8/29/2024 CET324 – Advanced

CyberSecurity

University of Sunderland
Faculty of Computer Science

Submitted to:
Faculty of Computer Science
University of Sunderland

Submitted by:
Saroj Neupane
239756985

BSc (Hons) Computer System Engineering

 Advanced Cybersecurity

Table of Contents
Report on the Establishment of a Cyber Clinic at the University of Sunderland.......................3
Introduction............................................................................................................................. 3
Types of Activities and Services for Stakeholders.....................................................................3
Students:.............................................................................................................................. 3
Employees:........................................................................................................................... 3
Individuals:........................................................................................................................... 4
Organizations:.......................................................................................................................4
Benefits of Activities.................................................................................................................4
For Students:........................................................................................................................ 4
For Employees:.....................................................................................................................5
For Individuals:..................................................................................................................... 5
For Organizations:................................................................................................................ 5
Concerns.................................................................................................................................. 6
Liabilities and Legal Concerns...................................................................................................6
Conclusion................................................................................................................................ 6
Enhancing Cybersecurity Before and After a Cyber-Attack.......................................................7
Introduction............................................................................................................................. 7
Steps for Individuals................................................................................................................. 7
Before a Cyber-Attack...........................................................................................................7
After a Cyber-Attack............................................................................................................. 8
Steps for Organizations.............................................................................................................8
Before a Cyber-Attack...........................................................................................................8
After a Cyber-Attack............................................................................................................. 9
Benefits of Enhancing Cybersecurity........................................................................................9
Ethical and Professional Issues in Cybersecurity......................................................................9
Conclusion................................................................................................................................ 9
References.............................................................................................................................. 10

1
 Advanced Cybersecurity

Report on the Establishment of a Cyber Clinic at the University of Sunderland

Introduction

In the rapidly evolving digital landscape, the establishment of a cyber clinic at the University
of Sunderland is a strategic initiative to bolster cybersecurity awareness and support. This
clinic aims to provide comprehensive services to students, staff, individuals, and external
organizations, focusing on education, incident response, and expert consultation.

Types of Activities and Services for Stakeholders

Students:
 Interactive Training Sessions: Interactive sessions will teach students practical skills to
protect personal and academic data from threats like malware and social engineering.

 Device Security Audits: Evaluations of personal devices to identify vulnerabilities.

Offers tailored recommendations to enhance device security.

 Personal Device Security: Guidance on securing personal devices and configuring

privacy settings on social media platforms will be provided.

 Awareness Campaigns: Educational materials like posters and newsletters to increase

cybersecurity awareness. Engages students in proactive security practices.

 Incident Support: Assistance with managing and resolving personal cybersecurity

issues. Provides guidance on dealing with potential threats or breaches.

Employees:
 Remote Work Security: Best practices for secure remote work, including VPN usage
and securing home networks. Ensures safe access to university systems from home.

 Phishing Simulations: Simulated phishing attacks test employees' response skills,

with follow-up training based on the results.

 Incident Assistance: Support in reporting and recovering from cybersecurity

incidents. Helps employees manage the aftermath of a security breach.

 Data Protection: Recommendations for protecting university data accessed remotely

will be shared to ensure compliance with university policies

2
 Advanced Cybersecurity

Individuals:
 Public Workshops: Local community sessions cover cybersecurity basics, fraud
prevention, and online safety to enhance public understanding of cyber threats.

 Educational Resources: Access to guides, articles, and tools for enhancing personal
cybersecurity. Provides valuable information for safe online behavior.

 Personal Consultations: One-on-one sessions provide personalized advice on device

security, privacy settings, and safe internet practices.

 Awareness Programs: Outreach initiatives, including presentations and campaigns,

raise awareness about common cyber threats and protective measures.

Organizations:
 Corporate Training: Tailored training programs on risk management, cybersecurity
policies, and best practices to enhance organizational security posture.

 Consultation Services: Expert advice on developing and implementing effective

cybersecurity posture. Ensure organizations enhance their overall security framework.

 Incident Response Planning: Developing and testing response plans ensures

organizations are prepared to handle cyber incidents efficiently.

 Security Audits: Comprehensive security assessments to identify weaknesses and

recommend improvements to the security infrastructure.

