Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Threats attacks and vulnerability assessment

05/01/2021 Client: saad24vbs Deadline: 2 Day

CMGT/400v7


Threats, Attacks, and Vulnerability Assessment Template


CMGT/400 v7


Page 3 of 4


C:\Users\djshirey\OneDrive - University of Phoenix\F_Drive\Style Guides\UPX Logos\Horizontal format\UOPX_Sig_Hor_Black_Medium.pngThreats, Attacks, and Vulnerability Assessment Template

Instructions: Replace the information in brackets [ ] with information relevant to your project.


A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber-related interests. Take on the role of a Cyber Security Threat Analyst for the approved organization you chose. Research the following information about the organization you chose and complete the Threats, Attacks, and Vulnerability Assessment template.


[Amazon constitutes a multinational corporation focusing on technology products including e-commerce, artificial intelligence, and cloud-computing (Amazon, 2019). Amazon appears at the eighth position of Fortune’s fasters growing companies in the World and is described as the most significant digital retailer in the United States (Fortune, 2019). The company’s Amazon Web Services has also grown to be the leading online storage and service process in the US market (Fortune, 2019). The magnitude of the company makes it appropriate for the threat and vulnerability assessment of information systems security.]

Assessment Scope

What are the tangible assets included? (Must include virtualization, cloud, database, network, mobile, information systems.) Identify all information systems, critical infrastructure, and cyber-related interests and combinations that will be assessed. Also, describe information systems, critical infrastructure, and cyber-related interests which will not be assessed and explain why.


[ Amazon has a broad technical infrastructure that includes persons, tangible assets, and end-to-end security systems. The primary tangible assets for the company’s e-commerce and web services include the cloud, database, virtualization, network, information, and mobile systems. The scope of the cyber security threat analysis on the Amazon Web Services will consist of the database, network, and information systems. The company’s primary information systems include organizational, marketing, inventory, human resource, accounting, and financial information systems. Cyber-related interests associated with Amazon e-commerce and AWS platforms include mining of Big Data that the firm produces, economic data, and consumer data. Moreover, users might use the platform to advertise black market products. The organizational and inventory information systems will not be assessed as they do not present much risk for the company’s digital systems.]


System Model

A diagram and descriptions of each asset included in the assessment scope.


[ Fig 1: An example of an e-commerce system model.]


[The human resource information systems acquires the information of the merchants. They also hire customer service and product support employees who advertise and take care of customer issues. These involves massive data gathering given the magnitude of the company. The cloud information system comprises the stored online data for Amazon subscribers and registered users which is mostly acquired during order entry.The information could be a target for some attackers. The database system stores all the necessary data for analysis and transformation to information. It is associated with product presentation and order entry where the preferences of the customers can be accessed. Information is processed from the analysis of the data and is used by the management for decision making purposes. It is important to protect customer data and the analyzed information.]


Existing Countermeasures

Describe existing countermeasure already in place.


[ The Amazon technology department uses various countermeasures for protecting their cyber-systems. The AWS provides the cloud computing clients with data centers and custom network architectures to protect the end of their system’s environment. Network firewall, web application firewalls, encryption, and private enabled connectivity options include other countermeasures used by the company to protect its critical infrastructure. Also, Amazon protects its data through varying data encryption capabilities including SQL Server RDS, EBS, Oracle RDS, and Glacier. The Amazon web platform uses the server-side encryption (SSE) for the transmission of sensitive data by encrypting the message queues. Another method used to prevent cyber threats and attacks includes hardware-based cryptographic key storage that facilitates the achieve compliance requirements.]


Threat Agents and Possible Attacks

Define 12 to 15 threat agents and possible attacks.


