Last day of the OFFER FLAT 20% off & $20 sign up bonus Order Now

Last day of the offer FLAT 20% off & $20 sign up bonus

us

Free Resources

  • icon 75000+ Completed Assignments
  • icon 1500+ PhD Experts
  • icon 100+ Subjects we cater
  • icon 100% Secure Payment

CS155 Computer and Network Security

Published : 30-Aug,2021  |  Views : 10

Question:

Each student will write a white paper on the SANS Critical Security Controls (CSC) Survey document below.

Critical Security Controls Survey: Moving from Awareness to ActionPreview the documentView in a new window

Adoption of the Critical Security Controls is a hot topic in todays organizations. Review the CSC survey document and provide at least one suggestion on three different controls for an organization to move from awareness of the CSCs to implementation. 

Answer:

Introduction

The requirements and standard require for the security framework have been developed for securing the critical data and enterprise systems from significant risks. Moreover, the diversification of the resource has been analyzed as a serious issue in the industrial sector. The SANS Institute has conducted a detailed survey based on the adaptation of the Critical Security Controls on the private and government industry. A total of 699 respondents has participated in the survey where the 45% of the respondents were analyst and security administrators (Tarala). Whereas the 25% of the remaining were senior professionals of security and the remaining 10% comprises of directors and IT managers. Apart from that, the respondents represented a broad range of organizations having employees ranging from 200 to 2000.   

Background

The survey conducted on the respondents have 88% of the sample having awareness of the security controls that provided reliability of the data obtained. The implementation of the CSC has become one of the significant tools for blocking, mitigating and detecting the security threats. In the white paper, the SANS has discovered 20 major security controls that can be implemented in an origination for securing the sensitive information from security threats and risks.

Suggestions to security controls

Suggestions to implement malware defenses:

The malware defense has been identified as one of the major control strategy required for the implementing safety and security at an organization. According to the survey conducted by SANS, the control of malware defense has been identified as the highest priority selected by the respondents.

(Dunn Cavelty) showed that the impact of the malware and virus attack on the organization often results in the financial and productivity loss. Apart from that, (Sathe) claimed that various worms and malware are designed for stealing the sensitive information from the computers. The traditional methods for protecting against the malware software like firewalls and anti-virus software minimizes the security risks but fails to provide complete protection against malware. According to (Tarala), for ensuring the maximum security from the malware, the organization needs to increase the awareness of security issues among the employees. For increasing the awareness among the employees, the organization needs to identify the systems, risks and possible security threats in the system. In addition to that, (Von Solms and Johan) showed that employees need to be informed the reason the existing anti-virus software are unable to prevent the security attacks.

In a study, (Amin) showed that implementing the “intrusion detection signatures”, “anti-virus signatures” software patches and vulnerability alert helps in lowering the security risks in the organization. On the other hand, (Von Solms and Johan) illustrated that the application and implementation of the “intrusion detection system”. The protection from the malware application is not a one-time process but needs to be regularly monitored and updated. (Vijayan and Mark Hardy) showed that the various process that needs to be followed in an organization are authorizing the devices connected to the network, regular updating the operating system, updating the anti-virus regularly and conducting a regular scan of the vulnerabilities.

Suggestions to Inventory of authorized and Unauthorized Devices:

In the survey conducted by SANS, the control for “inventory of authorized and unauthorized devices" has been ranked seventh according to the feedback of the respondents. (Cavelty) showed that the use security control for unauthorized and authorized devices on the organization network helps in defining a baseline for defending the organization components. (Choucri, Stuart and Priscilla) showed that the use of passive and active scanners on the network helps in detecting any intrusion and unauthorized access on the network. (Dunn Cavelty) argued that the determining the authorized and unauthorized access from the organization is not possible with the determination of all the devices that are connected to the network. The organization needs to have a clear idea about all the devices connected to the network. In addition to that, the organization needs to determine the authentication level of each user of the organization. According to (Von Solms and Johan), the organization needs to ensure that after providing authorization of devices, it is essential to prevent the access of the unauthorized access from the organizational network.

(Choucri, Stuart and Priscilla) illustrated that, managing, controlling and tracking the hardware devices helps in controlling and preventing the security issues. On the other hand, (Amin) showed that the deployment of DHCP (“Deploy Dynamic Host Configuration Protocol”) on the server allows detecting the unknown and unauthorized system with the information acquired from DHCP. Similarly, (Sathe) described that deployment of the discovery tools of automated asset inventory scans the private network for detecting any intrusion. For the ensuring and protecting the security vulnerabilities and gaps, the organization needs to physically secure the inventory database and needs to back up all the secure data for tackling the data loss and theft.

Suggestions to Data Recovery Capabilities:

The data recovery control for the organizational security has been given third priority according to the response provided by the response in the survey. (Choucri, Stuart and Priscilla) claimed that in the case of security attacks and exploit of data, significant changes are made in the systems software and configurations. In addition to that, the sensitive data or the organization are significantly jeopardized with the risks of major data loss and polluted information. The recovery of data after the security attacks becomes extremely difficult while ensuring the exact extraction of the data.

The employees of the organization need to be aware of the data backup on a regular or weekly basis. The organization needs to conduct a regular restoring and backup of data on a regular interval. (Cavelty) showed that the backup competent of the organization should include the sensitive data, operating system and software used in the organization. apart from that, the backup file and database needs are physically protected and through encryption.

Conclusion

The implementation of the security control helps in protecting the organization from the significant risks. The whitepaper provided on the Critical Security Control has successfully identified the level of security measures taken in the organization based on the identified security threats.

References

Amin, Saurabh. "Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks." IEEE Transactions on Control Systems Technology (2013): 1963-1970.

Cavelty, Myriam Dunn. "Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities." Science and engineering ethics (2014): 701-715.

Choucri, Nazli, Madnick Stuart and Koepke Priscilla. "Institutions for Cyber Security: International Responses and Data Sharing Initiatives." (2016).

Dunn Cavelty, Myriam. "From Cyber?Bombs to Political Fallout: Threat Representations with an Impact in the Cyber?Security Discourse." International Studies Review (2013): 105-122.

Sathe, Abhijit Vitthal. "Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model." PARIDNYA-The MIBM Research Journal (2013).

Tarala, James. "Critical Security Controls: From Adoption to Implementation." (2014).

Vijayan, Jaikumar and G. Mark Hardy. "Security Spending and Preparedness in the Financial Sector." A SANS Survey (2015).

Von Solms, Rossouw and Van Niekerk Johan. "From information security to cyber security." Computers & Security (2013): 97-102.

Our Amazing Features

delivery

No missing deadline risk

No matter how close the deadline is, you will find quick solutions for your urgent assignments.

work

100% Plagiarism-free content

All assessments are written by experts based on research and credible sources. It also quality-approved by editors and proofreaders.

time

500+ subject matter experts

Our team consists of writers and PhD scholars with profound knowledge in their subject of study and deliver A+ quality solution.

subject

Covers all subjects

We offer academic help services for a wide array of subjects.

price

Pocket-friendly rate

We care about our students and guarantee the best price in the market to help them avail top academic services that fit any budget.

Not sure yet?

Get in touch with us or

get free price quote.

Get A Free Quote