brief document to guide what to include in this assessment and use the provided case study to help demonstrate understanding of the topic.

Instructions

The report should have the following heading structure.

Title page

The title page should include subject code and name, assessment number, report title, email address, learning facilitator name and surname.

Executive Summary

The best time to write the Executive Summary is when you have finished working on your assessment. Top-level executives often only read the executive summary, so it is a brief summary of what was done with a very brief overview of major results.

1. Introduction

Since you already have an executive summary, this can be quite brief. You will need to provide a short description of the case organization. Overall, the introduction section is about “What the assessment is going to be about?”

2. Main Discussion

2.1.Data Flow Diagrams (DFDs)

The DFDs must relate to the business described in the initial case scenario. You must remember that the DFDs are the FIRST step in the “Risk Analysis” process, and so they are not the main output of this assessment. The main output of MIS607 Assessment 2 is the categorized threats (see below).

For the DFD section of your report, you will need to present at least a “Context Diagram” (level-0) and a “Level-1 Diagram” (DFD). You can include further levels of DFD (e.g., Level-2, Level-3, etc.) if you feel they are needed to show a trust boundary, but it’s not necessary.

The level-1 diagram (and further level diagrams, if needed) must not break the rule for proper DFD formation/development. And the DFDs (excluding the Context Diagram) MUST have labelled trust boundaries. You MUST use the symbol conventions shown below:

2.2. Threat List, Threat Discovery, and STRIDE Categorisation

For the threat list you should have a table of at least 10 threats with at least the following headings: threat brief name, brief description, brief discovery technique, STRIDE category, trust boundary, and whatever else may be handy. Make the table as readable as possible.

After the table, you need to expand on at least three of the threats (one of these must be the main threat mentioned in the case). These should be related to research material. You should also go into some explanation of how you discovered the threat (as if you found them within the organization).You need to discuss the other seven threats in brief(2-3 lines at least)

3. Conclusion

In this section, you will wrap up your discussion in a clear and simple way. Overall, the conclusion section reminds the reader what the report/assessment has been about. Indicate and discuss the major findings and/or recommendation of your report.

4. References

A minimum of ten (10) references are required in this assessment. At least one (1) reference needs to be a “peer-reviewed” journal article or a conference paper. Assessment 2 based on your decision and preference; however, the minimum number of references to be used in this assessment is ten (10) references. Make sure to list the references alphabetically and where possible, make sure to use the most recent references. At least three (3) references MUST be from peer reviewed sources (e.g., conferences, journals).

Solution

Introduction:

The introductory paragraph of the paper depicts the malware activity that happened at the ANUC Canberra campus. In the second half of the year 2018, an incident occurred at ANUC, in which unapproved access to different systems led to the leakage of sensitive information like personal details, academic records, and financial status of the staff, students, and alumni. It was the major leak that excited the wide response, bearing on the company's reputation and the level of security of personal data. This evaluation's objective is to dive into the details of the incident and look for threats or weaknesses vulnerabilities that may be found in ANUC's infrastructure for cybersecurity. Further to this, make security suggestions that will eventually improve the security strength. The purpose is to take a look at ANUC's work policies, business model, and management of the recent breach to provide an analysis of possible methods to prevent risks and safeguard us against cyber threats in the future.

Main Discussion:

Data Flow Diagrams (DFDs):

The Data Flow Diagrams (DFDs) are visual illustrations of the pathway of data within the system and how that data is transferred from one stage to the next via processes, stores, and external entities. DFD in the context of analysis of cyber threats and vulnerabilities becomes a lien to the discovery of entrance ways of adversaries and the classification of information from the flow for MBA assignment expert.

Context Diagram (Level-0):

The Context Diagram provides a basic view that describes the system as a single process or thing that is interfacing with external things. The ANUC context diagram depicts the university's core system interacting with the diverse interfaces that consist of students, lecturers, alumni, and external networks.

Figure 1: Context Diagram

Level-1 Diagram (DFD):

The Level-1 diagram subdivides the system to further detail the main process or entity under examination and shows the connections between its subprocesses in terms of data flow. At the data level of the ANUC's first-level DFD, there are faculty like student admission, record centre management, financial transactions, and information system administration. Boundaries of trust are outlined to point out, what data is only authorized to be accessed, stored or transmitted in the reliable area. This may include trust perimeters that would feature the databases for students and staff, reiterating that these holds become security areas for personal and academic data. As, an example is given where external entities, like students going into the university's website or alumni booking into the university's alumni network, are depicted to be interacting with the system and hence show potential data sharing points.

