Lab #1 - Lab#1 Jessica Risch Friends University 10 Top 3 Risks-Threats-Vulnerability within User Domain(Not in any specific order 1 Social

Lab #1 - Lab#1 Jessica Risch Friends University 10 Top...

This preview shows page 1 - 2 out of 4 pages.

Lab #1 Jessica Risch Friends University 10. Top 3 Risks-Threats-Vulnerability within User Domain (Not in any specific order) 1). Social Engineering Attacks 2). Malware or malware-less attacks 3). Internal Threats 13. Two articles: 1). 2017 Threat Landscape Survey: Users on the Front Line 2). Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey 14. The first article I chose was 2017 Threat Landscape Survey: Users on the Front Line . SANs surveyed organizations across the United States to determine the threats that the company saw, the impact of the threat, and the detection or response to the threat. In the survey, it was determined that spearfishing and whaling were the most significant threats against organizations in 2017, with ransomware coming in as a surprising second. These risks outranked threats such as spyware, Trojans, SQL injections, worms, and DDoS attacks. Unfortunately, this does not mean that these threats do not exist. In reality, DDoS and ransomware attacks are becoming more damaging than ever. This begs the question of whether organizations are really focusing on the appropriate threats when establishing their defenses, staff training, and policies/procedures. The recommendation provided is for organizations to work to bridge the gaps in IT staff capabilities using tools, training, and experience. The second article I chose was Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey . Most organizations state that the majority of threats originate from an external threat with more than 60 percent stating that they have never experienced an internal compromise. Pairing this information with the fact that 38 percent of companies state that they do not have an effective method of detecting insider threats is alarming. This brings up the uncertainty of organizations being compromised by internal threats but not knowing that their systems/network have been attacked. Therefore, when reviewing an organization’s vulnerabilities and working to determine where the risks lie within the system, it is important to construct security measures around the most critical data. The data that is compromised will determine the impact of the breach. By ensuring that proper security measures are used to ensure these critical assets (this does not indicate that security within other areas of the

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture