Threats to data at rest

1 page table is required, you can use all tables to make one

Create a 1-page table in Microsoft® Word or Excel® listing a minimum of five threats using the column headers Threat to Data-at-Rest, Confidentiality/Integrity/Availability, and Suggestion on Countering the Threat.

In the Confidentiality/Integrity/Availability column, identify whether each of the following are affected:

· Confidentiality

· Integrity

· Availability

· Some or all of the three (Confidentiality, Integrity, and/or Availability)

Include suggestions on how to counter each threat listed.

Place your list in the 3 columns of a table in a Microsoft® Word or Excel® document.

Submit your assignment using the Assignment Files tab.

Protecting Data

Threat to Data-at-Rest

Confidentiality

Affected?

Integrity

Threat

Availability

Threat

Suggestions on how to counter Threat

Denial of Service (DoS) to company website (not accessible), or to computer software / hardware (power failure) / Temporary loss of data or services that may or may not be restored (Smith, 2016).

Yes

Risk can be countered for website transactions by implementing an alternative method of accepting payments (in-store); or for computer hardware/software by installing an uninterruptable power supply (UPS) to allow systems to function without power.

Identity Theft / Threat to customers regarding identity theft, fraud, theft of funds, etc. and threat to organization storing the data regarding lawsuits, exposure to loss, etc.

Yes

Yes

Risk can be countered by encrypting data, educating consumers to keep account numbers secure, and identifying any vulnerability in the system where data can be accessed.

Disclosure / Threat of confidential company data being exposed to others who are not authorized to view it.

Yes

This type of threat can be countered by implementing complex passwords on laptops and desktops to protect company data exposure.

Masquerade / Access to company network via user who pretends to be the real user and sends messages or manipulates electronic data. Risk of Identity theft.

Yes

Yes

Response to counter this type of threat is to implement a layered security structure. Limiting access via Least Privilege Controls would be a good defense.

Physical Damage to Data or Hardware / According to TrustedComputingGroup.org (2017), “Data backup, off-site mirroring, and other data replication techniques may increase the risk of unauthorized access” or loss. (p. 1, Solutions Guide for Data at Rest).

Yes

Yes

Data stored off-site should definitely be encrypted. If possible, using several layers of encryption is a viable solution. Backups are a critical factor in recovering from this type of threat.

Ransomware / Liability would be greater and damages can be extreme, if no backups exist then company will have to pay a ‘ransom’ to get the encryption key to unencrypt their data files and restore them.

Yes

Yes

Yes

The best defense of this type of threat is to have a service such as Datto and a Datto backup continuity device installed so that the entire company’s data is backed up on scheduled intervals. This would alleviate the need to pay cyber criminals a monetary ransom to get the encryption key to unlock a company’s data.

Physical Loss / Stolen/Lost mobile devices containing sensitive company data.

Yes

Yes

Yes

Applications are available to install on mobile devices that allow users to wipe their device remotely. This would help secure stored data at rest on mobile devices.

Subversion / Viruses, Worms, and Botnets can infiltrate company website and download malware through company network/files/database.

Yes

Yes

Yes

Periodic updates to anti-virus software will be a necessity in keeping the system free of potential security breaches.

Table 1. Cyber Threats and Risks for CIA (2017).

References

Smith, R. (2016). Elementary information security (2nd ed.). Jones & Bartlett Learning.

EC-Council Official Curriculum (2016). Certified secure computer user: EC Council courseware. EC-Council.

TrustedComputingGroup.org (2017). Solutions Guide for Data at Rest. Retrieved from https://www.trustedcomputinggroup.org/wp-content/uploads/SSIF_Solutions_Guide_for_Data-at-Rest.pdf

Table 2

CYB/110 Week 1 Assignment

Protecting Data Table

Threat to Data-at-Rest

Confidentiality/Integrity/Availability

Suggestion on Countering the Threat

Unauthorized access to unused data while on Database.

Confidentiality, as unauthorized access to the data will compromise user’s privacy.

The simple suggestion would be to take great steps on who is authorized to access the database and investing extra money to ensure the data is well secured while not being active.

Loss of inactive data from a corrupted HDD.

Availability since the loss of data means it won’t available when it is needed

The suggestion to counter corrupted issues would be to set up at least a RAID 1 configuration to decrease the possibility of Data Loss.

Data-at-Rest becoming unreadable from changing programs or different updates

Availability as incorrect updates or a change of program can compromise availability to said data

Performing Software testing before rolling out new software updates or converting to a new program to ensure the older data is still accessible with new software.

Insufficient amount of Bandwidth to access the Data-at-Rest when needed

Availability as an insufficient amount of bandwidth and prevent users from access the inactive data when needed.

Perform regular tests to ensure proper network speed. This will guarantee the data will be efficiently accessible if needed instead of worrying about slow load times.

Out of date security which compromises the Data-at-Rest if not properly current in security standards.

Confidentiality since out of date security standards can compromise the privacy of the confidential Data-at-Rest.

While updating the more used software, the company must also consider the data that is less used but still important. They need to routinely compare the network security of the data-at-rest to the most current security standards.

Table 1. Protecting Data (2017).

Reference Page

Smith, R. (2016). Elementary information security (2nd ed.). Jones & Bartlett Learning.

Table 3

CYB/110 Week 1 Assignment

Protecting Data Table

STUDENT NAME

Protecting Data

Threat to Data-at-Rest

Confidentiality

Affected?

Integrity

Threat

Availability

Threat

Threat Mitigation

Database of Account

Numbers / Threat to customers regarding identify theft, fraud, theft of funds, etc. and threat to organization storing the data in regard to lawsuits, exposure to loss, etc.

Yes

Yes

Yes

Risk can be countered by encrypting data, educating consumers to keep account numbers secure, and identifying any vulnerabilities in the system where data can be accessed.

Employee Database / Threat to company from cyber criminals who can steal this information and commit identity theft using the employee’s information such as social security #’s, address, salary, etc.

Yes

Yes

Yes

Risk can be countered by enacting authentication controls thereby limiting access to this data and strong security to protect data from outside threats.

Customer Database / Similar threat as employee database, only more exposure for companies because liability would be greater and damages can be extreme.

Yes

Yes

Yes

Database encryption seems to be the number one protection for data at rest.

Student Database / Threat of cyber-attack whereas student identifying information could be stolen and/or if threat coming from students themselves, risk of grade changes, etc.

Yes

Yes

Yes

Authentication controls, encryption,

Applied Sciences

Architecture and Design

Biology

Business & Finance

Chemistry

Computer Science

Geography

Geology

Education

Engineering

English

Environmental science

Spanish

Government

History

Human Resource Management

Information Systems

Law

Literature

Mathematics

Nursing

Physics

Political Science

Psychology

Reading

Science

Social Science

Home

Blog

Archive

Contact

google+twitterfacebook

Copyright © 2019 HomeworkMarket.com