Scribd Logo
Upload

Welcome to Scribd!

  • 181 views

    Peer-Graded Assignment Attack Surfaces

    Uploaded by

    crimwis
    The document discusses five areas of risk to consider for systems risk management: what, where, when, how, and why. It provides examples for each area. To change each area of risk and reduce security losses, the organization needs to assess the five risk categories, only connect to trusted networks, verify information before clicking links, follow security policies, and use common sense. The organization can be more secure by applying the CIA triad to prevent losses, using hashing to protect information, and storing encrypted passwords in databases.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Peer-Graded Assignment Attack Surfaces

    Uploaded by

    crimwis
    181 views2 pages
    The document discusses five areas of risk to consider for systems risk management: what, where, when, how, and why. It provides examples for each area. To change each area of risk and reduce security losses, the organization needs to assess the five risk categories, only connect to trusted networks, verify information before clicking links, follow security policies, and use common sense. The organization can be more secure by applying the CIA triad to prevent losses, using hashing to protect information, and storing encrypted passwords in databases.

    Original Description:

    Attack Surfaces

    Original Title

    Peer-graded Assignment Attack Surfaces

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses five areas of risk to consider for systems risk management: what, where, when, how, and why. It provides examples for each area. To change each area of risk and reduce security losses, the organization needs to assess the five risk categories, only connect to trusted networks, verify information before clicking links, follow security policies, and use common sense. The organization can be more secure by applying the CIA triad to prevent losses, using hashing to protect information, and storing encrypted passwords in databases.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    181 views2 pages

    Peer-Graded Assignment Attack Surfaces

    Uploaded by

    crimwis
    The document discusses five areas of risk to consider for systems risk management: what, where, when, how, and why. It provides examples for each area. To change each area of risk and reduce security losses, the organization needs to assess the five risk categories, only connect to trusted networks, verify information before clicking links, follow security policies, and use common sense. The organization can be more secure by applying the CIA triad to prevent losses, using hashing to protect information, and storing encrypted passwords in databases.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 2

    Project Title

    SYSTEMS RISK MANAGEMENT: ATTACK SURFACES

    Explain 5 areas which could be considered risks. Keep in mind these are not all
    technical risks.
    The five areas of risk are what, where, when, how, and why.
    The first one is the what of risk. When we talk about ‘what’, it refers to a possible
    compromise of security which one gain an access to the system or what we access
    might compromise security. A good example is that, an information that your employees
    are accessing could have an impact with your company.
    The second one is the where of risk. Where we connect to could jeopardize the
    integrity, if not the confidentiality, of our systems. In the where of risk, it is about where
    we connect, is that network that we are connecting trustworthy? These networks are
    classified as trusted or untrusted. Our trusted network is something we understand and
    trust because we know who maintains it. Untrusted networks are areas where we have
    no idea who owns them, don't trust them, and have no idea who the owner is.
    The when of risk. When in risk really happens when there are large events. Donating to
    the Red Cross is an excellent example. Many websites exist that imitate the Red
    Cross's response to natural disasters, and the money raised could be misused by a
    malevolent actor. In other words, the when of risk exist when there are big events like a
    disaster for example. Scammers will take advantage to that event, they might pretend a
    legitimate organization and enticing you to click a link to donate for example but truth is,
    it is a scam, and might pay something you did not order.
    The how of risk. The how of risk manifests itself in a failure to follow security best
    practices. In other words, the more knowledgeable we are in terms of security best
    practices, the less risk is involved in doing something that compromises security.
    Lastly, the why of risk. In general, logical reasoning and understanding why we apply
    the best practices reduces our risks. When logic and common sense aren't used, the
    risk level rises. For example, you shouldn't click on that link you know you shouldn't, or
    you shouldn't open that email you know you shouldn't, or you shouldn't surf the internet
    in a coffee shop.
    Your answer needs to be a little bit longer. Write a few sentences to complete your
    assignment.

    How would you change each area of risk? Explain your answers.
    To change each area of risk not to loss security, we need to preserve and protect the
    confidentiality, integrity and availability of the company’s information. In so doing we
    need to assess the five categories of risk in order to determine the degree of probability
    and criticality that a loss of security might happen. In what of risk, to be more secure
    and productive, we need to have the right software. In where of risk, to lessen the risk,
    we should only connect to a trusted network. In when of risk, to avoid being scammed,
    we should verify information before clicking it. In how of risk, to reduce the risk, we
    should security policies of the company. Finally, we should use our common sense not
    to be a reason for a loss of one of the three pillars of CIA triad.
    Your answer needs to be a little bit longer. Write a few sentences to complete your
    assignment.

    In a paragraph, offer suggestions as to how the organization could be more


    secure based on what you have learned throughout the course.
    I hereby suggest the following:
     Apply CIA triad to prevent loss of confidentiality, loss of integrity, and loss of
    availability.
     Apply hashing to protect information.
     In log ins, Windows uses NTLM to store hashes
     The password is padded with NULL bytes to exactly 14 characters. If the
    password is longer than 14 characters, it is replaced with 14 NULL bytes for the
    remaining operations.
     The password is converted to all uppercase.
     The password is split into two 7-byte (56-bit) keys.
     Each key is used to encrypt a fixed string.
     The two results from step 4 are concatenated and stored as the LM hash.
     Databases should store your password as an encrypted password. This should
    be a function of the database implementation on the server side.
     In rainbow tables, used to store many hashes for a certain type of hashing
    algorithm.
    Your answer needs to be a little bit longer. Write a few sentences to complete your
    assignment.

    You might also like