Security asm 1 (Greenwich)

Môn security của Trường FPT Greenwich, Dùng quillbot có thể đc P hoặc cả M(Twitch is one of the largest streaming platforms in the world for people that want to go on to play games, and chat with other people. On October 7th,2021 Twitch put out a tweet from Twitter that their data has been hacked due to server configuration changes. The hackers also leak out every information such as username, and password from a streamer the most important is that the hackers leak how much money Twitch or all the top streamers on the platform made from streaming, this is very personal and when they leak out all of that information, everyone socks, and question twitch a lot)

ASSIGNMENT 1 FRONT SHEET

Unit number and title Unit 5: Security

P1 P2 P3 P4 M1 M2 D1





2.1

Lecturer Signature:

Table of Contents

Introduction 4

Task 1 - Identify types of security threats to organizations Give an example of a recently publicized security breach and discuss its consequences (P1) 4

1 Define Threat 4

2 Identify threats agents to organizations 4

3 List the type of threats that organizations will face: 5

4.What are the recent security breaches? List and give examples with dates 9

5 Discuss the consequences of this breach 11

6 Suggest solutions to organizations 11

Task 2 – Describe at least 3 organizational security procedures(P2) 13

1 Definition: 13

2 Organizational security procedures : 14

2.1 Incident Response (IR) Procedure: 14

2.2 Discussion on Acceptable Use Policy 17

2.3 Discussion on Remote Access Policy 18

Task 2.1 – Propose a method to assess and treat IT security risks (M1) 19

Discuss methods required to assess security threats? 19

What is the current weakness or threats of an organization? 21

What tools will you propose to treat IT security risks? 21

Task 3 – Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 25

1 Define Firewall 25

2 Types of Firewall 26

2.1 Firewall policies: 27

2.2 Firewall usage: 27

2.3 Firewall advantage in the network: 29

2.3 How does a firewall provide security to a network? 29

2.4 Diagram of how the firewall works 29

3 IDS 30

3.1 Define IDS : 30

3.2.IDS usage: 30

3.3 Diagram of how the IDS works 31

3.4 Diagram example of the IDS 31

4 The Potential Impact (Threat-Risk) of a Firewall and IDS if they are incorrectly configured in a network 33

4.1 Firewall: 33

4.2 IDS : 34

Task 4 – Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security(P4) 34

1 DMZ 34

1.1 Definition: 34

1.2 DMZ usage and security function as advantage : 35

2 Static IP 37

2.1 Definition: 37

2.2 Static IP usage and security function as advantage 37

3 NAT 38

3.1 Definitions : 38

3.2.Types of NAT : 38

3.3 NAT usage and security function as advantage 39

Task 4.1 – Discuss three benefit to implement network monitoring systems with supporting reasons (M2) 40

1.List of networking monitoring devices: 40

1.1 Zabbix : 40

1.2 Nagios: 42

1.3 Auvik : 43

2.Why do you need to monitor networks? 45

3.What are the benefits of monitoring a network? 46

Conclusion: 47

References: 48

Introduction

- In today's information and globalized world society, data routinely moves freely between individuals,

organizations, and companies Data is really very important, and hackers are well aware of this As a result

of the ongoing increase in cybercrime, there is indeed a rising need for security professionals to defend and protect an organization from cyberattacks This report will highlight some fundamentally basic

security theories, such as identifying the different types of security threats to organizations, overall

organizational security procedures, and firewall policies, including the use of IDS, DMZ, static IP

addresses, and NAT in networks, in order to assist my journey for in-depth knowledge in this field

Task 1 - Identify types of security threats to organizations Give an example

of a recently publicized security breach and discuss its consequences (P1)

1 Define Threat

- Information security risks include things like computer viruses, intellectual property theft, identity theft, equipment or data breaches, sabotage, and information extortion Threats include anything that has the ability to breach security, modify, damage, or destroy a specific product or object of interest For the sake

of this educational series, a threat is defined as a potential hacker attack that would allow someone access

to a computer system without authorization

2 Identify threats agents to organizations

2.1 Nation States :

- Businesses that operate in certain areas, such as telecom, natural gas, mining, power generation, and national infrastructure, could become targets for foreign nations, either to disrupt operations now or togive that nation hold in the future in tough moments There are countless cases of this, including the alleged Russian meddling in the US Presidential elections, Sony's allegation that North Korea was to keep blaming for their websites being damaged in 2014

