Question: Cyber Security is a major concern to legitimate businesses around the world. It is also the largest growing illegitimate business. What are 2 main attack vectors on the technical side discussed in class? What is the 1 main vector for attack on the social engineering side? Explain how IT managers can best thwart attacks. What is a good business approach to creating a solid defense strategy?Explain the elements.
Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, sabotage, or unauthorized access. Two main attack vectors on the technical side are the denial of service and sniffing which is gathering data off wireless transmissions. One main vector for the attack on the social engineering side is spear-phishing, which is an E-mail spoofing attack on a specific organization or individual, designed to gain unauthorized access to sensitive information.
For an IT manager, she /he should recognize the serious threat and work with trusted security companies to find as many software and hardware vulnerabilities as possible and take appropriate precautions:
1. Ensure that computer systems run updateable software, regularly patch network applications and keep them up to date.
2. Educate employees with the best safety practices, and often use cases to illustrate the methods, countermeasures and techniques to realize the safety process for employees at different levels, such as not opening emails and attachments from unknown sources.
3, take measures to prevent the infiltration of social engineering, beware of internal staff leaks. 4. Frequently conduct penetration tests to find and repair system vulnerabilities, and then test and repair them.
5. Deploy layered security mechanisms, such as anti-virus tools, Web application firewalls, and spam filters.
6. Hired external experts to help enterprises find security defects and deploy security measures.
A good business approach to creating a solid defense strategy should include the functions of monitoring, detection, and response. Network monitoring collects data about the state of the network. Traffic analysis requires examining the services being used on the network or system and comparing them to expected activities. This allows people to identify suspicious services on the network. The detection module mainly focuses on identifying possible events, recording information about events and reporting intrusion attempts. The response module refers to make the response action according to the attack methods.