Paper name: Information security and cyber laws

Unit: 4

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The risk analysis is
applied to information technology, projects, security issues and any other event where risks may be analysed
based on a quantitative and qualitative basis. Risks are part of every IT project and business organizations.
The analysis of risk should be occurred on a regular basis and be updated to identify new potential threats.
The strategic risk analysis helps to minimize the future risk probability and damage.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information systems to
effectively and efficiently protect their IT assets. Risk analysis can help an organization to improve their
security in many ways. These are:

o Concerning financial and organizational impacts, it identifies, rate and compares the overall impact of
risks related to the organization.

o It helps to identify gaps in information security and determine the next steps to eliminate the risks of
security.

o It can also enhance the communication and decision-making processes related to information
security.

o It improves security policies and procedures as well as develop cost-effective methods for
implementing information security policies and procedures.

o It increases employee awareness about risks and security measures during the risk analysis process
and understands the financial impacts of potential security risks.

Steps in the risk analysis process:

The basic steps followed by a risk analysis process are:

Conduct a risk assessment survey:

Getting the input from management and department heads is critical to the risk assessment process. The risk
assessment survey refers to begin documenting the specific risks or threats within each department.

Identify the risks:

This step is used to evaluate an IT system or other aspects of an organization to identify the risk related to
software, hardware, data, and IT employees. It identifies the possible adverse events that could occur in an
organization such as human error, flooding, fire, or earthquakes.
Analyse the risks:

Once the risks are evaluated and identified, the risk analysis process should analyse each risk that will occur,
as well as determine the consequences linked with each risk. It also determines how they might affect the
objectives of an IT project.

Develop a risk management plan:

After analysis of the Risk that provides an idea about which assets are valuable and which threats will
probably affect the IT assets negatively, we would develop a plan for risk management to produce control
recommendations that can be used to mitigate, transfer, accept or avoid the risk.

Implement the risk management plan:

The primary goal of this step is to implement the measures to remove or reduce the analyses risks. We can
remove or reduce the risk from starting with the highest priority and resolve or at least mitigate each risk so
that it is no longer a threat.

Monitor the risks:

This step is responsible for monitoring the security risk on a regular basis for identifying, treating and
managing risks that should be an essential part of any risk analysis process.

Key principles of conventional computer security:

In present day scenario security of the system is the sole priority of any organisation. The main aim of any
organisation is to protect their data from attackers. In cryptography, attacks are of two types such as Passive
attacks and Active attacks.

Passive attacks are those that retrieve information from the system without affecting the system resources
while active attacks are those that retrieve system information and make changes to the system resources and
their operations.

The Principles of Security can be classified as follows:

1. Confidentiality:
The degree of confidentiality determines the secrecy of the information. The principle specifies that
only the sender and receiver will be able to access the information shared between them.
Confidentiality compromises if an unauthorized person is able to access a message. For example, let
us consider sender A wants to share some confidential information with receiver B and the
information gets intercepted by the attacker C. Now the confidential information is in the hands of an
intruder C.

2. Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of
the person trying to access the information. The authentication is mostly secured by using username
and password. The authorized person whose identity is preregistered can prove his/her identity and
can access the sensitive information.
 3. Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the content of the
message is changed after the sender sends it but before reaching the intended receiver, then it is said
that the integrity of the message is lost.

4. Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent through a
network. In some cases the sender sends the message and later denies it. But the non-repudiation does
not allow the sender to refuse the receiver.

5. Access control:
The principle of access control is determined by role management and rule management. Role
management determines who should access the data while rule management determines up to what
extent one can access the data. The information displayed is dependent on the person who is
accessing it.

6. Availability:
The principle of availability states that the resources will be available to authorize party at all times.
Information will not be useful if it is not available to be accessed. Systems should have sufficient
availability of information to satisfy the user request.

Security Policies of network security:

Security policies are a formal set of rules which is issued by an organization to ensure that the user who are
authorized to access company technology and information assets comply with rules and guidelines related to
the security of information. It is a written document in the organization which is responsible for how to
protect the organizations from threats and how to handles them when they will occur. A security policy also
considered to be a "living document" which means that the document is never finished, but it is continuously
updated as requirements of the technology and employee changes.

Need of Security policies:

1) It increases efficiency

The best thing about having a policy is being able to increase the level of consistency which saves time,
money and resources. The policy should inform the employees about their individual duties, and telling them
what they can do and what they cannot do with the organization sensitive information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security policy of the
organization will back up any disciplinary action and also supporting a case in a court of law. The
organization policies act as a contract which proves that an organization has taken steps to protect its
intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to other vendors
during a business deal that involves the transference of their sensitive information. It is true in a case of
bigger businesses which ensures their own security interests are protected when dealing with smaller
businesses which have less high-end security systems in place.

What is authentication in cyber security?

The process of authentication in the context of computer systems means assurance and confirmation of a
user's identity. Before a user attempts to access information stored on a network, he or she must prove their
identity and permission to access the data. When logging onto a network, a user must provide unique log-in
information including a user name and password, a practice which was designed to protect a network from
infiltration by hackers. Authentication has further expanded in recent years to require more personal
information of the user, for example, biometrics, to ensure the security of the account and network from
those with the technical skills to take advantage of vulnerabilities.

What is Data Protection?

