Data at rest threats

1 page table is required, you can use all tables to make one

Create a 1-page table in Microsoft® Word or Excel® listing a minimum of five threats using the column headers Threat to Data-at-Rest, Confidentiality/Integrity/Availability, and Suggestion on Countering the Threat.

In the Confidentiality/Integrity/Availability column, identify whether each of the following are affected:

· Confidentiality

· Integrity

· Availability

· Some or all of the three (Confidentiality, Integrity, and/or Availability)

Include suggestions on how to counter each threat listed.

Place your list in the 3 columns of a table in a Microsoft® Word or Excel® document.

Submit your assignment using the Assignment Files tab.

Protecting Data

Threat to Data-at-Rest

Confidentiality

Affected?

Integrity

Threat

Availability

Threat

Suggestions on how to counter Threat

Denial of Service (DoS) to company website (not accessible), or to computer software / hardware (power failure) / Temporary loss of data or services that may or may not be restored (Smith, 2016).

Yes

Risk can be countered for website transactions by implementing an alternative method of accepting payments (in-store); or for computer hardware/software by installing an uninterruptable power supply (UPS) to allow systems to function without power.

Identity Theft / Threat to customers regarding identity theft, fraud, theft of funds, etc. and threat to organization storing the data regarding lawsuits, exposure to loss, etc.

Yes

Yes

Risk can be countered by encrypting data, educating consumers to keep account numbers secure, and identifying any vulnerability in the system where data can be accessed.

Disclosure / Threat of confidential company data being exposed to others who are not authorized to view it.

Yes

This type of threat can be countered by implementing complex passwords on laptops and desktops to protect company data exposure.

Masquerade / Access to company network via user who pretends to be the real user and sends messages or manipulates electronic data. Risk of Identity theft.

Yes

Yes

Response to counter this type of threat is to implement a layered security structure. Limiting access via Least Privilege Controls would be a good defense.

Physical Damage to Data or Hardware / According to TrustedComputingGroup.org (2017), “Data backup, off-site mirroring, and other data replication techniques may increase the risk of unauthorized access” or loss. (p. 1, Solutions Guide for Data at Rest).

Yes

Yes

Data stored off-site should definitely be encrypted. If possible, using several layers of encryption is a viable solution. Backups are a critical factor in recovering from this type of threat.

Ransomware / Liability would be greater and damages can be extreme, if no backups exist then company will have to pay a ‘ransom’ to get the encryption key to unencrypt their data files and restore them.

Yes

Yes

Yes

The best defense of this type of threat is to have a service such as Datto and a Datto backup continuity device installed so that the entire company’s data is backed up on scheduled intervals. This would alleviate the need to pay cyber criminals a monetary ransom to get the encryption key to unlock a company’s data.

Physical Loss / Stolen/Lost mobile devices containing sensitive company data.

Yes

Yes

Yes

Applications are available to install on mobile devices that allow users to wipe their device remotely. This would help secure stored data at rest on mobile devices.

Subversion / Viruses, Worms, and Botnets can infiltrate company website and download malware through company network/files/database.

Yes

Yes

Yes

Periodic updates to anti-virus software will be a necessity in keeping the system free of potential security breaches.

Table 1. Cyber Threats and Risks for CIA (2017).

References