Prescriptive Analytics For Cyber Security

tools will help to detect intrusions and other suspicious activities on the network. The third challenge is to improve the

When the GCU gathers evidence for later use for the court, sources of evidence can be monitored to detect threatened incidents in a timely manner. The GCU employee’s needs to be aware of suspicious transaction related to any activity in the customer account. Securing intrusion detection systems (IDS) components are important because IDS are often targeted by attackers that want to prevent the IDS from detecting attacks or want to gain access to sensitive information on the IDS, such as host configurations and known vulnerabilities. In monitoring and auditing, the types of activities recognized as suspicious will be different from different business needs. For example, a forensic accountant may look for specific patterns of financial data to trigger suspicion of fraud or theft. A suspicious event might be multiple emails on a sensitive subject from a person that is not involved in the subject. Recommend resources that can be used

Incident response begins with prevention and security awareness (figure 1). In the case of malware attacks such as viruses, worms or Trojan horses, defense-in-depth plays a large role in the defense and early detection of potential threats to information systems connected to the internet. Personnel utilizing these assets also play a large role in defending and protecting these assets. Authorized users should be aware of all policies and procedures pertaining to the proper use of all networks, applications, and systems within the organization. The

West, J., & Mar, S. (2017). Fundamentals of a cybersecurity program. Internal Auditor. Retrieved from

Incident response and planning is very critical to a business. It’s important Greiblock Credit Union (GCU) financial firm maintain control of these incidents in a timely manner which could reduce cost, and risks. When responding to incidents one should always minimize the severity of all security incidents. The analyst should have a clear plan to resolving incidents, while containing the damage and reducing risks (Cichonski et al., 2012). According to Cichonski et all, (2012) most departments have a Computer Security Incident Response team, or designated personnel to handle the variety of incident responses related to Cyber Security. Based on the below, the information can be used in a technique to help an organization to determine the threat against the organization and identify if it’s truly a security breach or serious

By the year of 2016, investments in online security are expected to reach $86bn (Contu et al, 2012). Although this might seem a large sum of money, it is considered necessary since there is an increase in online risks from all over the world. Professional hackers develop malware on a global scale and on a 24/7 basis. Hackers have five objectives when spreading malware over the Internet: to infect/distribute, to steal, to persist, to control and for intelligence (Morris, 2010).

Incident response procedures and supporting enterprise systems need to be defined and installed. A great cyber security incident management system, which includes incident tracking as well as addressing the requirements of data breach and forensics investigations. It provides a solution which covers threat intelligence, malware analysis, and operational feeds, as well as workflow automation of the

Incident Response (IR) is “where personnel move to further identify the scope of the threat in the network and follow response procedures to contain and eradicate”. A key element in almost all incident response systems is the collection and presentation of potential incident information, more usually described as threat intelligence, which comes with two problems. First, the overall volume of data presented by incident response systems, and secondly the isolated manner in which the intelligence is reported. A common response from CISOs is that “I don’t need more intelligence, I just need better intelligence.” That “better” intelligence also needs to be “usable” intelligence by different security controls. It is of little surprise that the

With the widespread use of technology becoming more prominent, acts of cyber terrorism pose an increased threat to safety. Cyber terrorists exploit the internet and its users to commit acts that can be increasingly detrimental to their targets. Some of the terrorist activities include large scale corruption of computer networks by using tools like computer viruses. Certain individuals even have the ability of creating severe damage to government systems, national security systems and even hospital servers. Most of the technology made today only has intentions of making life easier for people. However, skilled users can manipulate the cyber world for negative intentions. Staying informed when it comes to cyber terrorism and cybercrime is important to do because of the increased reliance on technology in society. Steps to improve cyber security before an attack ensures the safety of sensitive information. The topic of cyber security and cyber warfare are interesting topics to keep up to date with. Understanding these topics can be beneficial to my dream of being in the FBI, ensuring the safety of others by working to prevent acts of cyberterrorism.

Abstract: In this real world, protecting the information of an organization that is present in a software and hardware or data present on them is important. Here comes the point of Threat Intelligence, where it recognises the disruption or misleading of the service provide by these data present on the software and hardware in the form of accessing through network, code injection, data injection, hacking of the sites, controlling through physical access or by any means of taking control over the data. Simply, Threat intelligence is the set of data collected, assessed and applied regarding security threats, threat actors, exploits, vulnerabilities and compromise indicators. It is usually presented in either the form of strategic or tactical intelligence. Strategic intelligence involves broader and higher-level abstracts of data to identify threats and how the organization needs to react where Tactical intelligence involves collecting the network information, analyzing it, identifying the threats and responding. By using of this it makes cost effective to organization by reducing security incidents, which increases responsive time by finding solution in a least possible time. It also shows the security incidents, attacks and events. It provides decision support to the organization and possibly a strategic advantage. Threat intelligence also involves series of steps which make the data to be gone through several phases starting with collection, then planning, process, produce

By having a collection of cyber repositories, understanding the metadata, and being notified of cyber-activities, the academic communities along with the private and public sectors could collaborate on similar threats and attacks. Likewise, corrected steps could be taken to detect, alert, and prevent repeated events from spreading throughout different organizations. Thus, safeguarding

This article was the summary of research conducted in order to introduce a network-request-level causal analysis for malware detection (Zhang, H. et al., 2016, p. 181). The major premise of the article was that they propose the use of algorithms to search and monitor triggering events. Triggering events that were not caused by a user action were referred to as vagabond requests (Zhang, H. et al., 2016, p. 183). Events that were occurring without legitimate cause by a user interaction, requests or initiation were viewed suspiciously as possible malware activities (Zhang, H. et al., 2016, p. 183). Examples given were DNS requests given without the user requesting it, or information being sent to a site without authorized initiation.

Anomaly-Based techniques attempt to detect computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous[1]. Anomaly based detection techniques solve the problem of detecting unknown bots based on the traffic anomalies such as high network latency, high volumes of traffic, traffic on unusual ports, and unusual system behavior[1]. Nevertheless this technique meets the problem of detecting unknown botnets[1,2]. Anomaly based detection techniques are classified into two categories: host-based and network based techniques[2].

It is important that organizations prepare for, and are proficient in identifying and handling, possible cybersecurity problems. The model proposed by Schultz, Brown and Longstaff presents the six-phase model of incident response including Preparation, identification, containment, eradication, restoration and follow-up (Lucas & Moeller, 2014). The preparation phase allows Sifers-Grayson to prepare an incident response plan prior to an incident. This first step defines the rules, teams up the personnel and

Governments, organizations and companies co-operate to secure cyber space. In fact, the prevention of cyber criminal activities is the most critical aspect in the fight against cyber crime. It’s mainly based on the concepts of awareness and information sharing. A proper security posture is the best defence against cyber crime (Paganini, Perluigi, 2014)