Benefits of Activities

For Students:
 Educational Programs: Testing response plans ensures organizations handle cyber
incidents efficiently.
 Practical Training: Hands-on training in safe browsing and phishing detection helps
students protect themselves and reduce cyber-attack risk. (Witsenboer & Sijtsma,
2022).
 Targeted Programs: Tailored programs increase student awareness and proactive
behavior, reducing cyber-attacks. (Witsenboer & Sijtsma, 2022).

3
 Advanced Cybersecurity

For Employees:
 Comprehensive Training: Remote employees will receive training on secure
communication and remote access protocols, reducing security vulnerabilities by
preventing common mistakes. (Amankwa, 2021).
 Remote Work Security: Training on securing remote work environments helps
prevent data breaches that can occur due to insecure home networks or improper
handling of sensitive information.
 Policy Adherence: Training will ensure employees follow security policies and best
practices, reducing lapses and enhancing data protection. (Amankwa, 2021).

For Individuals:
 Public Education: Public workshops and awareness campaigns will help individuals
recognize and avoid online threats, significantly reducing the risk of online fraud. (Li
& Liu, 2021).
 Practical Advice: The clinic will provide actionable advice on securing personal
devices and managing digital privacy, helping individuals better protect their personal
and financial information.
1. Preventative Measures: By offering resources and guidance on best practices for
online security, individuals can implement preventative measures that decrease their
vulnerability to cyber-attacks (Li & Liu, 2021).

For Organizations:
2. Corporate Training: Organizations will receive tailored training on risk
management, secure data handling, and incident response to meet their specific
cybersecurity needs. (Aslan & Akin, 2023).
3. Consultation Services: Expert consultation will help organizations develop and
refine their cybersecurity policies, leading to fewer data breaches and a stronger
overall security posture.
 Risk Mitigation: Comprehensive risk management, including employee training and
regular assessments, minimizes cyber threats and protects organizational information
by reducing data breaches. (Aslan & Akin, 2023).

4
 Advanced Cybersecurity

Concerns

Establishing a cyber clinic requires substantial investment in technology, personnel, and

facilities to ensure its effectiveness. Managing sensitive information demands strict privacy
and security measures to prevent unauthorized access and breaches, protecting the data of
students, employees, and organizations. Additionally, clearly defining the scope of services is
crucial to deliver quality support without overextending the clinic's resources.

Liabilities and Legal Concerns

The cyber clinic must adhere to data protection laws, such as the GDPR, to avoid legal
repercussions, ensuring that all data handling practices meet regulatory standards. To protect
against potential claims related to the services or advice provided, the clinic should have
liability disclaimers and professional indemnity insurance in place. Additionally, maintaining
trust and credibility requires that all advice and support offered by the clinic are both ethical
and professional.

Conclusion

Establishing a cyber clinic at the University of Sunderland will significantly benefit students,
employees, individuals, and organizations by enhancing cybersecurity knowledge and
practices. By addressing the associated concerns and legal considerations, the clinic can
effectively support its stakeholders and contribute to a more secure digital environment.

5
 Advanced Cybersecurity

Enhancing Cybersecurity Before and After a Cyber-Attack

Introduction

In an increasingly digital world, safeguarding against and effectively responding to cyber-

attacks is crucial for both individuals and organizations. This section outlines comprehensive
measures to enhance cybersecurity posture before and after an attack, highlighting key
strategies and addressing related ethical and professional considerations.

Steps for Individuals

Before a Cyber-Attack
1. Data Backup (3-2-1 Rule):
Implementing a robust data backup strategy is fundamental to protecting against data
loss. The 3-2-1 rule advises maintaining three copies of data: two on different types of
storage media (such as hard drives and cloud storage) and one off-site (such as in a
remote data center). This approach ensures data can be recovered in various scenarios,
including hardware failures or ransomware attacks.
2. Penetration Testing:
Regular vulnerability assessments, including penetration testing, help identify and
mitigate potential security gaps before they are exploited by malicious actors. By
simulating cyber-attacks, individuals can uncover weaknesses in their systems and
address them proactively.
3. Network Security:
Securing home networks is essential for protecting personal data. This involves using
encryption to safeguard data in transit, configuring firewalls to block unauthorized
access, and keeping router firmware up-to-date to patch known vulnerabilities.
4. Legal Compliance:
Adhering to data protection regulations such as the General Data Protection Regulation
(GDPR) is critical for safeguarding personal information. Compliance ensures that data is
handled according to legal standards, which can help prevent legal issues and enhance
overall security.

