This
iteration is aimed at identifying and classifying the critical systems that are
used in funning business operations in the different sectors like banking
services, electronic insurance trading, online marketing, and payment systems
among others. The researcher will also research and define the risks related to
the various systems and cite the cybersecurity risks, attacks, and
vulnerabilities. The researcher will carry out own research on the Web to
achieve the research objectives for this iteration using various scholarly
articles, books, and magazines. The research that is intended to take one week
will be arranged in such a way that specific things will be done at each
section as the researcher has planned. The search will take place from the
school library because it provides free Wi-Fi and that will also help to avoid
expenses on purchasing Internet bundles and a lot of traveling.
In
the first day of research, the researcher plans to ensure that he sets out the
objectives that will guide him through the entire iteration. These objectives
will be guided by the time available to conduct the search as well as the items
that should be covered within that short time. In the second day, the
researcher plans to identify, examine, and classify the critical systems for
the business that should be protected from cyber attack. The third day through to the fourth day the
researcher plans to search to determine and define the different types of
cybersecurity risks, attacks, and vulnerabilities for the identified business
critical systems. In the last day of the search, the researcher will compile
what he had learned in the iteration to identify the next course of action.
Action
The
research work for this first iteration began on September 4, 2017, with the
definition of the objectives for the iteration based on the schedule and the
research task at hand. The specific objectives and milestones were identified
after which the researcher was ready to go. The second day the researcher
visited the school library ready to begin the actual search to identify the
mission-critical systems upon which a business depends on its functionality. He
stated that by identifying the sources of reference. These critical business
systems were identified, defined, and classified accordingly based on valid
sources including magazines, peer-reviewed articles, and books. The researcher
also searched to understand how to differentiate these critical systems. The
classification identified the business critical systems were identified as safety-critical,
mission critical, business critical, and security crises.
On
the third and fourth day, the researcher searched Web and used the gathered
sources to identify the types of security risks, attacks, and vulnerabilities
to which the critical systems are exposed. These are also the things that
threaten the three objectives of system security including reliability,
availability, and integrity. The researcher conducted the search and identified
and understood the cybersecurity attacks and risks including malware, phishing,
SQL injection attacks, cross-site scripting, denial of service, session
hijacking and man-in-the-middle attacks, rogue software, advertising, and
drive-by downloads. The researcher then searched to determine the
vulnerabilities to the business systems and the identified vulnerabilities fall
into the following groups: physical vulnerabilities, natural vulnerabilities,
hardware/software vulnerabilities, media vulnerabilities, communication
vulnerabilities, emanation vulnerabilities, and application vulnerabilities.
The search was concluded by compiling all that had been learned to identify the
next course of action.
Observation
Through
this search on the business systems and infrastructure risks, several things
were observed about the critical systems, cybersecurity risks, information
technology risks, threats, and vulnerabilities. The researcher observed that
the business systems are critical to the business’ livelihood and should be
safeguarded from the cyber attacks by all means possible. The researcher
observed that a critical system must be highly reliable and retain that
reliability as it evolves without experiencing costs. The maintenance of that
reliability and other security objectives that include integrity and
availability is not possible without proper security measures. It was observed
that business first must identify its critical systems to be able to decide how
to safeguard them from the cyber attacks, risks, and seal any vulnerability. As
observed, the four types of critical systems include business critical, safety
critical, mission-critical, and security crises.
It
was observed that the critical systems are prone to cybersecurity risks,
attacks, and vulnerabilities. A threat is a possible cause of an event or
incident that may lead to harm of a system. The risk is a possibility for
failure, damage, or destruction of a system or asset due to a threat exploiting
the vulnerability. On the other hand, vulnerability is a weakness in the system
that can be exploited by a threat. The common arsenal of cyber security attacks
as identified included malware, phishing, denial-of-service attacks, cross-site
scripting, malvertising, man-in-the-middle and session hijacking, credential
reuse, and SQL injection among others. These cyber attacks pose risks to an
information system such as business disruption, loss of privacy, financial
losses, legal penalties, damage to reputation, loss of confidence, and impaired
growth. The common vulnerabilities as identified include but not limited to software
bugs, hardware/software flaws, application flaws, ineffective controls, broken
processes, and human error.
Reflection
This
first iteration was aimed at understanding the business critical systems and
the infrastructure security risks, threats, and vulnerabilities to which these
systems are exposed. It went on well in most areas as the researcher had
anticipated. For one, the researcher completed the search within the specified
time, and this was as a result of proper time management. Also, had not been of the objectives that had
been highlighted then it would have been impossible to go by the schedule and
timeline. The research was a good start off to the research as this iteration
set the foundation and the pace for the rest of the research work. All the
information that the researcher was investigating acquired it and this was a
very good signal for the success of the research. All the sources used for
reference provided useful information required by the researcher.
As
the researcher continued with the research work and used various sources of
reference, it gave him a good opportunity to learn about information as he also
compared and contrasted it for a comprehensive understanding. Using scholarly
and peer-reviewed references ensured that the information acquired was reliable
and valid and thus would be used for making informed decisions in the future.
Also, doing a single-handed search helped the researcher to get firsthand
information and to acquire problem-solving skills. However, involving other
researchers would have also helped to clarify some other things and to enhance
the researcher’s insight of the materials. In the future, the researcher,
therefore, plans to liaise with other experts in the cybersecurity arena to get
to understand more this area and accomplish the remaining iterations with much
ease and more expertise than before.
Comments
Post a Comment