100%(14)14 out of 14 people found this document helpful
This preview shows page 1 - 4 out of 16 pages.
Running head: CYBERSECURITY INCIDENT REPORT 1Cybersecurity Incident Report CST 630 Project 2University of Maryland University College
CYBERSECURITY INCIDENT REPORT2Cybersecurity Incident ReportSANS Institute states, “Bring your own device (BYOD) is a current industry trend that allows employees to use their personal devices such as laptops, tablets, mobile phones and other devices, to connect to the internal network. The number of external devices that can now connectto a company that implements a BYOD policy has allowed for a proliferation of security risks. The National Institute of Standards and Technology lists these high-level threats and vulnerabilities of mobile devices: lack of physical security controls, use of untrusted mobile devices, use of untrusted networks, use of untrusted applications, interaction with other systems, use of untrusted content, and use of location services (2019).” Wireless devices and bring your own device (BYOD) computing in the workplace often increases productivity and convenience, but such ubiquitous access to resources can be a significant threat to organizational security, and BYOD computing adds another layer of concern for the incident manager (UMUC). As a cybersecurity incident manager I will identify, manage, record, and analyze security threats and incidents in real-time and provide a robust and comprehensive review on the infrastructure. The aim of this CIR is to educate management on the threats, impacts, protections, and incident response strategies related to wireless, mobile, and bring your own device (BYOD) policies.Wireless and BYOD Security PlanLast year, we introduced the BYOD policy allowing end users to bring their devices (laptops) for use on the company’s network. This policy allowed for direct and wireless connection to the network. After analyzing the policy, it revealed lack of security configurations and monitoring needed to combat threats to the network.Rogue Access Points
CYBERSECURITY INCIDENT REPORT3The threats for the Wireless Local Area Network (WLAN) originate from two primary sources: unauthorized equipment and rogue access points. The unauthorized equipment was not identified as we had not set up proper security configurations or monitoring for unauthorized devices. A rogue access point (AP) is a wireless access point installed on a secure network without the knowledge of the system administrator. According to the PCI DSS, “unauthorized wireless devices may be hidden within or attached to a computer or other system components, or be attached directly to a network port or network device, such as a switch or router” (Glover). A rogue AP can be both hardware and software. The rogue access point subsequently steals the information the end user provided in order to impersonate the end user to the true network AP.