Cyber Scope This week for your capstone portfolio project, now that you have discussed hardware, software, scope, and other processes, it is important to begin a discussion on access to the system and

Cyber Scope

This week for your capstone portfolio project, now that you have discussed hardware, software, scope, and other processes, it is important to begin a discussion on access to the system and authentication. How will you ensure that individuals have access to only what they need?

Using what you learned about authentication and session, write a 2 page paper describing what you would utilize to keep individuals in their appropriate role-based access as well as protecting the confidentiality and integrity and authorization methods inside your project.

Be sure to use what you learned this week in conjunction with your previous weeks materials to complete this milestone paper.

Your paper should be 2 pages in length not including references

Include at least two scholarly references in addition to the course textbook.

Cyber Scope This week for your capstone portfolio project, now that you have discussed hardware, software, scope, and other processes, it is important to begin a discussion on access to the system and
Cybersecurity Awareness Name CSU Global Cybersecurity Capstone ITS481 Ofori Boateng 07/31/2022 Cybersecurity Awareness Cybersecurity awareness is defined as the continuous process of educating and training people about the threats that lurk in cyberspace, how to prevent such threats, and what to do if a security incident occurs. Individuals must become aware of the dangers of browsing the web, checking email, and interacting online on websites that are not safe. Also, people should be advised to use strong passwords, use a comprehensive internet security suite, keep their software up to date, control their social media settings, improve their home network and talk to their children about the internet. It is also crucial to ensure that cybersecurity training is mandatory for everyone, implementing it with the same spirit and seriousness as other risks. People should also be educated on phishing and different ways to prevent it; phishing is the fraudulent practice of sending emails that appear to be from a legitimate source to compel victims to reveal sensitive information such as passwords and credit card numbers (Schaberreiter et al., 2022). Ensuring that specific rules for browsing, emails, and mobile phone use are also an adequate measure of promoting cybersecurity. Including security posters displayed at different organizations and security awareness content on different websites will help increase awareness. A study found that using the internet to raise awareness is the best strategy out of the different methods. Users must be aware of the organization’s security policy to increase security awareness. Cybercriminals are constantly devising new methods to circumvent the most advanced defensive tools and technologies, compromising the security of confidential information such as emails. In 2021 alone, 85 percent of data breaches were caused by cyber criminals, with 94 percent of malware distributed via email (Moallem, 2019). Cybersecurity awareness is essential for data protection; it helps secure information and protects the system from virus attacks. Week Activities Week 1 Introduction and Literature review Week 2 Methodology and Objectives Week 3 Research scope and Discussion Week 4 Conclusion and Bibliography Projected Timeline References Moallem, A. (2019). How to improve awareness. Cybersecurity Awareness Among Students and Faculty, 59-67. Schaberreiter, T., Quirchmayr, G., & Papanikolaou, A. (2022). A case for cybersecurity awareness systems. Cybersecurity Awareness, 1-19.
Cyber Scope This week for your capstone portfolio project, now that you have discussed hardware, software, scope, and other processes, it is important to begin a discussion on access to the system and
7 Strategies, possible Threats, possible Threat Actors, and Infrastructure Name CSU Global Cybersecurity Capstone Ofori Boateng 08/07/2022 Strategies, possible Threats, possible Threat Actors, and Infrastructure Providing a safe and reliable network for a local company will fall under the purview of this project. The network will have a virtual private network, an intrusion detection and prevention system, and a firewall. Only specific kinds of traffic will be permitted via the firewall, while default settings will block all other forms of traffic. The configuration of the intrusion detection and prevention system will make it possible to identify and thwart assaults made against the network. Implementing the virtual private network (VPN) will ensure the network’s connection to the internet is kept secret and secure (Aiello, 2021). The first thing that needs to be done to build a secure network is understanding the dangers it will encounter. An attempt to render a computer or network inaccessible to its regular users is known as a denial of service attack (DoS). A denial of service assault, sometimes known as a DoS attack, is the most typical cyberattack. Injecting malicious code into a network or being infected by a virus or worm can all lead to a denial of service attack (Krzykowska-Piotrowska et al., 2021). A Man-in-the-Middle (MitM) attack is an additional form of danger. An attempt to intercept or manipulate communications that are taking place between two or more parties is referred to as a MitM attack. Attacks utilizing man-in-the-middle techniques can be brought about by either the installation of malicious software on a computer or by a hostile individual who possesses the ability to intercept communications. The data stored on a network are the most valuable asset there is. Computers, servers, and other types of storage devices are all capable of storing data. Data can also be sent across networks, such as the internet, which connects computers worldwide (Geien -Janulion , 2018). The next thing that needs to be done to build a secure network is to list the assets that require protection. The secrecy of communications, the integrity of communications, and the availability of services are three more assets that must be safeguarded. Locating the weaknesses already present in the network is the third