2.2 Non-target specific:

- Every organization is vulnerable to random attacks since there are so many of them happening every day A non-target specific attack is best demonstrated by the WannaCry ransomware incident, whichaffected over 200,000 computers in 150 countries The NHS was closed down in the UK for a period of time Of course, there is also the busy student searching the web in a loft somewhere for a weak point

2.3 Employees and Contractors:

- Except for Zero-day viruses, computers and software programs do a decent job of preventing malware People are often the weakest link in the security system, whether it is on purpose or by mistake.Common mistakes like sending the wrong email to the wrong person can happen, but most of the time we notice the mistake immediately and can fix it Simple measures like filing strong passwords might help to minimize the impact of such mistakes.

2.4 Terrorists and Hacktivists:

- The level of threat these individuals pose depends on your decisions, similar to the danger posed

by national governments In spite of the continual risk of a random attack against you, some terrorists seek

to target particular nations or industries Some of the organizations that did this are political parties, activists, and religious followers,…

2.5 Corporates:

- Although it is clear that the threat of a competitor stealing your property rights exists, we are increasingly working with numerous alliance partners to fulfill skill and resource gaps or simply offer a service Depending on their objectives, these partner companies might steal or leak your intellectual property or the private details you are storing

3 List the type of threats that organizations will face:

3.1 Cause by a human mistake:

- Accidental issues

- Poorly written programs

- Inadequately planned procedures

- Physical accidents

- User destruction of systems, apps, and data

- User security policy violation

- Disgruntled workers waging war on the business or creating sabotage

3.2 Cause by a human malicious activity:

- Botnet:

+ Botnet is a combination of the words "robot" and "network," is a group of personal computers that are infected with malicious software and are controlled together without the owners' knowledge They are commonly utilized to spread lots and lots of spam, carry out DDoS assaults, and steal data and passwords For groups attempting to disrupt or infiltrate targets' systems, botnets can act as a force multiplier thanks totheir collective computing power

- Cryptojacking:

+ Due to the illegal mining of cryptocurrency on some other user's computer is referred to as cryptojacking Hackers typically force their targets into clicking on a malicious email link that downloads a crypto mining program onto the computer or else infect a website or online commercial with code that immediately runs whenever the target browser loads it As unsuspecting victims use their computers as usual, the crypto-mining malware continues to run in the background While using the computer, the victim may notice slower performance, but otherwise, it may go undetected

- Ransomware:

+ Malicious software known as ransomware threatens to steal or disclose the data of its victims or to block users from accessing their computers until a ransom is paid Ransomware has grown to be one of thebiggest problems in network security because it can paralyze large organizations and even whole cities However, there are situations when paying the ransom won't solve the issue Cybercriminals may demand payment even after the stolen data has already been erased

- APT (Advanced Persistent Threat):

+ APT is a covert, persistent computer network attack in which a person or group gains access to a network without authorization with the intention of remaining undetected for as long as possible in order

to spy, install unique malicious code on numerous computers for particular purposes, gather information, and access sensitive, classified information Historically, APT was linked to governments, but in recent

years, there have been several instances of major, non-state-sponsored entities carrying out targeted incursions on a massive scale for other objectives

4.What are the recent security breaches? List and give examples with dates

4.1 Security breaches definition:

- A security breach in cybersecurity refers to an attacker's successful attempt to gain unauthorized access

to a company's computer systems Sensitive data theft, IT system corruption or sabotage, in addition to known malicious destruction and reputation-damaging behavior, are all examples of breaches

4.2 Recent Security Breaches, List and give examples with dates:

4.2.1: Nintendo (April 2020 )

- Nintendo said that a rumored credential stuffing assault resulted in the compromise of 160,000 accounts in April 2020 Using user IDs and passwords that had been previously made publicly, hackers were able to access user accounts, purchase virtual products using stored credit cards, and view personal information including name, email address, date of birth, gender, and nationality

- The gaming company has been investigating the matter and eventually discovered that they think 140,000 more accounts were stolen, bringing the total of hacked accounts to 300,000 Users are advised not to use the same password for numerous accounts and services, even though all impacted customers' passwords have been reset

4.2.2: CS.MONEY ( August 2022)

- CS.MONEY is one of the best sites for trading/selling/buying skin from a very popular gaming

known as Counter-Strike: Global Offensive (CSGO) It has been revealed that on August 12th, 2022, CS.MONEY has been attacked by a group of hackers and reported that there are a total of $6 million dollars’ worth of skin that have been stolen from this site Originally they thought that hackers only stole 1.6 million dollars And this leads to every other site that like Tradeit.gg, DMarket, to close down and update their code in order to prevent this from happening

