Question 1
With the rapid technology that has been experienced in different parts of the globe, there are numerous types of hacking that have become commonplace. Many of the people either lack knowledge or assume that their computers and networks are safe and that they cannot be easily accessed by third parties or any other person who wants to interfere with them. One of the people who has exploited a significant number of systems in different ways is Kevin Mitnick. According to him, “the human security is truly security’s weakest link” (Mitnick & Wozniak, 2016). Kevin Mitnick elaborates that a majority of the people today tend to think that they are secure and they do nothing to ensure that their systems are protected from any unauthorized individuals.
In a similar manner, social engineering significantly relies on misguided trust or the ignorance of people (Dulaney & Easttom, 2014). Therefore, it is important that companywide policy is created and implemented to protect an organization from an attack. There are some cases where people have not been victims of cyber-attack, and thus such people assume that they are safe and they do not take any measure to ensure that they are protected. Moreover, individuals who have experienced cyber-attacks do not also take the necessary steps to ensure that their systems are secured (Mitnick & Wozniak, 2016). Apparently, it is vividly clear that “the human security is truly security’s weakest link.” Making people realize that they are not safe and that they need to up their security is the best way to solve the problem. Having that in mind, I would employ two major policies that will ensure that vital information does not get into hands of unauthorized individuals for manipulation.
Firstly, all sensitive data is stored in a designated bin to prevent dumpster (Dulaney & Easttom, 2014). The bin that is used to store sensitive data is locked and passed on to a contracted company that will take custody of the data. The organization from which the data comes from can access it either monthly or bi-monthly depending on its needs.
Use your promo and get a custom paper on
"Social Engineering Attack".
Secondly, a password policy should be employed to keep off unauthorized personnel from accessing an organization’s information. Nevertheless, it is important that the policy emphasizes the use of a strong password rather than a generic password that can be easily accessed or interfered with by unauthorized individuals. A strong password is one that embraces one capital letter, and numbers and other characters (Dulaney & Easttom, 2014). Moreover, the password should be changed after every three months to ensure that the data stored in a system is safe. The policy should also make sure that six prior passwords cannot be used again. Essentially, it means that an organization cannot reuse its last six passwords but rather employ new ones that are not similar to the last passwords that were used. On top of that, the policy should ensure that a newly employed password has three tries that are locked out to it. The policy should also ensure that employees read and understand its content before signing and pledging never to share the organization’s password with any other person (Mitnick & Wozniak, 2016).
Question 2
Physical control Description Example
Alarm It is a physical access control that draws attention to a breach or a breach that is likely to occur (Ye, Heidemann, & Estrin, 2014).
1. Sirens
2. Emails that are designed to create attention
3. Flashing light meant to draw attention.
Biometrics A biological trait that is employed to identify a person entering or transacting with an organization (Ye, Heidemann, & Estrin, 2014).
1. Retina scanners
2. Finger print scanners
3. Handprint scanners
4. Facial recognition applications
Motion detection A physical control whose core mandate is to detect motion in movements in an area that is highly protected (Ye, Heidemann, & Estrin, 2014).
1. Microwave/ sonic sensor
2. Infrared
3. Hybrid variety of sensors
4. Lights that turn on when a person enters a protected area.
5. An alarm that signals when a person enters a protected area.
Hardware Lock It is a type of physical control that applies physical security modifications to ensure that a system is secure and prevent it from leaving a facility or a given premise (Ye, Heidemann, & Estrin, 2014).
1. Locking cabinets
2. Cable locks
Question 3
Type of Control Definition Example
Preventive It is a type of control that curbs an intrusion before it occurs (Ye, Heidemann, & Estrin, 2014).
1. Access keycard systems
2. Looked doors.
Deterrent It is a type of control whose purpose is to warn an attack thus preventing it from happening (Ye, Heidemann, & Estrin, 2014).
1. A warning of prosecution that has been posted on a notice.
Administrative A type of control that embraces policies, procedures and guidelines in a company or business enterprise (Ye, Heidemann, & Estrin, 2014).
1. The process that is employed in case of a break-in.
2. Steps to be taken when the contract of an employee has been terminated or comes to an end.
Compensation It is a type of control that employs backup to protect a system in case other systems fail (Ye, Heidemann, & Estrin, 2014).
1. An alarm that rings when a door is about to be opened.
2. A backup generator that is employed to provide electricity in case of a power outage.
Detective
A kind of control where a violation is uncovered when all other control measures have failed, a time during which an alarm is required to be raised (Ye, Heidemann, & Estrin, 2014).
1. Checksum on a file that has been downloaded
2. An alarm that rings when a door has been pried
Technical These are types of controls that are implemented using technology and they can be deterrent, preventive, compensation or detective (Ye, Heidemann, & Estrin, 2014).
1. IPS
2. IDS
3. Firewall
- Dulaney, E. & Easttom, C. (2014). CompTIA Security+ Study Guide: SY0-401, 6th Edition. [VitalBook File]. Retrieved from kaplan.vitalbook.com
- Mitnick, K. D., Simon, W. L., & Wozniak, S. (2016). The Art of Deception: Controlling the Human Element of Security, 2002. Paperback ISBN 0-471-23712-4.
- Ye, W., Heidemann, J., & Estrin, D. (2014). Medium access control with coordinated adaptive sleeping for wireless sensor networks. IEEE/ACM Transactions on Networking (ToN), 12(3), 493-506.
