Introduction to Cybersecurity
Research Paper #1
When I was looking back on the last ten years at all the cybersecurity breaches, I keep looking at the Microsoft incident in January 2021. “One of the largest cyber-attacks in US history, over 30,000 US businesses were affected by a sweeping attack on the Microsoft Exchange email servers, one of the largest email servers in the world” (Chin, K. 2024). “A sweeping attack is a network scanning technique used to determine which of a range of IP addresses map to live hosts.” (Hanna, K. T 2021). “The hackers were able to exploit four zero-day vulnerabilities that allowed them to gain unauthorized access to emails from small businesses to local governments” (Chin, K. 2024). Zero-day vulnerabilities are a hole in an operating system that the developer is unaware of.
“For three months, hackers took advantage of a few coding errors to allow them to take control of vulnerable systems. They only needed two conditions to break into each individual company’s email servers. One being connection to the internet, and secondly on premises locally managed systems” (Chin, K. 2024). After they gained access, they requested access to data and took over servers. Microsoft recommended five actions to mitigate the consequences and prevent a future incident. “Apply a hot patch to security devices to automatically block exploration attempts using signatures from the threat actors exploit while you work to upgrade and patch the devices. Conduct an asset inventory to identify all affected Microsoft Exchange servers deployed in the organization. Run version checks to see if they have been patched. Apply appropriate patches where possible, if a patch isn’t possible you should secure behind a security device to detect and prevent an exploit. Finally, they recommended to apply advanced scanning leveraging known indicators of compromise to detect leave behinds and anomalous behaviors resulting from a successful breach” (Solutions, A. C.2021).
“In July 2021, the Biden administration, along with the FBI accused China of the data breach. Then Microsoft followed suit and named a Chinese state-sponsored hacker group called Hafnium as the culprit behind the attack” (Chin, K. 2024).
References
Chin, K. (2024). Biggest data breaches in US history (updated 2024): Upguard. RSS.
https://www.upguard.com/blog/biggest-data-breaches-us
Hanna, K. T. (2021, June 18). What is a ping sweep (ICMP sweep)?. Networking.
https://www.techtarget.com/searchnetworking/definition/ping-sweep-ICMP-sweep
Solutions, A. C. (2021, December 23). Best of 2021 – what we can learn from the 2021 Microsoft
Data breach. Security Boulevard. https://securityboulevard.com/2021/12/what-we-can-
learn-from-the-2021-microsoft-data-breach/
Research Paper #2
After being asked to design a security policy for a corporate information system that stores very sensitive data, that must be protected it is important to cover the major issues that should be addressed in the security policy. It is crucial to go over what a security policy is before going over what I believe is important to be included in. “A security policy is a document that spells out the rules, expectations, and overall approach that an organization uses to maintain the confidentiality, integrity, and availability of its data” (Grimmick, R. 2023). While there are many aspects that go into creating a security policy here are five that stood out to me.
First is making sure that your purpose and objectives are clear. “Remember that many employees have little knowledge of security threats and may view any type of security control as a burden” (Grimmick, R. 2023). Secondly realistic and enforceable policies. While you would like to make sure that you have the most secure policy there is, unfortunately you cannot be overly secure because your employees must be able to get into the system as well. Also, you cannot be overly lenient because no one would take your policy seriously if no repercussions are in order. Third is to make sure your information is up to date. “Security policy updates are crucial to maintaining effectiveness. While the program or master policy may not need to change frequently, it still should be reviewed on a regular basis” (Grimmick, R. 2023). Fourth is a remote access policy. “Remote access employees are often encouraged to use their phones to check their work emails outside of business hours as well as the increase in people working from home” (Irwin, L. 2022). Finally, you need to have clear definitions of the important terms. “Remember that the audience for a security policy is often non-technical. Concise and jargon- free language is important technical terms should be clearly defined” ( Grimmick, R. 2023).
When designing your security policy there are a lot of important elements you need to add to it these were the five, I believe to be the most important ones. It is also important to
remember who you are designing the security policy for employees and their knowledge and
skill level. Also remember to make a realistic, enforceable, and clearly defined policy so your employs will take it seriously as well as understand what you are accomplish with your security policy.
References
Grimmick, R. (2023, April 6). What is a security policy? definition, elements, and examples.
Varonis. https://www.varonis.com/blog/what-is-a-security-policy
Irwin, L. (2022, October 18). 5 information security policies your organization must have. IT
Governance USA Blog. https://www.itgovernanceusa.com/blog/5-information-security-
policies-your-organization-must-have