Recognizing Possible Risks, Responding to Them, and Recovering

Any corporation should also have cyber risk mitigation methods and procedures to help protect commercial networks and computers.

Risk mitigation employs controls to reduce risk since traditional defense tactics such as anti-virus and firewalls are insufficient to protect the organization against tough and highly complex threats.

Risk mitigation is the most effective technique for dealing with malware in an organization's information systems.

It protects against the exploitation of security flaws that cannot be eliminated.

In this regard, the organization can utilize strategies for risk mitigation to prevent viruses and malware such as application whitelisting, patch application, and user application hardening as well as web and email content filtering.

The organization should use detective controls since they are clearly effective to survey activities on the system.

Some of the detective control mechanisms that the organization must employ include software change control, vulnerability management and network boundary/periphery control.

Introduction

When identifying possible malicious vulnerabilities, threats and attacks, the organization should respond appropriately to handle the malicious activities.

Therefore, a strategy is required to deal with every kind of risk o the malicious threats and attacks (Jacobson & Idziorek, 2016).

Moreover, the firm should also setup controls that can assist in mitigating vulnerability to support in protection of business networks and computers.

There are various strategies that can be utilized to maintain the safety of the networks which include risk avoidance, risk acceptance, risk assignment, risk mitigation.

Risk mitigation utilizes controls to minimize the risk because conventional strategies of defence such as anti-virus, and firewalls are not adequate to protect the firm from difficult and highly complicated threats.

Risk acceptance involves identifying, recognizing and accepting threat if it has minimal impact to the system (He, Chan & Guizani, 2015).

Risk avoidance encompasses eradication of threats so that it is avoided but it is usually difficult because of the firm’s requirements.

Risk assessment entails the acquisition of insurance cover for the purpose of restoration and recovery emerging from data exposure and equipment theft (Rudd, et al, 2017).

Strategies for Addressing Risks

The most prevalent malicious threat and attack are from malwares and viruses.

The organization is vulnerable to various kinds of viruses hence the need to safeguard computers and networks.

Viruses can attack the network in several ways especially through the website and emails on the internet.

Therefore, the most effective strategy for addressing the risk of malicious attack would be to risk mitigation (Jacobson & Idziorek, 2016).

Malware and viruses cannot be transferred or avoided to another firm.

In addition, the malware cannot be categorized as an acceptable risk because their damages will be greater than resources needed to safeguard the computers and networks.

In this regard, the strategies of risk avoidance, assignment, or risk acceptance cannot be adopted.

Risk mitigation entails the decrease in possibility or effect of an exposure to a risk.

Precisely, it consists of instituting a number of policies and systems to diminish a risk by safeguarding against the misuse of security weaknesses that cannot be eradicated.

The decisions on risk management focus on balancing the resources and costs against the kind of risk and moderation that will result (He, Chan & Guizani, 2015).

Some of the strategies for risk mitigation to prevent viruses and malware include application whitelisting, patch application, and user application hardening as well as web and email content filtering (Jacobson & Idziorek, 2016).

Application whitelisting is a mitigation strategy that uses trusted or approved programs to stop performance of malicious or unapproved programs and installers such as Windows scripts Host, HTML Application and PowerShell.

A suitably configured execution of application whitelisting assists to avert the undesired software irrespective of whether it was clicked from email attachments or downloaded from the internet.

Such strategy is essential because it protects sensitive servers such as email servers, and Active Directory as well as other servers requiring user authentication (He, Chan & Guizani, 2015).

In this regard, it controls antagonists from operating malware that acquire passphrase hashes.

Application whitelisting also acts as a barrier to cyber threats as it rejects unapproved programs from working (Rudd, et al, 2017).

Patch applications can act as risk mitigation strategy.

It includes use of applications such as web browser extensions/add-ons and Adobe Flash.

Additionally, patch computers are a higher risk of security threats within 48 hours.

The organization should utilize updated version of programs because they integrate extra security technologies such as anti-exploitation abilities and sandboxing (Jacobson & Idziorek, 2016).

In addition, it should avoid using applications or programs that the vendor does not support with patches for malware.

In this regard, thorough testing should be applied in deployment of patches, upgrades to servers that provide extra security capabilities and features (Rudd, et al, 2017).

User application hardening is a mitigation strategy that substantially assists in reduction of computer’s attack surfaces.

It also assist to lessen attackers utilizing malicious materials trying to dodge application whitelisting by either utilizing legitimate functionality of the application or security susceptibility for which a seller patch is inaccessible.

The organization should concentrate on hardening the application configuration that is exposed to the internet interaction (Jacobson & Idziorek, 2016).

