For the following Threat Categories, describe which type of Control should be put in place in an organisation. Classify the controls as Administrative, Product or Physical, as well as whether the controls will Prevent, Detect, Correct or Compensate.
• Accidental corruption of information • Loss of intellectual property • Software piracy • Theft of information (hacker) • Theft of information (employee) • Web site defacement • Theft of equipment • Viruses, worms, Trojan horses • Elevation of privilege • Fire/Flood
|Accidental corruption of information|
Proper shutdown the system
|To protect the accidental corruption of information we should proper shutdown the system.|
|Secure your wireless router||Protect the wireless router using the proper secure password.||administrative||prevent|
|Mask the data||We can mask the data by the masking techniques. The another name of data masking is data obsfucation.||administrative||prevent|
|Loss of intellectual property||Secure the system|
To prevent the intellectual property from the system we can protect it by using the some hashing and password techniques.
|Improve employee awareness||We can improve the employee awareness, it means give proper training to security of property||administrative||Prevent/detect|
|Identify IP and give access to the right people||We will identify our IP and will protect it from the unauthorized access.||administrative||Protect/prevent|
|Software piracy||Beef-up software license agreement||We should always prioritize our license agreement|
|Include the evidence gathering technology||We will embed the technology in the software which will collect the information regarding registration and login, trial version.||administrative||Prevent/detect|
|Our policing effort should be timely||Statutes of limitations may prevent you from recovering for unauthorized use if a few years have passed since the incident occurred, especially if you knew of the incident and did not act.||administrative||prevent|
|Theft of information (hacker)||Don’t download any software|
We should try to avoid the downloading from the any suspicious websites.
|Use anti-virus||We should any anti-virus which is provided by the any company||product||prevent|
|Update os and software||We should regular update the os and softwares||Administrative||prevent|
|It provides the visual change, content and integrity monitoring.|
|Monitis||Cloud based monitoring platform offers blacklist and defacement monitioring||product||detect|
|IPVtec||It is also cloud based and proactively search the anomalies||product||Prevent/detect|
|Theft of equipment|
Use hidden places
|We should search the hidden and protective places to keep the equipments|
|Use the lock system||We should try to keep the equipment in lock.||physical||prevent|
|theftguard||We should use the theftguard to protect the equipment||administrative||prevent|
|Viruses, worms, Trojan horses|
|We should use the antivirus which will protect from the malicious programs|
|Pop-up scripts||We will use the pop-up scripts which protect the application.||product||Detect/prevent|
|update os and softwares||We should update our os and softwares from regular interval||protect||prevent|
|Elevation of privilege|
if you want to send data back to the client-side and be sure it hasn’t been tampered with when it returns, you need to digitally sign the data.
|Keep critical information on the server side||We will keep the important data on the sever side and will only send the session ID’s||Administrative||prevent|
Use digital keys
|For the access to the any information we will provide the digital signature keys.||administrative||prevent|
Robust, high quality firewalls
We should uses the high quality firewalls to protect the records.
|Keep the data in cloud||This is the best to protect the data form any kind of natural calamity||product||prevent|
|use external drive||Store the data in the external drive||product||prevent|