[ Numerous agents of cyber threat and cyber-attack exist in Amazon’s information systems and critical infrastructure environment. Additionally, more possible cyber-attacks can be aimed at Amazon given its market-leading position and amount of data it possesses. Some of the attacks include phishing and spear phishing attack, birthday attack, password attack, malware attack, denial of service (DoS), SQL injection attack, man-in-the-middle (MitM) attack, eavesdropping, attack, cross-site scripting (XSS) attack, and distributed denial-of-service (DDoS) attacks(Jang-Jaccard & Nepal, 2014np). Phishing is defined as the process of sending emails that look like they are from trusted sources with the aim of accessing private information or inducing the system users to act. Conversely, spear phishing involves an evolved form of phishing where the attacker targets a specific individual and conducts research on them and develop personal and relevant messages making it harder to detect and defend against. The birthday attack defines the probability of establishing two random words that generate the same message digest when a hash algorithm is made against the digital signature, software, or message.


The SQL injection attack is majorly used on database-driven websites such as the Amazon e-commerce website making it a possible attack. It includes the execution of a SQL query by the malefactor into the database through the input data from the client to the server. Drive-by attacks happen when hackers search for insecure websites and place malicious scripts into the HTTP or PHP code on either of the pages where the text may redirect the victim to a site that is affiliated to the hackers(Jang-Jaccard& Nepal, 2014np). Additionally, the malware may install immediately onto the computer of the user who browses the site. A DoS attack overpowers the resources of a system so that it can react to service requests whereby the DDoS attack involves the control of a large number of the systems host machines by an attacker who launches it by infecting them with malicious software (Jang-Jaccard & Nepal, 2014np). Examples of the Dos and DDoS attacks include botnets, smurf attack teardrop attack, and ping-of-death attacks. Conversely, the Man-in-the-middle attack happens when the infiltrator inserts themselves between the path of a client and server (Jang-Jaccard & Nepal, 2014np). Some of the MitM attacks include session hijacking, replay, and IP spoofing.


Password attacks include attacks on the authentication process of a specific user or system and can be achieved through social engineering, accessing a password database, and guessing(Jang-Jaccard & Nepal, 2014np). Brute-force and dictionary attacks include the two types of password attacks that can be used on the Amazon information system. Finally, eavesdropping attacks occur when an attacker intercepts the network traffic and is usually used to obtain passwords and credit card numbers that a user may transmit over the network.]


Exploitable Vulnerabilities

Identify 7 to 9 exploitable vulnerabilities.


[ Exploitable vulnerabilities include system weakness that an attacker can utilize to perform their illegal actions within the digital system of an organization. Malware constitutes a conventional method of intruding a system, and while the Amazon systems can be deemed secure, new malware is created everyday implying that it is exploitable. The employees can be another exploitable vulnerability when approached through social engineering and spear phishing attacks (Jang-Jaccard & Nepal, 2014np). Internet of Things (IoT) devices that are used in the work environment such as smart printers, smart coffee makers, smart refrigerators, and manufacturing robots can be used by attackers to create slave networks of compromised appliances to perform more attacks(Jang-Jaccard & Nepal, 2014np). The fourth exploitable vulnerability includes the failure to patch security vulnerabilities once they are found out using the latest updates. Employees can also be considered as exploitable vulnerabilities when they attack the system intentionally, rather than external influence. The sixth exploitable vulnerability includes the company’s e-commerce point-of-sale which may be breached by stealing third-party vendor credentials such as data on the payment card (Jang-Jaccard & Nepal, 2014np). The last exploitable vulnerability is the source code of various website pages that may be infiltrated by use of malware.]


Threat History/Business Impact

Threat History Events


Duration


Business Impact


Threat Resolution


[Data breach due to a technical error (Smith 2018 np)}


[]


[Data for 60 million users]


[Malware protection]


[DDoS attack on Prime DaySmith 2018 np)]


[Hour]


[$75 million]


[Malware Protection]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


Risks and Contingencies Matrix

Risk


Probability


Priority


Owner


Countermeasures/Contingencies/Mitigation Approach


[Malware attack]


[Low]


[Low]


[User]


[Security policies restricting extensive use of corporate internet resources]


[Phishing attack]


[High]


[High]


[User]


[Training on system vulnerability]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


[Response]


References


Amazon. (2019). About Us. Amazon. Retrieved January 18, 2019 from https://www.aboutamazon.com/?utm_source=gateway&utm_medium=footer


Fortune. (2019). Amazon. Fortune 500. Retrieved January 18, 2019 from http://fortune.com/fortune500/amazon-com/


Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993. doi: 10.1016/j.jcss.2014.02.005


Smith, A. (2018). Amazon ‘technical error’ exposes undisclosed number of customer names and emails. CSO. Retrieved January 18, 2019 fromhttps://www.csoonline.com/article/3322973/security/amazon-technical-error-exposes-undisclosed-number-of-customer-names-and-emails.html


Copyright© 2018 by University of Phoenix. All rights reserved.