4.2.3: Zoom (April 2020)

- At the beginning of April, while staff members were getting used it to their new work-from-home

environment, it was discovered that the virtual conference tool Zoom had faced a humiliating security breach, exposing the login information of over 500,000 users In yet another credential stuffing attack, hackers appear to have gained access to the accounts by using username and password combinations that were obtained in previous data breaches Eventually, the data was available for purchase on hacker forums

on the dark web for as low as one penny Information taken includes host keys, email addresses, personal meeting URLs, and login credentials Due to this, criminals were able to log in and attend meetings or utilize the data for other malicious purposes

4.2.4: Twitch (October 2021)

- Twitch is one of the largest streaming platforms in the world for people that want to go on to play games, and chat with other people On October 7th,2021 Twitch put out a tweet from Twitter that their datahas been hacked due to server configuration changes The hackers also leak out every information such as username, and password from a streamer the most important is that the hackers leak how much money Twitch or all the top streamers on the platform made from streaming, this is very personal and when they leak out all of that information, everyone socks, and question twitch a lot

- The hacker hacked almost 100% of all the data in Twitch and know they are selling it on the market for money

4.2.5: Crypto.com(January 2022)

- Peck shield Security claims that 4,600 ETH, or almost $15 million, were stolen from

CryptoCrypto.com Yesterday, users started to notice suspicious activity in their accounts Crypto.com promptly intervened to halt withdrawals, but not before the thieves stole the stolen Ethereum Insinuating that the hack happened on the company's hot wallets, Crypto.com asserts that no user funds were taken However, this does not explain why customers were the first to detect suspicious activity in their accounts.Following a short period of time, Crypto.com acknowledged that certain users had experienced

"unauthorized activity" in their accounts, but added that "all funds are protected," which doesn't explain why some users' accounts had lost ETH

5 Discuss the consequences of this breach

- Nintendo: Approximately 300,000 accounts have been impacted after 160,000 accounts were allegedly

hacked in a credential stuffing assault

- CS.MONEY: A total of 6 million dollars’ worth of skin have been stolen and user data have been leaked

out to the public

- Zoom: It was discovered that the virtual conferencing application had had an embarrassing security

breach, revealing the login information of over 500,000 users On forums on the dark web, the data was sold

- Twitch: Hacker stole almost 100% of information and sell it to the market for money, almost every

streamer account gets deleted

- Crypto.com: 4,600 ETH valued at roughly $15 million was hacked and moved to ambiguous wallets

6 Suggest solutions to organizations

- Develop a data breach prevention plan:

+ Get organized and create a plan of what you want to do and how you're going to do it When dealing with possible data breach concerns, you may also look back to your data breach prevention strategy It's important to remember that it cannot be a permanent solution to data breach To assist in reducing dangers that are always changing, it must be very adaptive All the best practices mentioned in this post should be part of your plan to avoid data breaches

- Encrypt sensitive data:

+ In the case of a security incident, encryption may also be your only hope This is due to the fact that any data that is obtained by a hacker will be altered and rendered useless Encryption is your closest

companion but if malicious actors are able to circumvent your security systems, it can be your only hope Any information obtained by hackers will be worthless if handled properly

+ Small enterprises can make use of three main types of encryption technologies:

- Advanced Encryption Standard (AES)

- 256-bit encryption

- XTS block cipher

- Keep personal and business hardware separate:

+ Small businesses are a little bit different from most enterprises They don't have a lot of resources, therefore the temptation to use the same laptop for work and for personal usage is constant Your risk exposure might be greatly increased, though Instead, it's preferable to get a second computer to share withfamily and utilize a dedicated machine for your business This strategy can significantly reduce the risk of data breaches affecting your data The data on both devices might potentially be encrypted as an additionalstep

Task 2 – Describe at least 3 organizational security procedures(P2)

1 Definition:

- Is a set of procedures that must be followed in order to carry out a certain security obligation or function

is known as a security process Procedures are frequently created as a series of steps to be taken

consistently and repeatedly in order to accomplish a certain purpose Once established, security proceduresprovide a set of detailed methods for carrying out the organization's security operations, simplifying training, process auditing, and process improvement The consistency needed to prevent variation in security operations is established via procedures, which enhances security control inside the company

