You just got a new job at a prestigious Cancer Treatment center. Your supervisor has requested you create and present to the C-Suite of the company, a lecture on the various actors your organization may face soon. The Manager impresses upon you the need for additional funding to secure key systems in the network but cautions you against creating a state of panic as none of those attending has a deep understanding of cybersecurity.
Create a 10- to 12-slide digital presentation for upper-level management that explains the possible threats. Include a title slide, reference slide and presenter’s notes.
Research and identify the various threat actors of the digital world to include: APTs, cyberterrorism, script kiddies, cybercriminals, hacktivists, and insider threats. Prioritize which threat actors would pose the greatest threat.
Use as reference the article “The Role of the Adversary Model in Applied Security Research,” Include an adversary model to compare and contract each threat actor. Include assumptions, goals, capabilities, favored techniques, and aversion to risk. Identify the bad actors in cyberspace and compare their resources, capabilities/techniques, motivations, and aversion to risk.
Additionally, include graphics that are relevant to the content, visually appealing, and use space appropriately.
Your C-Suite presentation with the upper-level management in PART A, provided a glimpse into threat actors and their abilities. The CEO has decided that an in-depth training on this topic is needed from a top-down perspective to educate employees company-wide.
The manager has tasked you to modify your lecture in PART A to include potential system attacks and the actors you identified that might be performed against the hospital. Your department is assigned the creation of a 3- to 5-minute cybersecurity educational video to help with this effort. Using task in Part A, build upon the threat actors identified and address the following: Include relevant information from your Part A task at the beginning of the video.
Describe potential system attacks and the actors that might perform them. Define the difference between a threat and a vulnerability. Provide at least two different attacks that each threat actor might perform against the hospital, from least serious threat to the most serious. You may not use the same attack on multiple threat actors, so choose carefully which threat actor is most likely to perform which attack.
Denial of service (DOS), distributed denial of service (DDOS).
DOS and DDOS attacks are common for any number of reasons. Research a recent attack within the last 5 years and find a related connection to social media where the attacker bragged or those affected complained about the attack. Why is this type of attack harmful to businesses? What are some mitigation techniques you would recommend?
Research and identify 0-day exploits. Why are these types of exploits especially dangerous to networks and technology? What are some mitigation tactics network defenders could use to help prevent this type of attack?
Your latest task on defining threat actors and possible attacks gave the boss a brilliant idea. She wants you to create a training guide on the various forms of malware to help train junior technicians in the IT department pass their upcoming certification exam. Create a table that can be utilized as a training guide that identifies, summarizes, and provides characteristics of at least ten different types of attacks and/or malware (to include DOS and DDOS attack).
Research the SANS Institute security lifecycle and provide a summary in your own words of the purpose, the scope of the ideology, and how you will apply this to your future career as a cybersecurity professional. Be sure to include the four steps within the process.
Based on the concepts of cybersecurity, research professional certifications available within the field of information technology and cybersecurity. Identify at least two professional certifications you believe would help further your goals as you move forward in your chosen career path.
QUESTION 7A Create a digital diagram of a castle, with all the necessary components. Also include the following: Gateway router, Firewall. Anti-Virus, VPN, SIEM, Data backup, Server, IPS, DMZ, MultiFactor Authentication
In not more than 750-words, analyze the castle in 7A, addressing the following:
· Within each defensive layer of the castle, identify the physical security aspect of the defensive structure and the technical aspect designed to protect the king, the server. (For instance, the castle gate would be considered a physical barrier and gateway router to a system. Not every portion of the diagram may have both a physical and technical aspect.)
· Incorporate within the design the physical security elements (deterrence, detection, delay, response) by identifying them throughout your castle design. Provide an explanation of the design for a professional nontechnical audience.
· Describe cyber defense tools, methods, and components, and explain how to apply cyber defense methods to prepare a system to repel attacks.
a) From your understanding of ARP, explain why conducting an attack on your roommate or place of work without their permission is illegal or unethical.
b) And explain why conducting an ARP attack on your virtual machine is legal.
According to research, social engineering makes up a majority of successful data breaches across the world. However, this simple attack vector is often forgotten in cybersecurity for more technical approaches. OSINT and other online tools provide a wealth of information about individuals. However, this information can be used in unethical and immoral ways as we have seen in social engineering attacks performed by various malicious actors.
Part 1: What do you understand by these terms Spear Phishing Attack, phishing attack, Whaling Attack, Vishing Attack and Smishing Attack
Part 2: Having in mind that you can use open-source intelligence tools such as the OSINT framework, Facebook, LinkedIn, Pinterest, and other social media websites to research someone. Choose and create two attacks from the list below and include examples. Spear Phishing Attack, phishing attack, Whaling Attack, Vishing Attack or Smishing Attack
Write a 250- to 500-word reflection discussing the moral and ethical considerations as they relate to cyberstalking from a Christian worldview of human flourishing. What other abusive behaviors can be performed through the tools we have used, and why, as cybersecurity professionals, must we be ever vigilant in our ethical decisions? Examine how the internet is used for cybercrime, cyberstalking, and other abusive behaviors. Include at least one biblical reference in your response.
Common vulnerabilities and exposures (CVE) are a list of publicly disclosed computer security flaws. Assume your organization wishes the system to remain online and fully functional. Discuss in detail a chosen specific vulnerability and provide a plausible threat, and how you would mitigate it.
In not more than 500 words write a report on
a) The effectiveness of applications if they were directly related to a financial institution, government entity, or an ecommerce website in terms of cybersecurity in preventing crime and abuse.
b) The potential vulnerabilities with Nmap -p- -A #, Kioptrix 3 website, Kioptrix 3 website source page, Nikto, and OWASP ZAP.
c) At least two different potential web extensions that could provide information to an attacker and describe why it is dangerous.
d) Explain a defensive strategy to offset the vulnerability in C above
include a title page, table of contents, overview, and summary.