Copyright© 2018 by University of Phoenix. All rights reserved.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Helping Hand
University Coursework Help
Writer Writer Name Offer Chat
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$100 Chat With Writer
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$102 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Cbee 213 - Ricon s series lift troubleshooting - 9781433813757 - Written Discussion: Critical Listening/Careful Listening While viewing the following two videos, listen carefully. Answer questions Due Tomorrow 9/02/2020 by 7:00 pm pacific USA time. - Human Resources research paper: Work place stress and effects on employees - Tcp state machine diagram - School catchment area peterborough - Society and culture hip hop notes - They say i say templates answers - Lewis dot structure formal charge - Predicting consumer tastes with big data at gap case solution - What protist causes chagas disease - Rural conservation zone victoria - Managerial accounting exercises and solutions - Damien hirst shark value - Knights of the fiery cross - 4s week 7 assignment IA - Picot question for short staffing - Does the protection of one domestic industry harm another - Unity multiple choice game - Injustice in montana 1948 - Regulation for Nursing Practice Staff Development Meeting - Terror's purse strings annotated - 5 points of chivalry - Power pressure cooker xl lid parts - Description of a haunted castle - Elizabeth freake - What is the meaning of agriculture - Corporate level strategy of p&g - Global corporate citizenship stages - Holes comprehension questions and answers - Sexual innuendo in disney movies - Sons of korah psalm 91 - Australian ymca institute of education and training - Tundra in a simple sentence - 17 caroline street redfern - How to write a good hypothesis worksheet answers - How to enter charges in epic - Gl noble denton uae - Intermediate accounting chapter 21 solutions - What is the value of a hanging drop preparation - Elements of an ethical sampling plan in nursing - Sister cities of brisbane - Week 5 - Chemistry - University of birmingham email - Achieving a cost advantage over rivals entails - The hate u give literary analysis - Ledger calendar ax 2012 - How to draw a climate - Xix xix roman numeral - Statistics chapter 1 homework answers - The drinking water needs of a production facility - If you adopt ethical egoism as your moral code then - Personification in to his coy mistress - Course project outline example - Criteria for speech competition - Lord of the flies chapter 11 vocabulary - Darden's global supply chains case study - Beneath her shirt a book was eating her up - Deloitte and PWC chosen model is B2B only - Adjusted cash balance per books - Persuasive Speech Outline - Repost - Darrell lea hard centred chocolates - Preoperative phase nursing care - Unitary method lesson plan - Larry haun framing hammer - Royal glamorgan hospital map - Starbucks mission social responsibility and brand strength case study - Sir gawain and the green knight adaptations - Organizes and codes patient records gathers statistical data - David schanzer wikipedia - Star wars rise of skywalker cinepolis - Walmart point of sale system - Https ve drhorton com login jsp - Miller corporation has a premium bond making - They say i say 4th edition chapter 4 summary - Billy madison show deadbeat mom - Bayfield mud company case study excel - Lifemax 60 air hockey table - I need 3200 words on Business planning E-Management in USA and UK - Discussion 8 - Description provided is insufficient to classify commodity fedex - Who is wendy's target market - One word from god can change your finances pdf - Clinical Field Experience A - Hiscox guide for baptist churches pdf - Cardinal glass industries inc subsidiaries - Viewpoint os map symbol - Car-o-liner quick 42 price - Fleck 2900 valve manual - Master of counselling and psychotherapy ecu - Health and social care professions council - Identifying an arguable thesis - Copper and silver nitrate reaction - RN Capstone Week 5 - Simnet hcc - How to prepare for spanish oral exam - The art of metacommentary they say i say - Viking dry pendent sprinkler