Types Of Controls For Different Threat Categories In Organizations
- December 28, 2023/ Uncategorized
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Accidental corruption of information |
Security at share-level and file-level |
Permission to access files and folders are restricted with the help of permission button. Share permissions are also required to control user account (Jouini, Rabai and Aissa 2014). |
Physical |
Prevent |
|
Backup early and backup often |
Information backup is conducted regularly by using the wizard mode that simplifies restoring backups. The backup of information is a much necessary act that should be performed effectively. |
Physical and Administrative |
Prevent |
|
|
EFS encryption |
Performance and security is ensured by a combination of symmetric and asymmetric encryption |
Product |
Prevent |
|
|
Documents password protected |
Individual documents are protected by passwords that can be opened only when the correct password is provided. Each of the documents within the computing systems should be protected by use of passwords in order to secure them from unauthorized users. |
Physical |
Prevent and detect |
|
|
Public key infrastructure (PKI) |
Data that is shared with someone is protected by using public key infrastructure |
Product |
Prevent and detect |
|
|
IP security |
Sniffer software is used to detect data that is being sent by hacker |
Product |
Prevent |
|
|
Appropriate management for control |
Rights Management Service can be used to control data corruption |
Administrative |
Prevent |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Loss of intellectual property |
Maintain Confidentiality |
Important information is kept confidential by making nondisclosure agreements. |
Administrative |
Prevent |
|
Intellectual Property Audits |
Regular audits will help in ensuring security of intellectual property (May, C., 2015) |
Administrative |
Prevent |
|
|
Keeping records |
Evolving knowledge base is protected |
Physical |
Prevent |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Software Piracy |
Software policy |
Sets rules for acquiring a software |
Administrative |
Prevent |
|
Anti-piracy statement |
Employees sign anti-piracy statement before joining a company (Andrés and Asongu 2013). Compensation is provided if software piracy occurs |
Administrative |
Compensate and prevent |
|
|
Software inventories |
Details of intellectual property should be recorded and unannounced audits should be performed |
Physical |
Prevent |
|
|
Software licenses renew |
Renewal of software license is done once the license expired |
Product |
Prevent and detect |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Theft of information (hacker) |
Securing sensitive data |
Sensitive data is kept in servers with strong security such that hackers cannot access them. Sensitive data includes employee information, financial data and other confidential information (Ienca and Haselager 2016) |
Product |
Prevent and detect |
|
Data Encryption |
In-built encryption of some software application and operating system |
Product |
Prevent |
|
|
Updating operating system and software |
Anti-virus and other software should be updated as soon as new updates are released |
Product |
Prevent and detect |
|
|
Protection by use of strong password |
Passwords are used to protect sensitive data |
Product |
Prevent and detect |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Theft of information (employee) |
Train employees |
Employees should be given training about security policies of a company so that they understand ethical issues of the organization |
Physical |
Prevent |
|
Secure data |
Information should be protected with the use of antiviruses and anti-malwares |
Product |
Prevent and detect |
|
|
Securing of Connection |
Different protocols should be used such as TLS/SSL in order to secure the sensitive data of employees (Pierce, Snow and McAfee 2015) |
Product and Physical |
Detect and Prevent |
|
|
Data should be stored on an alternative platform before they would be discarded |
Different data should be stored on an alternative platform. The older hard drives, USB flash devices and memory cards should be physically destroyed before they would be discarded. |
Physical |
Prevent |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Web site defacement |
Use of Security Tools |
There should be an implementation of a proper form of monitoring tool within the use of websites. They would thus be able to secure the network connections and vital data. They would also be able to provide various forms of backups based on physical devices or on the cloud platform. This would also ensure quality of performance. |
Product |
Detect and Prevent |
|
WebOrion Tool |
This is a form of monitoring service that would be able to offer visual changes, content and monitoring of the integration of the website (Borgolte, Kruegel and Vigna 2015). |
Product |
Detect and prevent |
|
|
IPVTec Tool |
This is another form of monitoring tool that helps in the detection of the conditions where there would be defacement of a particular website. |
Product |
Detect |
|
|
Wachete Tool |
This kind of the web detection tool helps in the monitoring of the concerned website within a time span of every 24 hours. |
Product |
Detect and Prevent |
