Cyber-Attack Penetration Test and Vulnerability Analysis

Assets are sensitive and fragile utilities, and their protection should always be a top priority. Yet, there are still some vulnerabilities that may emerge for a variety of reasons. Some of the most vulnerable assets include financial access data, which requires being careful about how data is accessed. It can be disastrous if the clients' access info is revealed. Second, health care data is sensitive since it contains entire patient details and records. If this asset's vulnerabilities are exploited, it will result in data insecurity since confidential records such as medical problems, diagnosis, and treatment will be accessed by those who are not permitted. Another vulnerable asset is the personally identifiable information of both customers and employees. This asset primarily holds the personal authentication detail of staff and clients of a given firm. An exploit on this system may lead to identity theft in that a client’s information may be used to access details wrongfully (Stiawan, Idris, Abdullah, Aljaber, & Budiarto, 2017). The fourth vulnerable asset is property company data. When an exploit is done on the company’s earnings statement, R&D, losses, projections, bids, and growth/shrink projections, will lead to the paralysis of the operations of the company. Any slight manipulation of the earnings, growth rate and losses will make the property company lose massive amounts of cash. The fifth asset that can be vulnerable is customer payment data. An exploit on this asset is devastating as it will major on credit card numbers and CC security codes. When a third party accesses the credited card number and its corresponding security codes, they will siphon all the funds and leave the real owner with no cash. The last vulnerable asset is the network access information. Network access system holds private personal information of individuals and confidential company information. Exploiting the user and administrator accounts will lead to information insecurity. One may also harm the victim by posting nasty messages or images to tarnish their name.

Control/Policy

To control these vulnerabilities, various control policies have to be put in place so as to prevent any form of exploitation. In this case, three control/policies were used to suit the user, acceptable use, and database access. To begin with, network traffic and log monitoring control are used to monitor the activities of the user and their session timers (Yu Cong, 2013). This policy keeps the record of the time when a user logs into their respective account and the duration they stayed online. This way will enable the users to know if there was an unauthorized login to their accounts. The second control is network wide anti-virus and anti-malware application use. This policy ensures that the operations in the user accounts and information are bug-free and there is no way it can be corrupted by malicious viruses. It also detects and stops any viruses that pose an effect to the account. The third control is the database compartmentalization. This policy organizes the database as a block of data which can only be accessed when you have the access codes to the “compartment.”

Information System Audit

An information system is sensitive as it contains personal information and secrets that people of institutions don’t want to be known by the general public or a third party. The three controls can prevent an exploit on health care data. To resolve this, network traffic and log monitoring will ensure that only the doctor and authorized personnel log into the patient’s details. Network-wide anti-virus and anti-malware application will safeguard the data from viruses and bugs and database compartmentalization will ensure that the data in the database is securely locked.

References

Stiawan, D., Idris, M. Y., Abdullah, A. H., Aljaber, F., & Budiarto, R. (2017). Cyber-Attack Penetration Test and Vulnerability Analysis. International Journal of Online Engineering, 13(1), 125-132. doi:10.3991/ijoe.v13i01.6407

Yu Cong, R. J. (2013). On Information Systems Complexity and Vulnerability. Journal of Information Systems, 27(2), 51-64. doi:10.2308/isys-50562