hypothetical For the scenario listed below, illustrate for the new hires the str
ID: 3868527 • Letter: H
Question
hypothetical For the scenario listed below, illustrate for the new hires the strengths and weaknesses of the different approaches. This will help new hires gain a more practical understanding of how to deal with these types of issues that they are likely to face in their day-to-day job. Base on the Information security core tenets (CIA) Confidentiality, Integrity, Availability. APA format with cited sources. Malware: Recently, one of your client’s staff has been inundated with phishing emails that are targeted at individuals and related to current business opportunities for the company. These messages are linked to malware and sent by known threat actors. What physical and technical controls would be helpful to address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods that could be used to mitigate the given threat.
Explanation / Answer
Hi,
Please find the answer to the question below:-
=======================================================================================
PHISHING:-
Phishing attack is when some malicious user/attacker on the internet/intranet pretends to be someone which they're not to trick into providing confidential information.
When phishing attack takes place below steps should be performed:-
Change Passwords, Contact and Close all information sites, databases:-Should log into the relevant accounts and change the passwords and change the usernames also.
Contact the banks and financial institutions to stop all kind of transaction which will happen from the enlisted online transactions accounts, card etc.
Put some alert like “FRAUD” on the entire intranet and all the communication sources so that future communication happens wisely.
File a police complaint against the known attacker.
Methods to mitigate and prevent the phishing attacks:-
Deploy a SPAM filter that detects viruses, malicious senders:- This can prevent the phishing from taking place at our end.
Update the security systems with latest versions:-The latest updates mean new and efficient ways to tackle the malicious attackers.
Deploy a web filter so that all malicious websites can be blocked from access.
Disable all the cookies from the work systems.
It is must that the employees of the company which communicates over the internet should have some kind of end to end encryption so that even if data gets stolen it should be unreadable to attackers.
All useful and sensitive data should never be send directly online .It should again be encrypted with proper signature should be send over the net.
And the most important way is “Educate the employees and arrange training sessions having some kind of mock phishing attacks”
======================================================================================
Please let me know in case any queries.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.