|
|
Visual Ping |
This is one of the technique that would be able to monitor a particular are within the concerned website. |
Product |
Prevent |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Theft of equipment |
Use of Spy Camera or Web Cameras |
In the recent times, there have been major forms of advancements in the field of technology. The use of web cameras would be of a major help for the detection of the different kinds of thefts. |
Product |
Detect and Prevent |
|
Track of records of every equipment |
Keeping a track of the records of every kinds of equipment would help in the identification of equipment and would the prevent the items from getting swapped and wiped out (Clarin et al. 2014) |
Physical |
Detect and Prevent |
|
|
Attachment of theft indicator |
The theft equipment would be able to send out an alarm in such situations when an unauthorized access would be noticed. |
Physical |
Detect and prevent |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Viruses, worms, Trojan horses |
Firewalls |
The IP address should have a filter that would be able to detect any form of unauthorized intrusion within the network. They would thus be able to restrict the access of worms, Trojan horses and viruses |
Product |
Detect and prevent |
|
Antivirus software |
They would be able detect and form of malware attacks that might get installed within the system. |
Product |
Prevent |
|
|
Intrusion systems |
Different forms of intrusion systems would be able to make use of signature database based on the identification of different kinds of alerts based on incoming threats (Conklin et al., 2015). |
Product |
Detect |
|
|
Web Application Firewall |
These kinds of firewall have the potential for detecting the application layer attacks. They would also help in reducing the attacks. |
Product |
Detect and prevent |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Elevation of privilege |
Environment Checks |
They would detect the operating systems platform and thus would perform security patches within the OSs (Kapravelos et al. 2013). |
Product |
Detect |
|
Decrypter |
The code that would be encrypted would be decrypted with the aid of the detector. |
Prevent |
Detect and prevent |
|
|
API Resolver |
These API resolver would be able to determine the working of the code and also understand the position-independent codes (Aafer, Du and Yin 2013). |
Product |
Detect and prevent |
|
|
EoP exploit DLL |
After the primary form of environmental checking process has been conducted, the routine based on exploitation would be able to prevent the corruption of the memory of the computer. They would also be able to privilege the execution of the codes. |
|
Threat Category |
Control |
Description |
Classification |
Type |
|
Fire/Flood |
Use of fire and flood resistant techniques |
Different kinds of techniques based on flood and fire should be properly used for prevention of such kinds of attacks. There should be an efficient of the fire resistant techniques such as the use of fire extinguishers and other safety equipment within each industry. This would help in the prevention of the information systems from getting prone to attacks. |
Physical and Administrative |
Prevent and Compensate |
|
Ensuring a safe place for organisation |
Each organisation should be built on a place where there would be safety of work (Itradat et al. 2014). Safety is a much needed concept within organisations, which should be acquired by them in order to secure the information. |
Physical and Administrative |
Prevent and compensate |
References
Aafer, Y., Du, W. and Yin, H., 2013, September. Droidapiminer: Mining api-level features for robust malware detection in android. In International conference on security and privacy in communication systems (pp. 86-103). Springer, Cham.
Andrés, A.R. and Asongu, S.A., 2013. Global dynamic timelines for IPRs harmonization against software piracy (No. 01/2013). Development Research Working Paper Series.
Clarin, B.M., Bitzilekis, E., Siemers, B.M. and Goerlitz, H.R., 2014. Personal messages reduce vandalism and theft of unattended scientific equipment. Methods in ecology and evolution, 5(2), pp.125-131.
Conklin, W.A., White, G., Cothren, C., Davis, R. and Williams, D., 2015. Principles of computer security. McGraw-Hill Education Group.
Ienca, M. and Haselager, P., 2016. Hacking the brain: brain–computer interfacing technology and the ethics of neurosecurity. Ethics and Information Technology, 18(2), pp.117-129.
Itradat, A., Sultan, S., Al-Junaidi, M., Qaffaf, R., Mashal, F. and Daas, F., 2014. Developing an ISO27001 Information Security Management System for an Educational Institute: Hashemite University as a Case Study. Jordan Journal of Mechanical & Industrial Engineering, 8(2).
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Kapravelos, A., Shoshitaishvili, Y., Cova, M., Kruegel, C. and Vigna, G., 2013, August. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware. In USENIX Security Symposium (pp. 637-652).
May, C., 2015. The global political economy of intellectual property rights: The new enclosures. Routledge.
Pierce, L., Snow, D.C. and McAfee, A., 2015. Cleaning house: The impact of information technology monitoring on employee theft and productivity. Management Science, 61(10), pp.2299-2319.
