Information Security Taxonomy and Secure Communications System
Instructions • You should complete this assignment independently. You can use books, articles, and Internet materials. No collaboration is allowed. • Write your answer concisely. Pay attention to the specific page limit if there is one. • Only typed or electronic reports are allowed for homework submission. • Submit it through the given link at Canvas as a PDF file. Verify that the submission is successful.
Exercise 1: (25pts) (Limit: two pages) There are a couple of documents for reference, i.e., Cybersecurity Framework Profile for Ransomware Risk Management that follows Framework for Improving Critical Infrastructure Cybersecurity. You can refer to other relevant materials, e.g., on the internet, about ransomware as needed. Go through these documents. Use your findings to fill out the information security taxonomy presented in Lecture 1, in a table format (so each row or column is one basic component/element in the taxonomy). Please try to give out two examples specific to ransomware for each component, such as two different types of threats identified for the “Threat” component. Briefly (in one sentence) define or describe each example.
Exercise 2: (10pts) (Limit: half a page) Consider a very high-assurance system developed for the military. The system has a set of requirements and specifications, and its design and implementation have been proven to satisfy the specifications. From the perspectives of threat, service, and mechanism as discussed in Lecture 2, what questions should school administrators ask when deciding whether to purchase such a system for their school’s use? Please give out two different examples of high priority. For each given example, briefly discuss the specific potential problems/challenges in adopting this system by a school.
Exercise 3: (5pts) (Limit: half a page) Charting Your Course - This is a critical question! But you will get the credit if you can give it a good try to clearly define your goal and career. What area of information security seems most interesting to you at this point? What motivates you to investigate this area further for career opportunities?
Reflection Paper
Student's Name
College/University
Course
Professor's Name
Due Date
Exercise 1
Components
Examples
Threats
Ransomware infection via phishing emails - Attackers dupe unsuspecting users into creating harmful email attachments or opening malicious links, leading to ransomware installation on their systems.
Drive-by download attacks delivering ransomware - Users unknowingly download ransomware while visiting compromised websites with malicious code that exploits vulnerabilities in their browsers or plugins (National Institute of Standards and Technology, 2018).
Security Vulnerability
Unpatched operating systems and software - Outdated or unpatched software creates security weaknesses that ransomware can exploit to gain unauthorized access.
Weak or reused passwords - Inadequate password practices make it easier for ransomware attackers to crack or guess passwords, gaining unauthorized access.
Asset
Customer databases with personal information - Ransomware attackers target databases containing personal data to extort organizations by threatening data exposure.
Financial transaction systems - Ransomware can disrupt critical financial systems, causing financial losses and reputational damage to organizations (Barker et al., 2021).
Business goal
Ensure uninterrupted online customer services - Businesses aim to prevent ransomware disruptions to maintain online services and customer trust.
Protect sensitive financial data - Safeguarding financial data against ransomware threats is crucial to prevent financial losses and regulatory violations (National Institute of Standards and Technology, 2020).
Security compliance
GDPR compliance requirements - Organizations must meet GDPR's stringent data protection standards to avoid regulatory penalties related to ransomware incidents.
Industry-specific cybersecurity regulations require organizations to mitigate ransomware to protect sensitive data.
Security measure
Regular data backups and offsite storage - Regular backups help recover data in the event of ransomware attacks, reducing the impact.
Application whitelisting and endpoint security solutions - Employing application whitelisting and security software helps prevent ransomware execution and unauthorized system changes (Barker et al., 2021).
Security policy and models
Role-based access control to limit data access - Role-based access controls restrict access to data, reducing the risk of ransomware spreading to critical systems.
Multi-factor authentication (MFA) for critical systems - MFA adds an extra layer of security to critical systems, making it harder for ransomware attackers to gain access.
Security service
Incident response services to mitigate ransomware threats - ...
π Other Visitors are Viewing These APA Coursework Samples:
- Security Guidelines3 pages/β825 words | APA | IT & Computer Science | Coursework |
- Requirements Workflow for the Chocoholics Anonymous Project10 pages/β2750 words | 3 Sources | APA | IT & Computer Science | Coursework |
- Composition of "Is-A" and βHas-Aβ Relationship in JAVA2 pages/β550 words | APA | IT & Computer Science | Coursework |
- Scrum Sprint Cycle based on agile project management Essay2 pages/β550 words | APA | IT & Computer Science | Coursework |
- Hello World from the Portuguese Application Java Program2 pages/β550 words | APA | IT & Computer Science | Coursework |
- Built-in Architecture Techniques1 page/β275 words | APA | IT & Computer Science | Coursework |
- Design and Software Testing Concept Map Essay Sample6 pages/β1650 words | APA | IT & Computer Science | Coursework |