phase in establishing a secure network. The usage of weak passwords, improper configuration of equipment, and software defects are all potential causes of vulnerabilities. After a vulnerability is discovered, it is necessary to patch it or take other preventative measures. Vulnerabilities, threats, and assets can all contribute to the creation of risks. It is necessary to conduct a risk assessment to ascertain the probability of an event and its potential consequences. Identifying the threats currently present in the network is the fourth phase of building a secure network. The implementation of security measures is the fifth phase in the process of establishing a secure network. A network’s hazards can be mitigated by implementing various security mechanisms. A firewall is the most frequent and widespread form of security control. You can use a firewall to prevent all traffic from entering your network or restrict it to only specific categories of data (Maloletko, 2015). Access control lists, virtual private networks, and intrusion detection and prevention systems are some of the other forms of security measures. The monitoring of the network is the sixth phase in the process of building a secure network. Monitoring the network’s performance in addition to the network itself can be done with network monitoring software. Network monitoring can either be done manually or automatically through the software. Responding to events constitutes the seventh and last step in developing a secure network. Incidents can be brought on by either malicious attacks or technical difficulties with the network. When something terrible happens, it is critical to act quickly and take the necessary precautions to limit the harm. Recovering from an incident constitutes the eighth step in developing a secure network. Rebuilding the network or retrieving data from backups are two options for performing a recovery after an incident. Preventing future events is the ninth phase of establishing a secure network. Patching vulnerabilities, putting security rules in place, and keeping an eye on the web are all effective ways to forestall the occurrence of future events. Establishing a secure network reaches its tenth and last stage when the network itself is documented. The network documentation can be utilized to assist in problem-solving and can also be used when making plans for the network’s future growth. Conclusion Every company needs to prioritize maintaining a safe and secure network. Understanding the threats, determining the assets, resolving the vulnerabilities, evaluating the risks, putting in place security controls, monitoring the network, responding to incidents, recovering from incidents, preventing future incidents, and documenting the network are the steps involved in developing a secure network. Building a secure network Storage of valuable assets Weakness identification Threats identification Implementation of security measures Network monitoring Responding to the events Recovering process References Aiello, S. (2021). Human/Personnel Security Threats: When Employees Turn Insider Threat Actors. SSRN Electronic Journal. Geien -Janulion , I. (2018). The Consequences of Perceived (In)security and Possible Coping Strategies of Lithuanian People in the Context of External Military Threats. Journal On Baltic Security, 4(1), 5-14. Krzykowska-Piotrowska, K., Dudek, E., Siergiejczyk, M., RosiDski, A., & WawrzyDski, W. (2021). Is Secure Communication in the R2I (Robot-to-Infrastructure) Model Possible? Identification of Threats. Energies, 14(15), 4702. Maloletko, A. (2015). New Possible Threat of Economic Safety of the Hospitality Industry of the Crimea. Contemporary Problems Of Social Work, 1(3), 98-101.
Cyber Scope This week for your capstone portfolio project, now that you have discussed hardware, software, scope, and other processes, it is important to begin a discussion on access to the system and
Hardware and Software Name CSU Global Cybersecurity Capstone Ofori Boateng 08/14/2022 Hardware and Software Summary of Hardware The hardware components will include proxy servers, firewalls, network access control, and email security gateways. The proxy servers will prevent cyber attackers from gaining access to private networks by allowing the clients to make indirect connections when accessing network services. Intrusion detection and prevention systems will be used to identify and thwart identified threats to the network (Sadqi & Mekkaoui, 2020). The firewall will permit only specific types of traffic while the default settings will block all other forms of traffic. This will help to proactively monitor and prevent malicious traffic from entering the network by thwarting both denials of service (DoS) attacks to malware on end-point devices. Web application firewalls block or allows traffic based on suspicious activity or predefined criteria (Sadqi & Mekkaoui, 2020). On the other hand, the network access control will link the state on the endpoint devices with network authentication to secure the devices connected to the network. The email security gateways monitor the incoming and outgoing email traffic from viruses, spam, compromised accounts, and phishing attempts by detecting anomalies with the network and connected devices. Summary of Software There are several software tools that will be deployed. For instance, SolarWinds Security Event Manager can help during log correlation and analysis as well as both network and host intrusion detection (Hale, 2016). This is an important cloud-based software tool to use for threat intelligence. It also offers an event log archive and a comprehensive set of integrated reporting tools. The online password protection feature of the System Mechanic Ultimate Defense software makes it unique and important in the setting. Antivirus software such as Avast software and Bitdefender Total Security software would also be suitable for network threat protection and multi-layer ransomware protection. Finally, ESET Encryption software will help to safely encrypt hard drives, files, media, and emails, increasing security against cybercrimes. Potential Vulnerabilities Some of the potential vulnerabilities will include operating system vulnerabilities, network vulnerabilities, and human vulnerabilities (Abomhara & Køien, 2015). Operating system vulnerabilities are the vulnerabilities that hackers identify and exploit in an operating system in order to gain access to the assets on the operating system. For example, having superuser accounts from the software could be used by hackers to gain access to network resources. Network vulnerabilities include issues with both the hardware and software such as poorly configured passwords which expose the network to intrusion by outside parties (Abomhara & Køien, 2015). On the other hand, human vulnerabilities include user errors that may create exploitable access points or expose sensitive data. The areas that will require additional security and attention will thus include ensuring the network is secure and reliable, ensuring the data stored is safeguarded, as well as identifying and mitigating potential threats to the computing devices on the network. This will help to provide a safe and reliable network for the local company during the project. References Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security and Mobility, 65-88. Hale, B. (2016). Estimating log generation for security information events and log management. Retrieved September, 15. Sadqi, Y., & Mekkaoui, M. (2020). Design Challenges and Assessment of Modern Web Applications Intrusion Detection and Prevention Systems (IDPS). In The Proceedings of the Third International Conference on Smart City Applications (pp. 1087-1104). Springer, Cham.
Cyber Scope This week for your capstone portfolio project, now that you have discussed hardware, software, scope, and other processes, it is important to begin a discussion on access to the system and
Penetration Testing and Footprinting Name Cybersecurity Capstone CSU Global Professor Ofori Boateng 08/25/2022 Penetration Testing and Footprinting Before attempting to secure a network adequately, it is essential first to understand the potential risks posed by the network. Testing for network penetration and leaving a digital footprint are two required methods that may be utilized to evaluate the level of security provided by a network. The process of assessing a computer system, network, or web application to locate weaknesses that an adversary could exploit is called penetration testing or pen testing. Footprinting, on the other hand, refers to the act of gathering knowledge about a target system to have a better understanding of the vulnerabilities that it possesses (More & Rohela, 2018). Both penetration testing and footprinting can be used to collect information about the target system. Penetration testing is used to find vulnerabilities, and footprinting is used to learn about the target system. When used in conjunction with one another, these two technologies make it possible to get a complete picture of the state of security within a given system. When testing for vulnerabilities, many different approaches may be taken. Social engineering is a common strategy that a lot of people use. Accessing a system is attempting to guess passwords or other information to gain access. To accomplish this, one must deceive another individual into divulging knowledge that can be utilized to break into a computer system. Using what is known as brute force attacks is yet another common strategy. When conducting penetration testing and footprinting, you can choose from various tool and method options. Metasploit, Nmap, and Burp Suite are some of the most prominent tools utilized in penetration testing. Metasploit is a robust framework for exploiting software vulnerabilities, and it can be used to launch attacks against a target computer or network. Nmap is a tool for network exploration that may be used to search a network for systems susceptible to attack. Burp Suite is a web application security testing tool that may be used to locate vulnerabilities in online applications. This can be accomplished by using the device (Koster, 2016). When carrying out a penetration test, it is essential to use the appropriate tools and approaches for the particular system being tested. For this illustration, let’s say that the target system is a web application. In this case, the primary objective of the penetration test should be to identify any flaws in the online application. If the target system is a network, the penetration test’s primary goal should be to identify weak spots in the network’s security. The process of footprinting can be carried out utilizing a vast number of tools and approaches. Whois, traceroute, and DNS enumeration are three of the most common techniques utilized throughout the footprinting process. Whois is a tool that may be used to acquire information about a domain name, such as the contact information for the owner, registrar, and other relevant parties. Traceroute is a tool that can be utilized to map the path that data travels from its origin to its final destination. DNS enumeration is a method that can be used to gather data regarding a domain’s DNS records (Shinde & Ardhapurkar, 2016). This data may include the name servers and MX records. Footprinting is a method that can be utilized to collect a wide variety of information concerning the target system. This information may include the system’s IP address, the type of software installed on it, and the operating system currently being used by the system. This information can determine the most effective way to launch an attack on a particular system. References Koster, K. (2016). Cone penetration testing: a sound method for urban archaeological prospection. Archaeological prospection, 23(1), 55-69. More, S., & Rohela, A. (2018). Vulnerability Assessment and Penetration Testing through Artificial Intelligence. International Journal of Recent Trends in Engineering & Research, 4(1), 217-224. Shinde, P. S., & Ardhapurkar, S. B. (2016, February). Cyber security analysis using vulnerability assessment and penetration testing. In 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave) (pp. 1-5). IEEE.

Needs help with similar assignment?

We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper

Order Over WhatsApp Place an Order Online

Do you have an upcoming essay or assignment due?

All of our assignments are originally produced, unique, and free of plagiarism.

If yes Order Similar Paper