2 Organizational security procedures :

2.1 Incident Response (IR) Procedure:

- Provide the necessary procedures for incident management, reporting, and monitoring, as well as incidentresponse training, testing, and support, to ensure that the is prepared to respond to cyber security

incidents, secure State systems and data, and avoid interruption of government services

- This type of policy usually includes information about:

+ The organization's incident response team

+ Each team member's role

+ The people in charge of testing the policy

+ How to put the policy into action

+ The technological means tools, and resources that will be used to identify and recover compromised data

- Incidents Phases:

+ Preparation phase: The preparation phase refers to the teaching and preparing of system users and

the IT staff in responsible for responding to security concerns Along with identifying potential

incidentrelated tools and resources, this phase should also adopt preventative measures including

conducting regular risk assessments and increasing user awareness

+ Identification phase: Recognizing and identifying a security event, as well as determining the

seriousness and importance of the issue that was found In this phase, incidents using popular attack vectors (such as media, the Web,…) are identified Additionally, detectable precursors are identified, initial analysis and validation are performed through file integrity checking, data is filtered, and evidence

is preserved

+ Containment phase: Instructions on how to separate systems that have been impacted by the assault

to avoid further damage to other systems

+ Eradication phase: identifying the occurrence's origin and deleting the affected systems

+ Recovery phase: getting affected systems back to where they usually operate

+ Post-incident phase: capturing the entire incident, conducting a thorough investigation,

identifying the cause of the incident, estimating related costs, and developing a plan to stop such

incidents in the future

- Elements of an incident response policy:

+ Preparation: Create a team of internal incident responders, and create procedures to be followed in

the case of a cyberattack Review security procedures and do risk evaluations that account for external assaults, internal abuse/insider threats, and circumstances when external reports of possible security holes and exploits are made Know your most valuable assets and prioritize known security concerns or

vulnerabilities that cannot be fixed right away so you can focus on serious security events involving important infrastructure and data

+ Identification of an incident response team: Establishing an incident response team centralized

incident response teams and distributed incident response teams are the two different forms of incident response teams Large firms are more likely to utilize the second kind because it enables them to

successfully coordinate personnel in settings with different cultural, linguistic, and legal contexts, whereas small organizations are more likely to use the first form

+ Information about the system: System specifics, such as network and data flow diagrams, hardware

inventories, and logging data, should be included in the policy

+ Incident handling and reporting procedures: Another important section of the policy should define

the methods for dealing with and reporting an event (suspected or occurred) Such processes should identify what occurrences will trigger response measures, in addition to guidance on how to report the incident For example, the rules should address whether the organization would respond to a prospective attack or if the assault must be successful to trigger response measures

+ “Lessons Learned”: is a part of an incident response policy which is an essential feature that is

sometimes overlooked Which such an effort and the uses of meeting and a discussion among all

stakeholders concerned, might be a useful tool in enhancing security measures in the business and the incident handling process itself

+ Reporting to outside parties: Timeframes and procedures for reporting to third parties, such as IT

workers, security analysts, data protection or law enforcement agencies, media, impacted external parties, and software providers, may be included in an incident response policy

2.2 Discussion on Acceptable Use Policy

- Acceptable Use Policy(AUP): An AUP outlines the restrictions and procedures that employees

who use organizational IT assets must accept in order to have access to the business network or the

internet For new employees, it is a typical onboarding protocol Before being assigned a network ID, they must read and sign an AUP It is suggested that the IT, security, legal, and HR departments of a firm consider what is included in this policy

- General Use and Ownership: This policy applies to any data produced or stored on the

Organization's systems All data including non-public personal information must be encrypted before being electronically transmitted For this policy, all information and data residing on the organization's systems and networks are considered the organization's property

- Security and Proprietary Information: The official website of the organization should not

include any sensitive information Information on the organization's systems, including public and private websites, should be categorized as either public or sensitive, according to the organization's information sensitivity policies Passwords must be kept confidential and not shared with anyone else The security of

their passwords and accounts is the responsibility of authorized users + Access to sensitive information

through application accounts

+ Authorized users must exercise great caution when opening e-mail attachments, which may include viruses, e-mail bombs,…

2.3 Discussion on Remote Access Policy

- Remote Access Policy:

+ For remote users connecting to the network, a remote access policy acts as a guide It expands the office's network and computer usage regulations, such as the password policy As long as their devices are likewise complying with the rules, it aids in ensuring that only those users who require network access are granted access When done correctly, it assists in defending the network against potential security risks