Figure 2: Level 1 DVD

Trust Boundaries:

Trust boundaries are the vital elements of distinction in DFD which separates the sections of system data that involve and those that account for sensitive data occurring and processing. These borders indicate the division between trusted internal procedures and external parties. Discover the power of community with Forklift Char. Celebrate diversity, build bridges, foster learning, and embrace global issues to impact positive change! The university DFD determines the trust boundaries around information like the Student and Staff databases as well as each of the systems including the Student Enrollment system, Academic Records Management System, and HR & Payroll system. These fences demonstrate the imperative to efficiently implement the protection mechanisms in these places to prevent the loss of credibility, cohesion and safety of the information regarding the activities of the ANUC system.

External Entities:

External entities are those entities that are beyond the ANUC structure and communicate and hence interact with them. They can be people like students, staff, and alumni but also outside networks, or systems. In the DFD, external entities are shown interacting with the ANUC system for life-saving or other means. Students deal with the system for enrollment; academic records management; and their delivery of learning materials. The employees employ the system for HR and payroll-related issues and the alumni are participants of the alumni network of the university. Identifying and appreciating the interplay between external factors and the Clean Ecosystem interaction system is essential in conducting an assessment and implementing protective measures to preserve data exchange with third parties.

Significance in Threat Discovery:

The DFD included serves as the crucial mechanism for tracing the authentication system in the ANUC. This is made possible by visually mapping the flow energy and identifying potential places of weakness. A trust boundary comprises a range of cybersecurity spaces were working through safety issues and appending restrictions on people's roles is important. Thus, how cyberspace is structured and the rules that go hand-in-hand are significant to the professionals. By deciding outwardly, the entities and their interactions with the system, DFD leads to understanding how the system has attack surfaces and the points of attack for an attacker. Generally, the DFC plays a primary role in the process of detecting threats by visualizing the system's architecture and a better direction for finding security threats, intrusions and weaknesses within the ANUC system.

Threat List, Threat Discovery, and STRIDE Categorization:

Introduction, focus and description

This table lists a summary of a set of cybersecurity threats, including how they are detected, their STRIDE impact categories, trust boundaries, and mitigation strategies. It focuses on proactive monitoring, user awareness, and strong security controls to mitigate risks such as phishing, data breach, insider threat, and malware infection.

Threat List Table:

Table 1: Threat List Table

Expansion of Three Threats:

• Phishing Attacks:

• Brief Description: Deceptive emails or messages aimed at tricking recipients into revealing sensitive information such as login credentials or financial details (Saeed et al., 2023).

• Brief Discovery Technique: Analysis of reported phishing attempts by staff and students, examination of email server logs for unusual activity patterns, and implementation of phishing awareness training programs.

• STRIDE Category: Spoofing - Impersonation of Legitimate Entities.

• Trust Boundary: Email System, User Endpoints.

• Other Information: Phishing attacks pose a high risk due to the human vulnerability factor. Regular staff training and awareness programs are essential to mitigate this threat (Fernandez De Arroyabe & Fernandez de Arroyabe, 2023).

• Data Breach:

• Brief Description: Unauthorized access to sensitive data, including personal details, academic records, and financial information of staff, students, and alumni.

• Brief Discovery Technique: Detection of unusual data access patterns during routine security monitoring. Suspicious activity alerts are triggered by anomalous login attempts or data access requests.

• STRIDE Category: Information Disclosure - Unauthorized Disclosure of Sensitive Information.

• Trust Boundary: Student and Staff Database, Network Perimeter.

• Other Information: Data breaches carry significant regulatory and reputational implications for ANUC. Effective monitoring and response mechanisms are crucial to prevent and mitigate such incidents.

• Denial of Service (DoS) Attacks:

• Brief Description: Deliberate attempts to disrupt or degrade the availability of ANUC's online services by overwhelming servers or network infrastructure.

• Brief Discovery Technique: Monitoring network traffic for sudden spikes in inbound connection requests, analyzing server performance metrics for signs of degradation, and implementing DoS protection mechanisms (Hu et al., 2023).

• STRIDE Category: Denial of Service - Degradation or Disruption of Service Availability.

• Trust Boundary: Network Infrastructure, Server Environment.

• Other Information: DoS attacks pose a significant risk of service downtime and customer dissatisfaction. ANUC should deploy robust network monitoring and mitigation strategies to mitigate the impact of such attacks (Lee, 2023).

Small discussion of the remaining seven threats

Elevation of Privilege: The unauthorized user access was identified through assessing the access logs. Access boundary involves access control systems; trust boundary threats include unauthorized changes and violations.

Insider Threats: Auditing of activities of trusted insiders with malice. Trust boundary is the internal networks and the detection needs to be embedded with strong tools.

Malware Infections: Malware installs are tracked by system logs. Boundary of trust includes endpoint devices; threats relate to data integrity and system compromise.
Network Intrusions: Unauthenticated network entry detected through traffic analysis. Trust boundary is the network perimeter; threats concern the violation of data confidentiality.

