Essay on Policies and Procedures in Dynamic Vulnerability Analysis, Intrusion Detection, and Incident Response

Published: 2021/12/02
Number of words: 3848

Introduction

In the contemporary world of technological advancements, network security has become a major concern as hackers hunt for data and information. Greiblock Credit Union has a diversity of financial services from which customers are served throughout the Midwest. This firm has its central office in Chicago, Illinois, and over time it has developed a small scale banking institution which has advanced to making $5 billion in its financial year. However, as the financial services are being offered, network security has been compromised, thereby resulting in limited access to the firm’s systems.

Among the security violations which have been reported in the firm include internet fraud, cyber-attacks and identity theft. These security violations mostly occur as people, especially hackers, search for data and information related to a particular firm. In this regard, the IT department has implemented policies and procedures to counter the attacks and deal with cases of a security breach. As the policies and procedures began to operate, there has been low cases of security violations.

Need an essay assistance?
Our professional writers are here to help you.
Place an order

There are three categories in which the IT department operated under, and they include incident response, intrusion detection, and dynamic vulnerability analysis. GCU IT security team initiated a metric system that can record each category and construct data that can show working conditions of all those categories. The IT department is psyched to achieve absolute efficiency in the working of its system, but since bot systems and humans are prone to error, security issues and attacks are expected within any network. Therefore, in the attempt to uphold network security, there are programs which have been implemented, some enforcement methods have been proposed, and measurable results have been incorporated in the security phenomena.

Dynamic Vulnerability Analysis

1) Vulnerability Analysis Purpose

  • For any security policy, there must be a purpose explaining why the policy is important and the expectations from the staff of any firm. Since it is not entirely possible to have a threat-free system in organizations, a purpose has to be established as well as a plan on how to monitor the system (Bosworth, 2014). The main purpose of the policies and procedures in vulnerability analysis is to minimize cases of cyber-attacks, breaches and intrusions, which could compromise financial services resulting in losses.
  • GCC has many offices which serve hundreds of thousands of customers who have both individual and corporate accounts. In this regard, there is a lot of personal information which the firm holds. Therefore, GCC has come up with measurable programs which can protect the PII of customers as well as their financial records.
  • Since any system is subject to vulnerability, we have initiated systems to monitor our network in an attempt to protect our customers and our financial services. The system can track the activities in the network and show any entry points by attackers.

2) Vulnerability Analysis Scope

  • The scope which is incorporated in the vulnerability analysis describes the capability of the IT technicians to detect flaws or weak ports in the network. Once the defects and weak ports are identified, the IT team can determine which applications are on the verge of compromise by attackers in the network (Muscat, 2017).
  • The system which we have implemented can detect the depth and breadth of the security breach. This means that there is a detection on the depth of the attackers in the network system and how many computers and locations have been infected. With the right number of infected entities, the IT technicians can take proper measures in securing the other computers in the many offices.

3) Vulnerability Analysis Policy

  • A policy has to define clearly the expectations of every stakeholder of any firm on how to handle the involved system. However, for the policies to work, every member of the IT department has to understand how the policies function. In ensuring a well-informed IT team, training will be provided to all the IT personnel across all branches to ensure they possess the right skills and knowledge of dealing with IT issues.
  • In the event of a security breach being identified in the vulnerability analysis exercise, a complete vulnerability disclosure is expected. The person responsible for identifying the breach is required to embrace full vulnerability disclosure or inform the Computer Emergency Readiness Team (CERT). If the breach is not severe CERT handles it otherwise, the CERT Chief Information Officer (CIO) is informed to determine the appropriate course of action.
  • In assessing vulnerabilities, the firm will make use of white hat to help in the identification of potential threats. The white hat performs ethical hacking of the system of the firm to identify weak points of entry any other weaknesses the system may have. This is a crucial part of the IT security policy, which has to be embraced by all the branches and make use of a white hat to scan the network (Rouse, 2019). The system network scans are to be carried out periodically since hackers modify their tactics and so the systems have to be checked regularly.

4) Vulnerability Analysis Enforcement

  • To ensure effective policy enforcement, there has to be a central entity which controls the operations of the IT department. In most cases, the CIO is mandated to oversee the IT department and give daily briefings and updates. In GCU, the CIO briefs the IT department on the vulnerabilities and identified holes which could be subject to security breaches. Therefore, the IT department is able to plan and prioritize on the possible entry points by attackers, thereby maintaining the integrity of the system.
  • For any policy or law to work, the affected entities have to be well informed of the details of the policy. Therefore, the IT team to first understand the policy to allow for easy in its enforcement. The team understand how to handle security breaches and holes. Besides, communication is key, and the management has to have open lines with the IT team as a way to ensure the policy is easily enforced.