- Important: Although studies have shown that remote work has many advantages for businesses, it is

also true that the development presents significant security issues for IT departments Some users, especially less tech-savvy ones, could assume that connecting securely to the internal network from

outside the workplace is not necessary, putting the network at danger of malicious activity

- General: A remote access policy should specify who can provide users remote access as well as what

activities are permitted when connected remotely It is advised to delegate user assignments to direct supervisors Guidelines for acceptable usage make sure users don't utilize the network for pointless activities To guarantee that only approved users are granted access to the network, the IT department should adopt centralized control of data access

- Requirements: Secure remote access must be rigorously regulated, and only those personnel approved

by the Information Security Officer should have access Authorized users must not give their login credentials to anyone else, and they must not write or keep a record of their login credentials unless the approves differently, authorized users may only access the network using equipment provided by

organization Authorized users are responsible for ensuring that any remote host connected to the

organization's internal networks is running antivirus software with the most recent virus definitions

Task 2.1 – Propose a method to assess and treat IT security risks (M1)

Discuss methods required to assess security threats?

- Using information technology to develop an ISRM (Information Security Risk Management) program is one of the most effective strategies that can be suggested The NIST framework is a suitable

option for developing an ISRM because it offers a thorough, adaptable, repeatable, and quantifiable method for improving how IT systems are developed, protected, and monitored

- Here is some of the power that ISRM have that will help manage risks:

+ It ensures that efforts and resources aren't wasted on inconsequential dangers

+ It enables senior management to make better strategic decisions by providing them with knowledge about the organization's risk profile and risk treatment priorities

+ It saves time and effort

+ ISRM data and risk analysis may help organizations come up with solutions that will help them

accomplish and even surpass their goals

- The process of ISRM:

+ Identify / Data analysis:

+ Sarbanes-Oxley financial information that needs to be regulated Health Insurance Portability and Accountability Act, or HIPAA, requirements in healthcare records

+ Information on workers that might subject them to cybersecurity dangers like identity theft regulations + Information that is only known by the company, such as trade secrets and product development

+ Protect – Asset Management:

+ Establish the associated business "owner" for each risk that has been identified in order to get support for the suggested controls and risk tolerance

+ Define the security measures needed to reduce your exposure to security issues

+ Implement access restrictions to limit access to those who actually require the information

+ Employee security awareness training on how to handle sensitive data properly

+ Implementation:

+ Review of current controls and identified security risks

+ Development of novel threat detection and containment controls

+ Choose network security tools for threat assessments of real and imagined dangers +

Security Control Assessment:

+ Ensure that there is a continual data risk analysis when apps are added or modified

+ Ensure that there is a continual data risk analysis when apps are added or modified

+ Regular efficacy tests should be conducted on network security measures

+ Information Security System Authorizations:

+ You may determine the following using the authorization stage:

* Are the appropriate people informed of ongoing threats? Is this completed quickly?

* Review the emails, papers, graphs, and other notifications that your controls have produced Who keeps track of how warnings are received?

+ In addition to who is notified, this authorization step must also look at what actions are made and how promptly The reaction time is crucial to minimizing data loss or theft when your data is in danger

+ Risk Monitoring:

+ Creating a safe environment for your technological assets depends on adopting an information risk

management approach A risk treatment strategy that includes the implementation of a sophistited

software-driven control and alarm management system is beneficial Analyses and monitoring must be done constantly You must often review your reports, alerts, and analytics if you want to stay up with this activity

What is the current weakness or threats of an organization?

+ Weakness: A weakness that might be challenging to overcome is a lack of funds for security-related

expenses A vulnerability that might lead to a damaged brand and lost revenues is the failure to enforce intellectual property protection Another flaw is a relaxed approach toward upgrading software security Some flaws will require financial investment to be fixed, such as new security measures However, other initiatives, including informing staff about the necessity of securing the office after hours, are free

Computer access might be prevented with a simple measure like switching passwords to random

combinations of digits and characters

+ Threats : When it comes to storms, fires, earthquakes, and flooding, Mother Nature also poses a

security risk To assist in preparing for these events, backup vital data and documents Additionally, you should be informed about and ready for new computer threats, hacking methods, and malware attacks Make sure to use the best and most up-to-date antivirus software to secure your computer systems Threats

can also come from disenchanted clients, unimpressed staff, or unethical rivals They can try to spread false information about your company on blogs or social media platforms To find out who is criticizing

your company, you should often conduct a search on it

What tools will you propose to treat IT security risks?