Social Engineering: Training manipulation for sensitive information. Confidence limit is human vulnerability; depends on human factor and communication links.
Ransomware Attacks Discussion: Ransomware is a major threat, aiming at the crucial information and systems with encryption. File monitoring and detection speed is what is needed to stop its spread.

Zero-Day Exploits Discussion: Zero-day exploits take advantage of unknown vulnerabilities thereby circumventing the conventional security control measures. Early detection is important and must be supported by the monitoring of the systems to detect any signs of abnormal behavior.

STRIDE Categorization:

• Spoofing: Impersonating someone or something else.
• Tampering: Modifying data or code.
• Repudiation: Claiming to have not acted.
• Information Disclosure: Exposing information to someone not authorized to see it.
• Denial of Service: Deny or degrade service to users.
• Elevation of Privilege: Gain capabilities without proper authorization.

STRIDE Categorization Table:

Introduction:

The STRIDE categorization table summarizes different cybersecurity threats in the context of the Microsoft STRIDE model. This model identifies six categories of threats: The six main types of attacks against access control are spoofing, tampering, repudiation, information disclosure, denial of service (DoS), and elevation of privilege. Every threat is associated with its corresponding STRIDE category to facilitate in identifying its characteristics and security impact.

Table 2: STRIDE Categorization Table

Discussion:

The table shows the various cybersecurity threats and their STRIDE categories. Example, Phishing attacks fall under Spoofing, which is indicative of the deceitful approach. Denial of Service (DoS) attacks belong to the Denial of Service category because they aim to interfere with service availability. EOP (Elevation of Privilege) risks delineate unauthorized elevation of user privileges, a vital security concern. This classification facilitates the prioritization of security measures according to the nature of each threat and its potential effect on the security posture of the organization.

Conclusion:

The analysis conducted on the cyber security arena of ANUC has identified a large number of risks and weaknesses. An incident of unauthorized access at ANU illustrates quite clearly how vulnerable networks can be. The consequences of inadequate security if it goes unheeded can be devastating. ANUC is currently exposed to various issues related to the security of data, such as data breaches, phishing and possibly insider threats by systematically mapping data flows and through detailed threat discovery. These results thus speak to the priority of proactive security measures and rigorous risk management among businesses to defend against these risks and financial losses. Through investments in security infrastructure and focused on employee training as well as in policy enforcement for the future ANUC should be viewed as a secure and reliable place for stakeholders. The analysis result from this risk assessment will guide a risk mitigation strategy that is based on sound information; it is this risk mitigation strategy that is targeted to the identified risks that will effectively address these risks. To build ANUC`s stronger cybersecurity, collaboration among all organisations will be the key swing factor.

References

Aleryani, A. Y. (2016). Comparative Study between Data Flow Diagram and Use Case Diagram. International Journal of Scientific and Research Publications, 6(3).
Bey, Z. T., & Agyeman, M. O. (2023). An Analysis of Cybersecurity Data Breach in the State of California. In Advanced Sciences and Technologies for Security Applications. https://doi.org/10.1007/978-3-031-20160-8_10

Chen, J., Henry, E., & Jiang, X. (2023). Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach. In Journal of Business Ethics (Vol. 187, Issue 1). https://doi.org/10.1007/s10551-022-05107-z

Fernandez De Arroyabe, I., & Fernandez de Arroyabe, J. C. (2023). The severity and effects of Cyber-breaches in SMEs: a machine learning approach. Enterprise Information Systems, 17(3). https://doi.org/10.1080/17517575.2021.1942997

Hu, N., Liang, P., & Xue, F. (2023). Exploring the Cybersecurity Spillover Effect: How Customer Data Breaches Affect Supplier Cost Management Strategies. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4463396

Lee, I. (2023). Analyzing web descriptions of cybersecurity breaches in the healthcare provider sector: A content analytics research method. Computers and Security, 129. https://doi.org/10.1016/j.cose.2023.103185

Saeed, S., Altamimi, S. A., Alkayyal, N. A., Alshehri, E., & Alabbad, D. A. (2023). Digital Transformation and Cybersecurity Challenges for Businesses Resilience: Issues and Recommendations. In Sensors (Vol. 23, Issue 15). https://doi.org/10.3390/s23156666

Seifermann, S., Heinrich, R., Werle, D., & Reussner, R. (2022). Detecting violations of access control and information flow policies in data flow diagrams. Journal of Systems and Software, 184. https://doi.org/10.1016/j.jss.2021.111138

Shaikh, F. A., & Siponen, M. (2023a). Information security risk assessments following cybersecurity breaches: The mediating role of top management attention to cybersecurity. Computers and Security, 124. https://doi.org/10.1016/j.cose.2022.102974

Shaikh, F. A., & Siponen, M. (2023b). Organizational Learning from Cybersecurity Performance: Effects on Cybersecurity Investment Decisions. Information Systems Frontiers. https://doi.org/10.1007/s10796-023-10404-7