6
 Advanced Cybersecurity

After a Cyber-Attack
1. Data Recovery:
Following a cyber-attack, recovering data from backups is crucial. It is important to
ensure that backup files are free from malware and have not been compromised. A well-
implemented backup strategy facilitates swift recovery and minimizes data loss.
2. Analyze Security Breaches:
Conducting a thorough investigation into the attack helps understand its cause and scope.
This analysis allows individuals to identify and reinforce vulnerabilities, thereby
preventing future incidents. Understanding the attack's nature also helps in refining
security measures.
3. Report the Incident:
Reporting cyber-attacks to relevant authorities or consumer protection agencies is vital.
This step not only assists in preventing further attacks but also contributes to broader
cybersecurity awareness and prevention efforts.

Steps for Organizations

Before a Cyber-Attack
1. Network Defense:
Implementing robust perimeter defenses is essential for safeguarding organizational
networks. This includes deploying firewalls, intrusion detection systems (IDS), and
intrusion prevention systems (IPS) to defend against external threats and unauthorized
access.
2. Password Policies:
Enforcing strong password policies and multi-factor authentication (MFA) enhances
access security. Strong, unique passwords combined with MFA add layers of protection,
making it more challenging for attackers to gain unauthorized access.
3. Continuous Monitoring:
Regularly monitoring network traffic and system activity is crucial for early detection of
suspicious activities. Continuous monitoring helps identify and respond to potential
threats before they can escalate into significant security incidents.

7
Advanced Cybersecurity

8
 Advanced Cybersecurity

After a Cyber-Attack
1. Patch Management:
Applying security patches and updates promptly addresses vulnerabilities that may have
been exploited during an attack. Effective patch management helps prevent reoccurrence
and strengthens overall system security.
2. Access Review:
Reassessing and adjusting user access controls post-attack is essential. Limiting access to
critical systems and data ensures that unauthorized users cannot exploit the breach
further, protecting against additional damage.
3. Ongoing Monitoring:
Maintaining vigilant monitoring after an attack is necessary to detect any new threats or
vulnerabilities. Continuous oversight ensures that systems remain secure and any residual
risks are promptly addressed.

Benefits of Enhancing Cybersecurity

Implementing effective cybersecurity measures offers significant benefits for both

individuals and organizations. For individuals, proactive steps such as regular backups and
network security help maintain data integrity and reduce the risk of cyber-attacks.
Organizations benefit from reduced risk exposure, improved response capabilities, and
enhanced overall security posture.

Ethical and Professional Issues in Cybersecurity

Ethical considerations in cybersecurity involve ensuring privacy and adhering to data

protection laws when implementing security measures. Organizations must handle data
responsibly, maintain transparency with stakeholders, and act in compliance with legal
requirements. Professionalism is crucial in delivering accurate, reliable cybersecurity advice
and maintaining trust in security practices.

Conclusion

Proactively enhancing cybersecurity through a combination of preventive and responsive

measures is essential for mitigating risks and managing cyber threats effectively. By

9
 Advanced Cybersecurity

addressing both the technical and ethical aspects of cybersecurity, individuals and
organizations can better protect their data, maintain operational integrity, and uphold trust in
their security practices.

References

 Amankwa, E. (2021). Relevance of Cybersecurity Education at Pedagogy Levels in

Schools. Journal of Information Security, 12(4), 233–249.
doi:https://doi.org/10.4236/jis.2021.124013.

 Aslan, Ö., & Akin, E. (2023). A Comprehensive Review of Cyber Security

Vulnerabilities, Threats, Attacks, and Solutions. ResearchGate. Available at:
https://www.researchgate.net/publication/369186216_A_Comprehensive_Review_of_
Cyber_Security_Vulnerabilities_Threats_Attacks_and_Solutions#full-text [Accessed
12 Aug. 2024].

 Li, Y., & Liu, Q. (2021). A Comprehensive Review Study of Cyber-Attacks and Cyber
Security; Emerging Trends and Recent Developments. Energy Reports, 7(7), 8176–
8186. doi:https://doi.org/10.1016/j.egyr.2021.08.126.

 Witsenboer, J.W.A., & Sijtsma, K. (2022). Measuring Cyber Secure Behavior of

Elementary and High School Students in the Netherlands. Computers & Education,
186, 104536. doi:https://doi.org/10.1016/j.compedu.2022.104536.

10