For instance, it eliminates advertisements on the internet, which can be used by the attackers to affect the integrity of the system.

Furthermore, the organization should use systems that filter content on emails and website.

Content filtering of websites and emails helps to review and sanitise the attachments, PDFs and hyperlinks.

Therefore, it enables the company to prevent instances of antagonists sending malicious emails because email content filtering scrutinize files in an organized way in order to reject new emails or websites that do not come from official servers of the organization (He, Chan & Guizani, 2015).

Control for Risk Mitigation

Four different control mechanisms can be utilized to mitigate the threat, which include corrective, detective, preventative, and administrative.

In particular, administrative controls ensure that staff understand and adhere to the procedures and policies.

On the other hand, preventative measure attempt to stop malware from utilizing vulnerability access the computers or networks (Rudd, et al, 2017).

Detective measures notice a threat in the system while corrective mechanism minimizes the impact of a threat on the procedures.

Out of the four categories of control, the organization should use detective controls since they are clearly effective to survey activities on the system and then recognize cases where procedures or practices were not adhered (Jacobson & Idziorek, 2016).

The first strategy on risk mitigation is software change management/control, which refers to the development of software that is then installed by official person, and traced on production system.

To be successful against malware and viruses, software change control (SCC) procedures should be able to monitor software via its operation and deployment (Jacobson & Idziorek, 2016).

Therefore, the alteration to software should be automatically identified.

Upon identification of an alteration, an authorized person should review the change.

Moreover, the detection mechanism should take place instantly after changes are discovered (Rudd, et al, 2017).

Similarly, changes should be identified on every platform of operating system, which allow scrutiny for integrity since malware operatives can attempt to corrupt or disable the software utilized for monitoring change.

Additionally, change monitoring must also deal with role assignments and security configuration such as privileged accounts, firewall rules, and start-up variables (He, Chan & Guizani, 2015).

The monitoring of privileged accounts should be confirmed together with a program of usage of authorized account in order to distinguished authorized use from unauthorized use.

Security configurations and firewall rules over every network system must also undergo change control.

In this regard, there should be automated process of assessing policy compliance to the network connections.

Both outbound and inbound traffic of network must be scrutinized for known signatures and patterns of malware using prevention and intrusion detection mechanism (Jacobson & Idziorek, 2016).

Any Internet traffic that may be a channel for malicious content must be routed to block areas where alternative servers may be accessing sensitive data.

The third control mechanism should pay close attention on vulnerability management.

The organization should establish standards for application security and operating system, which will facilitate compliance its goal for access to system data, facilities and programs (Rudd, et al, 2017).

Such standards must be enforced with programmed or automatic software for checking compliance, and that software must be checked or integrity.

All software security and operating system reinforcements must be used to any structure for which they are accessible (Jacobson & Idziorek, 2016).

In addition, there should be systems to facilitate manual log evaluation process to highlight confirmation of intrusion.

Risk management, control identification and selection processes are so important because they allow identification, eradication and resilience of the system.

Precisely, it guarantee that instances which have been detected from malicious activities are classified in order to initiate follow-up and offer detailed insights into the general state of the malware background (Rudd, et al, 2017).

In addition, it allows for the removal of infected system from the organization and their reconstitution in a manner that do not permit malware persistence.

Reconstitution is crucial because it ensures that system configurations are in such a way that they remain secure (Jacobson & Idziorek, 2016).

Finally, they guarantee that malware occurrences do not have long-term effects on the firm’s operations.

Conclusion

Various strategies that can be utilized to maintain the safety of the networks which include risk avoidance, risk acceptance, risk assignment, risk mitigation.

Risk mitigation is the most effective strategy to handle malware in the information systems of the organization.

Four different control mechanisms can be utilized to mitigate the threat, which include corrective, detective, preventative, and administrative.

However, the organization should use detective control mechanisms, which helps to identify the security threat (He, Chan & Guizani, 2015).

Risk management, control identification and selection processes are so important because they allow identification, eradication and resilience of the system (Jacobson & Idziorek, 2016).

Therefore, the organization should use such strategies to ensure the security and sustainability of its operations.

References

He, D., Chan, S., & Guizani, M. (2015). Mobile application security: malware threats and defenses. IEEE Wireless Communications, 22(1), 138-144.

Jacobson, D., & Idziorek, J. (2016). Computer security literacy: staying safe in a digital world. CRC Press.

Rudd, E., Rozsa, A., Gunther, M., & Boult, T. (2017). A survey of stealth malware: Attacks, mitigation measures, and steps toward autonomous open world solutions. IEEE Communications Surveys & Tutorials.