Buya-an, Vince S.

BSIE 3A

115 Information Systems Assignment No. 2

Answer the following questions.

1. Provide four reasons why computer Incidents are so prevalent. Which of these do you think is
the most significant? Why?

1. **Increased Connectivity:** More connections increase vulnerability.

2. **Human Factor:** User actions contribute to incidents.
3. **Sophisticated Attacks:** Evolving tactics by cybercriminals.
4. **Complex Systems:** Modern systems’ intricacy makes them susceptible

The human factor is crucial, as user actions often contribute to incidents.

2. List the four perpetrators most likely to initiate a cyberattack.

1. **Hacktivists:** Driven by social or political motives.

2. **Cybercriminals:** Motivated by financial gain, often using ransomware.
3. **Nation-states:** Engaged in cyber-espionage or geopolitical motives.
4. **Insiders:** Individuals with internal access exploiting their position.

3.What is the meaning of attack vector?

* An attack vector is the pathway or method that a cyber threat uses to exploit vulnerabilities and
compromise a system or network. It can include methods such as phishing emails, malware, software
vulnerabilities, or other means by which an attacker gains unauthorized access.
4.Identify three commonly used attack vectors.

1. **Phishing:** Deceptive emails or messages to trick users into revealing sensitive information.
2. **Malware:** Software designed to harm or exploit systems, often introduced through
malicious downloads or infected files.
3. **Vulnerability Exploitation:** Targeting weaknesses in software or systems to gain
unauthorized access, often through unpatched or outdated software.

5.List five cyberattacks that pose serious threats to an organization.

1. **Ransomware Attacks:** Encrypting files and demanding payment for their release.
2. **Phishing Attacks:** Deceptive attempts to obtain sensitive information.
3. **Distributed Denial of Service (DDoS):** Overloading a network or website to disrupt services.
4. **Advanced Persistent Threats (APTs):** Prolonged, targeted attacks with a focus on stealth
and data theft.
5. **Insider Threats:** Malicious actions or unintentional security breaches by employees or
associates.

6.List all the likely consequences of a major data breach. Which of these are likely to be the most serious
and long lasting?

1. **Financial Loss**
2. **Reputation Damage**
3. **Regulatory Penalties**
4. **Operational Disruption**
5. **Identity Theft**

The most serious and enduring consequences are often reputation damage and regulatory penalties.
Consequences of a major data breach include:

1. **Financial Loss:** Cost of recovery, legal actions, and compensation.

2. **Reputation Damage:** Loss of trust and credibility.

3. **Regulatory Penalties:** Fines for non-compliance with data protection laws.

4. **Operational Disruption:** Downtime and disrupted business operations.

5. **Identity Theft:** Personal information misuse.

The most serious and long-lasting consequences often revolve around reputation damage, as trust once
lost is challenging to regain. Additionally, regulatory penalties can have enduring effects on an
organization.
7.You are going to perform a security risk assessment for your small company. What steps must be
taken?

Performing a security risk assessment for a small company involves:

1. **Identifying Assets**

2. **Assessing Vulnerabilities**

3. **Identifying Threats**

4. **Evaluating Impact**

5. **Risk Analysis**

6. **Risk Mitigation**

7. **Regular Review**
8.Deciding if a cyberattack is serious enough to warrant shutting down or disconnecting a critical system
from the network is an action associated with which action of the response plan?

Deciding to shut down or disconnect a critical system from the network in response to a cyberattack is
associated with the “Containment” phase of the response plan.

9.What actions can a managed security service provider take to improve the security of an organization?

A Managed Security Service Provider (MSSP) can enhance organization security by:

1. **Continuous Monitoring**
2. **Vulnerability Management**

3. **Intrusion Detection and Prevention**

4. **Incident Response Planning**

5. **Security Awareness Training**

6. **Firewall and Endpoint Protection**

7. **Data Encryption**

8. **SIEM Implementation**

9. **Regular Security Audits**

10. **Threat Intelligence Integration**

10.Define the term computer forensics.

**Computer forensics** is the process of investigating and analyzing electronic evidence for legal
purposes, involving the collection and preservation of digital data.

11.Hundreds of a bank’s customers have called the customer service call center to complain that they
are receiving text messages on their phone telling them to log on to a Web site and enter personal
information to resolve an issue with their account. What are all the potential consequences of this
attack? What actions should the bank take?

**Potential Consequences:**

1. **Identity Theft**
 2. **Financial Loss**

3. **Reputation Damage**

4. **Operational Disruption**

**Actions:**

1. **Immediate Communication**

2. **Investigation**

3. **Customer Education**

4. **Enhanced Security Measures**

5. **Collaboration with Authorities**

6. **Fraud Resolution Support**

**Potential Consequences:**

1. **Identity Theft:** Customers might unknowingly provide personal information to attackers.

2. **Financial Loss:** Fraudulent activities could lead to monetary losses for customers.

3. **Reputation Damage:** Trust in the bank may erode due to the phishing attack.

4. **Operational Disruption:** Increased call volume may disrupt normal customer service
operations.

**Actions the Bank Should Take:**

1. **Immediate Communication:** Alert customers about the phishing attempt through various
channels.

2. **Investigation:** Conduct a thorough analysis to identify the source and extent of the attack.

3. **Customer Education:** Educate customers about phishing risks and provide guidance on
verifying legitimate communications.

4. **Enhanced Security Measures:** Strengthen security protocols and monitoring to prevent

further attacks.
 5. **Collaboration with Authorities:** Report the incident to relevant law enforcement agencies
for further investigation.

6. **Fraud Resolution Support:** Provide assistance to affected customers in resolving any

fraudulent activities.

These actions aim to mitigate the impact of the phishing attack and enhance overall security measures.