Data protection is the process of safeguarding important data from corruption, compromise or loss and
providing the capability to restore the data to a functional state should something happen to render the data
inaccessible or unusable. Data protection assures that data is not corrupted, is accessible for authorized
purposes only, and is in compliance with applicable legal or regulatory requirements. Protected data should
be available when needed and usable for its intended purpose. The scope of data protection, however, goes
beyond the notion of data availability and usability to cover areas such as data immutability, preservation,
and deletion/destruction. Roughly speaking, data protection spans three broad categories, namely, traditional
data protection (such as backup and restore copies), data security, and data privacy as shown in the Figure
below. The processes and technologies used to protect and secure data can be considered as data protection
mechanisms and business practices to achieve the overall goal of continual availability, and immutability, of
critical business data.

What Is Access Control?

Access control is a data security process that enables organizations to manage who is authorized to access
corporate data and resources. Secure access control uses policies that verify users are who they claim to be
and ensures appropriate control access levels are granted to users.

Implementing access control is a crucial component of web application security, ensuring only the right users
have the right level of access to the right resources. The process is critical to helping organizations avoid data
breaches and fighting attack vectors, such as a buffer overflow attack, KRACK attack, on-path attack,
or phishing attack.

Internal And External Threat of cyber security:

The majority of external attacks happen in order to steal confidential information through the use of malware
such as worms, Trojan horse viruses, phishing and the like. Some cybercrime groups such
as Anonymous carry out attacks against governments and corporations for a variety of reasons, often to teach
them a social or moral lesson. While your business might not be a target for Anonymous, it is still a target for
other cyber intruders. The most common external attacks targets customer data held by companies, as this
personal information has a price tag on the dark web, and stealing data is an easy way to make a living.
An insider threat can be defined as ‘a current or former employee, contractor or other business partner with
access to the organisation’s network, system or data and intentionally misuses them or whose access results
in misuse’. Most internal cyber-attacks are after employee information, potentially for poaching or recruiting
purposes. On the other hand, there are also cases of disgruntled employees with access to servers and
confidential information that tend to target and steal intellectual property in order to carry out their personal
vendetta.

While some internal threats lack intention, in other words the employee acted in such a way that sensitive
data was accidentally compromised, the effect is the same regardless.

What exactly is Security Assurance?

Security assurance is an umbrella term for several processes aimed at ensuring individual system
components can adequately protect themselves from attacks. Doing so requires not just a one-time effort, but
actually spans the complete system lifecycle. After all, what is considered an acceptable security posture may
change over time depending on, for example, newly emerging threats or changes to how the system itself is
utilized.

Computer forensics and incident response:

Digital forensics and incident response (DFIR) is a specialized field focused on identifying, remediating, and
investigating cyber security incidents. Digital forensics includes collecting, preserving, and analyzing
forensic evidence to paint a full, detailed picture of events. Incident response, meanwhile, is usually aimed at
containing, stopping, and preventing an attack.

When combined, digital forensics and incident response get your business back up and running while
identifying and closing security vulnerabilities — and it gives you the evidence you need to press charges
against the criminals who targeted your operations, or support a cyber insurance claim.

What is digital forensics?

Digital forensics is a branch of forensic science that covers digital technology. Analysts focus on the
recovery, investigation, and examination of material found on digital devices. The end goal of digital
forensics is to gather and preserve evidence to aid in prosecuting cyber crime, should the culprits behind an
attack face criminal charges.

There are generally four major reasons why an organization will engage in digital forensics:

• To confirm whether a cyber attack took place or not

• The full impact of a cyber incident is unknown

• The cause behind a cyber attack isn’t known

• Evidence proving a cyber attack took place is required

Like any forensic investigation, speed is critical, especially if an attack or compromise is ongoing. Moving
quickly can help stop an active cyber incident.
An active computer, network, or device is continuously producing data that may be crucial to an
investigation, even while sitting idle. Over time, the risk that this data is deleted, overwritten, or otherwise
altered increases. Many forensic artifacts are highly dependent on the state of a computer in the immediate
aftermath of an incident. Forensic investigators need to move quickly to ensure they capture all this
information before it is lost.

What is incident response?

Incident response (IR) is a set of activities a business engages in when they’re in the midst of a cyber
security incident. For the purposes of IR, a cyber incident can be defined as any event that compromises
information confidentiality, integrity, and/or availability – core principles of information security that are
often referred to as the “CIA triad.”

IR activities will generally be informed by an IR plan that’s designed to get IT infrastructure back up and
running as quickly as possible while mitigating the overall damage of an incident. These frameworks are
designed to support recovery efforts, but in a broader sense, they also help organizations build cyber maturity
and proficiency. This may help enhance defences, stopping attacks and incidents from affecting businesses in
the first place.

What is the digital forensic process?

The digital forensic process is the accepted method investigators follow to gather and preserve digital
evidence, with the express intent of maintaining a chain of custody. It consists of three key steps:

1. Acquisition: In this step, investigators create an exact duplicate of the media in question, usually
using a hard drive duplicator or specialized software tools. The original media is secured to prevent
any tampering.

2. Analysis: Forensic specialists then analyze the duplicated files or technology, logging all the
evidence they discover that supports or contradicts a hypothesis. Ongoing analysis is conducted to
reconstruct events and actions in an incident, helping them reach conclusions about what happened
and how hackers compromised systems.

3. Reporting: Once a digital forensics investigation is completed, the findings and conclusions analysts
uncovered are delivered in a report that non-technical personnel can understand. These reports are
passed on to those who commissioned the investigation, and usually wind up in the hands of law
enforcement.