Itc 596 - Threat Landscape

 ITC596

ASSESSMENT ITEM 3

Consider the following Case study. Please use the following URL to download and read the ENISA
Threat Landscape 2014 document.
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2014

And answer the following Questions: (2.5 marks each)

1) Provide a brief overview of the case study.

2) Prepare a diagram for the ENISA security infrastructure.

3) Identify strategies for combatting Insider Threats.

4) Out of the ‘’Top threats’’ which threat would you regard to be the most significant and why?

5) Identify and discuss the key Threat Agents. What could be done to minimize their impact on the system?

6) Provide a brief summary (literature review) of Social Hacking issues.

7) Based on the data provided in Table 2, discuss the trends in threat probability.

8) How could the ETL process be improved? Discuss.

9) Based on Table 10 and your own research, identify and discuss threats that (in your opinion) will be most challenging for

    ENISA to combat in the year 2016 onwards.

10) To sum up, should ENISA be satisfied with its current state of IT Security? Why? Or Why not?

Click here to enter text.

CHARLES STURT UNIVERSITY

1) Provide a brief overview of the case study

The ENISA Threat Landscape (ETL) 2014 is a document produced by the European Union Agency for Network and Information security. It is created on a yearly basis that reflects on the previous 12 months of research into current threats and emerging threats worldwide.

The target audience is based around three groups:

1. Cyber-Security Specialists
2. Self-learning individuals wanting to be updated on cyber threats
3. Policy Makers

The document is compartmentalised under the following sections:

• Purpose, scope and method
• The current threat landscape 2014
• Threat agents
• Attack vectors
• Emerging threats
• Conclusion and lessons from encounters with threats.

The design of this document makes it easier to use a specific section without having to read the entire case study.          

ETL has identified the following threats that have an increasing trend for 2014:

• Malicious Code

• Worms
• Trojans

• Web-Based Attacks
• Web application attacks
• Denial of service attacks
• Phishing
• Data breaches
• Physical damage / theft loss
• Information leakage
• Identity theft/fraud
• Cyber Espionage

ETL has identified the following threats that have decreased in 2014

• Botnets
• Spam
• Exploit Kits
• Ransomware

ETL has identified the following threats that have remained stable for 2014

• Insider threats

2) Prepare a diagram for the ENISA security infrastructure.

[pic 1]

3) Identify strategies for combatting Insider Threats.

The insider threats detailed in the ENISA 2014 document detailed that it is increasingly difficult to totally eliminate Insider Threats (Marinos, 2014)

The following strategies may be used to reduce Insider Threats:

Security Policy

Ensure a strong security policy is outlined and that it covers all aspects of breaches of this policy. Some examples of good policies can include:

• Unique passwords for each system
• Mandatory change of user passwords regularly
• Dual stage authentication of logins
• Whitelisting of approved programs for installation on a domain
• Restriction of administration rights on users’ computers

An example of this is from the Australian Signals Directorate listing 4 key mitigation strategies for protecting IT systems (Directorate, 2012)

They include:

• Application Whitelisting
• Patching Systems
• Restricting Administrative Privileges
• Creating a Defence-in-depth system

Training

As detailed in the Enisa 2014 document, over 50% of data breaches occur from user sloppiness (Marinos, 2014, P31). To combat this, user training on the effects of user sloppiness can assist in reducing this.

An example of this in the USA from the National Archives and Records Administration (NARA) failing to scrub a hard drive being sent back to the supplier for a warranty repair. There was the potential of 70 million records of US Military veterans (Raywood, 2009)

Controls

The use of controls can limit Insider threats. Some examples of controls can include:

• Dual request commands for business critical system changes.
• Change of user passwords on a regular basis.
• Different passwords for individual systems so a breach can be contained.

Security

Ensuring assets are protected from unauthorised personnel creates a deterrent for Insider threats by implementing:

• Physical Security

• Fences
• Secure Swipe access doors
• Isolated rooms for critical infrastructure

4) Out of the ‘’Top threats’’ which threat would you regard to be the most significant and why?

I would list Information Leakage & Identity theft/fraud equally as the most significant threat.

My reason is, both of these threats have an increasing threat trend in 2014 for all emerging arears as advised by ENISA detailed on page (iv) (Marinos, 2014).

The listed top threat trends included:

• Cyber-Physical Systems and CIP
• Mobile Computing
• Cloud Computing
• Trust Infrastructure
• Big Data
• Internet of Things
• Network Virtualisation

Identity theft/fraud is difficult to detect and protect against. A report from Carnegie Mellon University detailed the time taken on average for detection of insider fraud averages approximately 2.5 years (Cummings, 2012).

...