5) Vulnerability Analysis Metrics

  • Data to quantify the security proceedings is crucial in taking appropriate actions for security issues. Therefore, besides introducing patches, programs or ethical hackers, their results have to be measured. Tests and verifications have to be enrolled to determine the overall integrity of the systems in the vulnerability assessment exercise (“Vulnerability Assessment and Penetration Testing”, 2019).
  • There are several steps which help in identifying the potential threats as well as carry out vulnerability analysis. Such steps include: Classifying all systems and the network, assigning importance levels based on breadth and depth and finding out potential threats and their effect on the network and all systems. In addition, it is important to define alternative plans for handling ramifications when an attack occurs.
  • Through a step-by-step process, the IT department can track the effectiveness of the program patches and determine their degree of work. The metric system is able to analyze the functionality of the program patches, and when they do not mitigate attacks in a given time, then they are scrapped and more effective patches installed.

Network Intrusion Detection

1) Network Intrusion Detection Purpose

  • In most IT departments or companies, they have an IDS for intrusion detection which is automated to monitor and perform analysis of traffic in the network. After analysis, IDS reports any suspicious, malicious activity and sounds an alert to the responsible personnel. In GCU, we are torn between implementing a host-based or a network system in our IT department.
  • For the host-based IDS (HIDS), the system monitors the activity of a particular host in the and analyze all events the scan for suspicious activity in the host (Wing, 2019). Once suspicious activity is detected, host-based IDS responds through logging the activity and sending a notification to the designated authority.
  • In network IDS, the system monitors the network traffic, and each segment is charged with analyzing both the application and transport protocols for any suspicious activity (Wing, 2019). A network IDS monitors the traffic passing by the network.
  • The main purpose here is to incorporate the policies with IPS (Information Security Policy) which will provide programs for network-based intrusion systems. The systems would monitor the GCU network and detect any malicious activity, intrusions and attacks. In this regard, the overall idea in network IDS is to confirm all traffic passing in GCU’s network is analyzed, and proper reports are made.

2) Network Intrusion Detection Scope

  • In the GCU scope, we will have a defined organizational structure on how it will work and the operations involved in IDS as well as HIDS. At first, it would be challenging to identify the extent to which a hoist has been compromised and the degree of alterations made in the network segments of the firm ( 2016).
  • In determining the scope assessment concepts, three steps are involved, and they include collection, analysis and detection. These steps together report how many network segments, hosts and systems have been compromised (Mink, 2016).
  • When the steps are applied, they help in the investigations in determining how much damage has been experienced. The explanation of the steps is detailed below (Mink, 2016).

– Scope assessment: This entails the number of the compromised segments, systems, credentials and networks that have been detected during the investigation

– Collection: In this step, data is gathered on the affected systems or networks and other media and device surrounding the systems

– Analyze: The gathered data is analyzed for any anomalies and compared with other data to determine the integrity of the affected data.

– Detection: This step makes use of the discovered anomalies during the analysis of the infected systems or network. Such anomalies are then used on scanning the entire network for any other segments or systems which could be compromised.

  • The main idea of the scope cycle is to assist the IT team in following a trail of evidence acquired by collection and analysis of data and information. The assessment is done repeatedly until no other compromised systems or network can be identified. In this regard, the extent to which network segment and systems are compromised is quantified and appropriate plans laid out to deal with the alterations.

3) Network Intrusion Detection Policy

  • GCU’s network intrusion detection policy directs its focus on designing intrusion detection mechanisms on the firm’s systems and network. The idea is to monitor intrusions so as to protect the resources constituted in GCU.
  • The policy will comprise of objectives so that both the management and the IT department understand the intrusion detection concepts. The network intrusion policy objectives for GCU will include:

– GCU’s network intrusion detection policy directs its focus on designing intrusion detection mechanisms on the firm’s systems and network. The idea is to monitor intrusions so as to protect the resources constituted in GCU.

– Advancing the security levels through constant scanning of the systems and networks for any unrecognized intrusions.

– Initiate prevention mechanisms for any unauthorized usage of the systems as well as network segments belonging to GCU.

– Uphold the confidentiality of data and information contained in the systems and network by protection through the prevention and detection techniques.

– Maintain the integrity of the firm’s data and information contained in the systems and network.

– Implement a significant rise in security levels by detection of weak points and ports through a rigid monitoring process.

– Monitor all systems and networks in ensuring only authorized entities are given access to all the available resources of the GCU.

