Question

In: Computer Science

Saudi Aramco post cyber security attack. Make a plan that relates to statements of policy. Recommend...

Saudi Aramco post cyber security attack. Make a plan that relates to statements of policy. Recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Focus on disaster and incident response protocols as well as access control. Then assess the proposed method on maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan.

Solutions

Expert Solution

Saudi Aramco post cyber security attack.

This was one cyber war between Iran and Saudi, security experts considered this as retaliation by Iran to Saudi for "Stuxnet", which breached Iran cyber environment.

Actually the Aramco post has sequel too, first the attack was done on 2012 by a virus called "shamoon", which is not only capable of breaching also to destroy the data precisely.

The attack was continued on 2017 with the same virus. Cyber experts saying this was consider one of the first ever cyber attack against a kingdom as well as the oil and gas area.

Peoples from cyber security companies like Trust wave too commented on this attack.

Learning from the attack:

While looking into the attack deeply, Saudi hasn't take enough security measures post this attack, because in 2017 the same "shamoon" has been involved in the sequel attack.

They have not studied the first attack to avoid it later. Every organization should study from the past experience and need to update then and there to get hurt from same attack twice.

Below are some of the response protocols need to be followed during disasters.

1. The predominant option is to study the existing attack and get ready to face it in any format.

This step will helpful in preventing the organization's security in later time.

2. Once we know that we got attacked, need to safeguard the rest data by closing all the access as well as moving all to temp secondary storage location (may be cloud) to mitigate the scale of risk.

This step is not to prevent, but to reduce the scale of damage.

3. Only security related and top hierarchy people has to take charge of sensitive data,until recovering from the attack.

This will ensure that rest of sensitive data are in our control.

4. There should be ready to go external security team available, round the clock to scrub the incidents and to research more about it during the instances of attack.

The live interrogation during the attack will allow the security personals to come with more information and proper ideas to avoid this kind of case happening in future.

5. Mainly when the organization sense the attack, immediately we need to stop all the external communication from companies Network, which can be a shield as well as our client system too will be safe.

This step not only help us, but also the clients relied on our network.


Related Solutions

Prompt: You will submit your creation of a cyber-security policy. The cyber-security policy will assess how...
Prompt: You will submit your creation of a cyber-security policy. The cyber-security policy will assess how the organization will interpret security issues that occur in the workplace. The cyber-security policy will also distinguish and examine ethical issues in the workplace that pertain to social media, email, and privacy. Compose an organizational security policy that protects the confidentiality , integrity , and availability of EQUIFAX DATA BREACH IN 2017 Original Question : Prompt: You will submit your creation of a cyber-security...
Discuss Cyber Security as it relates to the role of the US government. Discuss Cyber Security as it relates to the responsibilities of the individuals who are involved in creating the technology.
(a) – Discuss Cyber Security as it relates to the role of the US government. (b)– Discuss Cyber Security as it relates to the responsibilities of the individuals who are involved in creating the technology.  
Cyber security Security Policy: , write a small antivirus policy for the IT infrastructure and users...
Cyber security Security Policy: , write a small antivirus policy for the IT infrastructure and users in a small business an elementary school You may research anti-virus policies of organizations on the web, please use and cite responsibly. Security Recommendation: Rose Shumba manages the IT security for a school. Given the wide range of people who use the school’s computers, it is challenging for Rose to prevent virus infections. She has installed an anti-virus on each machine and has a...
Compare and contrast cyber security policy of Victorian and NSW governments
Compare and contrast cyber security policy of Victorian and NSW governments
Cyber security write a small antivirus policy for the IT infrastructure and users in a small...
Cyber security write a small antivirus policy for the IT infrastructure and users in a small business an elementary school You may research anti-virus policies of organizations on the web, please use and cite responsibly.
Which cyber security measure would have been most likely to have prevented the 2016 successful attack...
Which cyber security measure would have been most likely to have prevented the 2016 successful attack on the Democratic National Committee (DNC): A. Stronger passwords used by DNC employees B. 2-factor authentication that uses a password and a security question for the user C. Hardware 2-factor authentication D. 2-factor authentication that uses a password and a text to the user's phone E. Software 2-factor authentication
Describe with examples, the various layers of security that are critical to your security plan policy.
Describe with examples, the various layers of security that are critical to your security plan policy.
Plan, Develop and Manage a Security Policy Background: Consider that the Commonwealth Government of Australia is...
Plan, Develop and Manage a Security Policy Background: Consider that the Commonwealth Government of Australia is planning to launch ‘My Health Record’ a secure online summary of an individual’s health information. The system is available to all Australians, My Health Record is an electronic summary of an individual’s key health information, drawn from their existing records and is designed to be integrated into existing local clinical systems. The ‘My Health Record’ is driven by the need for the Health Industry...
This week we will be continuing our journey to develop and communicate a cyber-security improvement plan in our case study assignment for PureLand Chemical.
This week we will be continuing our journey to develop and communicate a cyber-security improvement plan in our case study assignment for PureLand Chemical. During week-4, we’ll be developing and submitting a description of the threats and vulnerabilities facing PureLand Chemical.1. First, read the document titled,  COMMON VULNERABILITIES IN critical infrastructure control systems.pdf  available in Blackboard or u can directly search in google. This document will provide an overview of common vulnerabilities of ICS systems.2.Using the information in the common vulnerabilities document...
What type of storage container would you tell Mr. Fisk to recommend in his security plan for Memory Backup Company?
Assets Corporation has accepted a contract to assist a small start-up firm, Memory Backup Company, in creating a security program to protect its new automated memory stick technology. Assets Corporation owner, James Fisk, has assigned you to the task of evaluating the need for safe storage. The following information is provided:- The company keeps all its records on its own memory sticks.- There is very little cash kept on the premises.- The information regarding the development and production is kept...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT