Scribd
Upload
31 views8 pages

Cyber Word Assignment

The document reports on a cyber health check performed for Baratheon PLC. It identifies the top five vulnerabilities found and notes that while management cyber risk awareness is high, Baratheon needs to improve security policies, staff training, and overall cyber health.

Uploaded by

Anna-Marie Campo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
31 views8 pages

Cyber Word Assignment

The document reports on a cyber health check performed for Baratheon PLC. It identifies the top five vulnerabilities found and notes that while management cyber risk awareness is high, Baratheon needs to improve security policies, staff training, and overall cyber health.

Uploaded by

Anna-Marie Campo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

CYBER HEALTH REPORT

Prepared by Anna-Marie Campo


Table of Contents
 1. INTRODUCTION
 2. METHODOLOGY
 3. FINDINGS
 4. RESULTS OF VULNERABILITY SCANS
 5. CONCLUSION
 BIBLIOGRAPHY 0
1

1. INTRODUCTION
1.1 Background
Baratheon PLC (Baratheon) invited IT Governance to perform a high-level Cyber Health Check in order to
provide an independent, external assessment of its exposure to cyber risk. The health check took place at the head
offices in London on 13 January and included an online staff questionnaire. This was supported by a remote systems
assessment, which took place on 19 January. This Cyber Health Check is, by nature, high level and depends on
information provided by senior personnel; it is not, and should not be treated as, a detailed audit of cyber exposure
against a specific cyber control set. For information on the nature of a cyber threat that could be launched by a
motivated intruder, please see Appendix C.

Copyright © 2020. USC.


2

2. METHODOLOGY
2.1. Approach
The Cyber Health Check consists of a two-phase approach.

Phase 1: Identify cyber risk Phase 2: Audit planned mitigation


 Identify key digital assets, including  Assess effectiveness and completeness of
personally identifiable information (PII). the controls in place to deal with the
 Identify the major threats and cyber risks identified risks, looking at people, process
to those assets. and technology.

 Identify risk appetite on a scale between  Review onsite wireless network security
cautious and aggressive. implementation.

 Identify key legal, regulatory and  Conduct remote vulnerability scans of


contractual obligations, such as the GDPR websites and internet connections.
and the PCI DSS.  Deploy an online staff questionnaire to
gauge employee understanding of their
role in protecting the organisation.

Baratheon demonstrated an in-depth knowledge of its current legal, regulatory and contractual requirements, such as
those relating to the Data Protection Act, anti-bribery, freedom of information, computer misuse, licensing
regulations, Marketing Research Society requirements, UK employment law and UK health and safety.
CYBER HEALTH REPORT 3

3. FINDINGS
3.1 Top Five Vulnerabilities
# CVE Code Description
1 CVE-2017-11882 A remote code execution vulnerability in Microsoft Office products, and has been
used by a variety of malware to bypass security measures on vulnerable computers.
The flaw has been known about since 2017, but actually dates back to a buggy
Office component – Microsoft Equation Editor – compiled in November 2000.

2 CVE-2017-0199 This remote code execution bug in Microsoft Office allows an attacker to run
malware on a user’s computer via a boobytrapped document. It is frequently seen
being used by banking and spyware trojans such as Dridex.

3 CVE-2017-5638 Despite being eight years old, this bug in Windows ActiveX is still unpatched on
many people’s computers, and is exploited by the likes of the Dridex banking
trojan

4 CVE-2019-0604 A SharePoint remote code execution flaw that has been blamed for a mid-2019
attack that saw in hackers ultimately accessing the systems of the United Nations in
Geneva and exfiltrating sensitive information held by the UN Office of the High
Commissioner for Human Rights (OHCHR).

Copyright © 2020. USC.


CYBER HEALTH REPORT 4

4. RESULTS OF VULNERABILITY SCANS

Copyright © 2020. USC.


CYBER HEALTH REPORT 5

5. CONCLUSION

Management awareness of cyber risk is high, but Baratheon needs to take a number of steps to improve its cyber
health.

There are a number of security policies that need to be created and/or reviewed as part of establishing sound
information security practices. At the time of audit, this was a work in progress.

Staff training and awareness was also a pressing concern, and we have made recommendations to provide a more
robust training and awareness programme for staff.

Copyright © 2020. USC.


BIBLIOGRAPHY
Brooks, C., Grow, C., & Craig, P. (2018). Cyber Security Essentials (1st ed.). Sybex.

Meeuswisse, R. (2017). Cybersecurity for beginners. London, UK: Cyber Simplicity Ltd. .

Seemma, P., Nandhani, S., & Sowmiya, M. (2018). Overview of Cybersecurity. International Journal of Advanced Research in
Computer and, 7(11), 125-128.

You might also like