  • The objectives act as guiding principles from which all the IT relevant stakeholders cling to them in the fight against unauthorized access and intrusions from external entities. Besides, even the authorized personnel are sometimes limited to when they can or cannot access some systems or network. Such constraints are defined in the policy as the firm strives to have compromise-free systems.

4) Network Intrusion Detection Enforcement

  • In GCU, we will advocate for the concept of intrusion detection over the network through threat and vulnerability assessment. This is achieved through testing and verification of the host system and network integrity by examining all the stand-alone workstations on the GCU network (Sun, 2018).
  • Intrusion detection plays a major role in the firm’s systems and network when the idea of protecting GCU financial assets and PII of customers sets in. This calls for a comprehensive It training plan which defines how the IT employees will be trained and certified towards enforcing the right intrusion detection techniques. Within the training plan, there will be quarterly training and proficiency testing annually to approve the IT team for GCU.
  • Furthermore, clear communications have to exist between the CIO and his subordinates to ensure proper measures of confidentiality and integrity are followed to the latter without compromise.

5) Network Intrusion Detection Metrics

  • Just like any other organization goals, GCU has a goal of securing the assets of the company, those of their partners who have grown continuously along the grounds of GCU and assets of the everyday customers. As a firm, we have built a design that encompasses all the GCU’s needs and goals under very low maintenance. The design can calculate the percentage of achievements of the firm in protecting the associated assets.
  • The goals encompassed within the design are to be achieved by adhering to these metrics:

– Provision of the most functional detection system in the fight against intrusions.

– Features of the design are programmed to perform automatic checks on the systems and network and give reports on intrusions. Also, the design administrator has specific control which allows him to initiate the checks when needed.

– Every computer that is part of the design is required to maintain sufficient data and intrusion detection information.

-Reliability is mandatory, and since top-notch hardware components and software packages were used, intrusion detection performance is enhanced.

-The design is easily installed and configured in the workstations, on the network and systems.

– Technical support is provided within the It department, and so effectiveness is bound to be experienced.

  • Since our own IT department is monitoring the IDS metrics, then technical support is well utilized, which ensures ease of use and functionality. There have been cases of IDS breakdown in other organizations since they outsource technical support of their hardware or software. At GCU, the case will be different due to the embrace of in-house components.

Incident Response

1) Incident Response Purpose

  • Reports have confirmed that recently companies such as Target, TJ Maxx and a bank in the United Arab Emirates experienced a security breach and hacker managed to steal PII for customers, corporate account information and financial information. Since GCU is a financial institution, we can identify with the Invest Bank security breach in which hackers demanded $3 million in ransom (Bisson, 2015). The core purpose and goal of GCU is to avoid such type of attacks which compromises the integrity of systems and network as well as the confidence of customers in GCU.
  • Within GCU, we believe in our Computer Incident Response Teams (CIRT). We perform operations such as vulnerability assessment, limiting intrusions and constant system monitoring towards protecting the firm. All possible points of entry are fitted with intrusion detection systems which inform the response team to take proper actions. Within the response team, we look for any event which is real or perceived to be real and can impact the systems or network security of the GCU. Each member of the response team is fully aware of their role in maintaining confidentiality aspects, integrity of data and availability of the network and systems.

2) Incident Response Scope

  • In determining the scope of CIRT in GCU, we examine every facet on the ways to respond to incidents. The CIRT team operates under a set of principles which are presented as questions as follows. Once an It member became aware of an incident, how long did it take for the response team to be informed? After notifying the right personnel, did they initiate the proper steps of isolating the intrusion or vulnerability? Was that done within the standard time frame? Did the response personnel put a patch or repair the system to ensure that the network was not offline or inoperable for a certain period? If the incident was able to be mitigated within the required time, was there any significant loss of financial resources and network? Such questions keep every IT member ready for any form of a security incident.
  • It is crucial that GCU CIRT is very responsive and can easily manage intrusions or vulnerabilities so that the firm does not experience significant setbacks in its financial dealings. Also, it is important the customers don’t lose their confidence in the firm following poor responses to incidents. We can proudly say that our CIRT is well trained and certified to deal with even the most severe cybersecurity aspects. Such confidence ensures that GCU suffers no loss in productivity and operability.

3) Incident Response Policy

  • In the incident policy, we want to incorporate the intrusion detection and vulnerabilities policy to come up with a set of rules, practices and principles of GCU and the IT department.
  • A well-defined policy helps an organization to maintain its operations and generate revenue. We have implemented a login banner in which only employees of the firm can log in to. Passwords are expected to comprise of special characters, lower case, numbers, upper case, and no consecutive patterns or characters can be used. This helps in creating a strong password which would take hackers much time to crack. The login banner helps in tracking how many employees have logged on and their identity. The banner also shows the location of the login so that the firm to coordinate system and network security across all the branches.
  • All the employees within GCU are expected to read the firm policy and sign forms of disclosure. The disclosure prevents an employee from accessing improper websites, downloading material over the internet, working for other companies while at GCU, and file mistaken lawsuits for violation of the firm’s usage policy (Wara, 2015). The IT department has been given the rights to track every action of the system and network users, thereby allowing quick responses in case of a violation which could lead to a security breach.