- In IT security risk, I will use security tools which is OCTAVE The Software Engineering Institute's (SEI) Networked Systems Survivability (NSS) Program has started to create the Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVESM) framework to define an assessment of the risk to information security Organizations can use OCTAVE to develop a set of self-directed tasks for managing their information security risks.The majority of enterprises nowadays depend on information systems The missions of organizations depend on the integrity, accessibility, and confidentiality of information But when it comes to making decisions regarding information protection, few businesses givetheir most crucial information assets the attention they deserve

- OCTAVE addresses technological and organizational concerns to build a complete picture of an

enterprise's information security requirements so because of that OCTAVE process has 3 phase :

+ Phase 1 : Build Enterprise-Wide Security Requirements

+ In phase 1 , Information assets and their values are determined, together with risks to those assets and security needs, utilizing the expertise of the people from various organizational levels and standard information catalogs For instance, staff members are questioned about their familiarity with the

organization's assets, risks, and current protective measures using recognized threat profiles and sound organizational and technological practices The purpose of the first stage of OCTAVE is to utilize this information to determine the enterprise's security needs

+ In this phase , there are 4 processes comprise :

+ Process 1 : Identify Enterprise Knowledge is the first process This method determines the assets that top management believe to be the most important, their valuations, potential risks to those assets, risk indicators, and the enterprise's present asset protection plan

+ Process 2 : Identify Operational Area Knowledge this is the method that identifies the essential assets that operational area managers believe are important, their values, potential risks to those assets, risk indicators, and the existing enterprise security plan

+ Process 3 : Determine Staff Knowledge This approach identifies the essential assets and values that staff-level employees believe are most important, as well as threats to those assets, risk indicators, and the enterprise's existing asset protection plan

+ Process 4 : Establish Security Requirements To create an enterprise picture of the assets, this step combines the unique viewpoints described in the preceding three stages

+ Phase 2 : Identify Infrastructure Vulnerabilities

+ Phase 2 of OCTAVE expands on the data gathered in phase 1 by mapping the organization's

information assets to the information infrastructure components in order to pinpoint the most crucial infrastructure elements An infrastructure vulnerability evaluation is then carried out to find any

weaknesses The infrastructure vulnerability evaluation is based on standard information catalogs, much like in phase 1 such as standard intrusion scenarios and vulnerability data At the end of phase 2, the organization has identified the vulnerabilities, missing rules and practices, and components of the

information infrastructure that are of high priority

+ In this phase , there are 2 processes comprise :

+ Process 5 : Information infrastructure should be mapped to high-priority information assets To determine asset locations, access routes, and data flows, this approach integrates Phase 1 asset and threat information with staff expertise of the information architecture The identification of the most important infrastructure parts results from this

+ Process 6 : Evaluate the Vulnerability of Your Infrastructure This process combines staff knowledge

of the information infrastructure and standard catalogs of intrusion scenarios and vulnerabilities with knowledge about assets, threats, risk indicators, and security requirements established in phase 1 to identify missing policies and practices as well as infrastructure vulnerabilities

+ Phase 3 : Determine Security Risk Management Strategy

+ The data gathered during stages 1 and 2 of OCTAVE are built upon in phase 3 Assets, threats, and

vulnerabilities found in OCTAVE's earlier phases are examined in the context of typical intrusion

scenarios to identify risks The projected hazards' effect and likelihood are then utilized to assist prioritize the risks One of the objectives of phase 3 is to create a protection strategy for the company and to produce

a complete plan for managing security risks The prioritized list of risks is utilized in conjunction with datafrom the previous phases to accomplish these objectives

+ In this phase , there are 2 processes comprise :

+ Process 7 : Multidimensional risk analysis should be done Using intrusion scenarios, this procedure

evaluates the asset, threat, and vulnerability data discovered in phases 1 and 2 to provide a set of risks to the enterprise Prioritizing the risks is done by estimating the effect and probability risk characteristics + Process 8 : Develop Protection Strategy Through the identification of potential mitigation measures and the subsequent selection of the most effective ones based on aspects like cost and resource availability,the protection plan is developed through this process During this procedure, a thorough security risk management system is also created

Task 3 – Identify the potential impact to IT security of incorrect

configuration of firewall policies and IDS (P3)