4) Incident Response Enforcement

  • Since we can monitor all the system and network activity, monitor vulnerabilities and monitor intrusions, the firm’s policies can be enforced with ease. If any activity is detected in an unauthorized segment, the firm policy is enforced on the involved individual as a caution for any further violations.
  • Rigid intrusion monitoring enables CIRT to operate the firm programs so as to detect any suspicious activity or anything similar to an intrusion, thereby allowing for quick responses. Besides, the IT team is able to know the possible attempts of entry and make an adjustment so as to prevent future compromise.
  • Running programs that constantly check for vulnerabilities helps in enforcing the firm policy, which consequently helps in incident response. Such programs keep the network and systems in check and report back to allow the IT team to be ready for any form of intrusion or attack.
Worry about your grades?
See how we can help you with our essay writing service.
LEARN MORE

5) Incident Response Metrics

  • The CIRT team in GCU will make use of known metrics to help us in maintaining the operability of the firm. Responses will be for malware, worms, threats, bots, viruses and other forms of attack. The set of metrics will guide us in measuring the breaches, stand-alone vulnerabilities and hacks.
  • In the metric, there will be Containment Time which shows how fast CIRT was able to respond to a risk or exposure (Mason, 2014). In terms of measurable sense, this metric helps GCU in assessing how the incident response team is fairing on its duty.
  • Analysis Time and Volume entails the forensic examination time of data and information (Mason, 2014). This ensures that the response time is minimized and the root cause of incidents is easily determined.
  • Detection is another crucial metric which helps CIRT in determining why a certain incident was successful or not successful (Mason, 2014). Within this metric, we can track the False Positive responses, which could lead to unnecessary work.

Conclusion

GCU continues to grow within the United States and therefore, the need to counteract cybersecurity issues, and cyber-threats is paramount. By incorporating the three IT technical phenomena of intrusion detection concepts, dynamic vulnerability analysis, and the concept of incident response, we ensure continued operability in secure networks. We have ensured that GCU is able to deal with severe cyber incident s through training and certifying the IT department members. Besides, we have advanced equipment to deal with IT issues. The firm has implemented policies and procedures with scope, purpose, enforcement, and metrics which give GCU confidence of advancing its operations in the future.

References

Bisson, D. (2015). Bank refuses to pay $3M ransom, hacker exposes customer account details. Retrieved 16 September 2019, from https://www.grahamcluley.com/bank-refuses-3-million-ransom-hacker-exposes-customer-account-details/

Bosworth, S. (2014). Computer security handbook. Hoboken, NJ: Wiley.

Mason, S. (2014). Incident Response Metrics. Retrieved 16 September 2019, from http://seanmason.com/2014/07/14/incident-response-metrics/

Mink, D., Yasinsac, A., Choo, K. K. R., & Glisson, W. (2016). Next generation aircraft architecture and digital forensic.

Muscat, I. (2017). The difference between Vulnerability Assessment and Penetration Testing | Acunetix. Retrieved 16 September 2019, from https://www.acunetix.com/blog/articles/difference-vulnerability-assessment-penetration-testing/

Rouse, M. (2019). What is a Vulnerability Assessment (Vulnerability Analysis)? – Definition from WhatIs.com. Retrieved 16 September 2019, from https://searchsecurity.techtarget.com/definition/vulnerability-assessment-vulnerability-analysis

Sun, C. C., Hahn, A., & Liu, C. C. (2018). Cyber security of a power grid: State-of-the-art. International Journal of Electrical Power & Energy Systems.

Vulnerability Assessment and Penetration Testing. (2019). Retrieved 16 September 2019, from https://www.veracode.com/security/vulnerability-assessment-and-penetration-testing

Wara, Y. M., & Singh, D. (2015). A guide to establishing computer security incident response team (CSIRT) for national research and education network (NREN). African Journal of Computing & ICT8(2), 1-8.

Wing. (2019). Host Based IDS vs Network Based IDS | securitywing. Retrieved 16 September 2019, from https://securitywing.com/host-based-ids-vs-network-based-ids/

Cite this page

Choose cite format:
APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy
Copy
Copy
Copy
Copy
Copy
Copy
Copy
Online Chat Messenger Email
+44 800 520 0055