Benefits of the Cigital Risk Management Framework
Three reasons for the purpose of increasing trend associated with cyber security attacks on the existing internet are:
- Ransomware is not a new threat, but it is increasing at a rapid pace. Hackers have gained adept in hiding malicious code, and as a result, it has become an easy way for them in order to gain rewards that are financial, which is said to be the main aim behind the rise of Ransomware. The pandemic situation of Covid-19 is also regarded as the factor behind the increasing trend of ransomware. Digitalization has been accelerated due to many organizations making use of it, and the same has been coupled with remote working. This has become the target for ransomware. As a result of the same, volume related to attacks as well as the size of demands has been increased.
- The attacks related to social engineering are further getting smarter, and attack like phishing is becoming a more troubling threat. Attackers are seeking to target the individuals who are getting connected with their employers in work from home practice because it is considered an easy way to target. Therefore, the initiatives related to working from home are considered the major reason for the increase in phishing attacks. SMS phishing is also considered an increasing trend because of the utilization of messaging applications like Skype, Slack, Whatsapp, WeChat and Signal. Attackers are making use of these platforms for trying tricks on the user by downloading different types of malware into their phones.
- The increase in the utilization of cloud services is leading to an increase in the trend of cloud security threats. Cloud vulnerability is considered one of the major trends in the cyber security industry trends. The rapid, as well as the widespread adoption of working in a remote manner due to the pandemic situation, has increased the requirement for utilizing cloud-based services along with the cloud-based infrastructure, further causing security implications for organizations. The major cause of the data breaches and the access that the unauthorized along with account hijacking and insecure interfaces are due to the misconfiguration of cloud settings.
The Cigital Risk Management Framework makes use of a continuous process for risk analysis that loops on a constant basis and at different levels of the description through various phases. In the Cigital Risk Management Framework, risks are determined by business goals, methods are driven by risks, measurement ate yielded by methods, decision support is driven by measurement, and the decision support drives the rework or the fix along with the quality of the application. The first step that is undertaken in the Cigital Risk Management Framework is the understanding of the business context. On the basis of the business context understanding, the other steps and processes of risk management are determined. Following the understanding of the business context, the business risks are identified along with the artifact analysis. The technical risks are further identified after the identification of business risks. Technical expertise is required at the time of identifying technical and business risks. After this, the risks are synthesized as well as prioritized.
The synthesizing and prioritizing method is followed by the defining of the risk mitigation strategies for all the identified risks. A risk mitigation strategy is an essential part order to minimize or mitigating the implications that can be caused by the identified risks. The artifacts are then fixed after the definition of the risk mitigation strategy. The process associated with artifact validation commences after the process of fixing artifacts. Finally, the process improvement is initiated. Thus, in every phase, the validation loop takes place after the validation of artifacts and the identification of risk takes place. The Cigital risk management framework is beneficial for the purpose of increasing awareness of the risk all across the organization. In addition to this, it is beneficial for gaining more confidence in achieving the organization’s goals as well as objectives because the risks associated with the organization are factored into the strategy. The organization gains benefit of better as well as more efficient compliance with regulations. Internal compliance further gets mandatory because the compliances are coordinated with one another. The firms can make use of Cigital’s risk management framework for proper analysis of their risks.
The approaches that are recommended for the application of Cigital risk management in the online healthcare company making use of password-based authentication for the purpose of staff, as well as patients in order to access the healthcare services, are as follows,
- Understanding the online healthcare context: The first step recommended is to handle the situation of an online healthcare company. The ways in which the company operates along with the authentication methods must be understood at the time of applying Cigital risk management.
- Identification of technical and business risks: following the understanding of the business context, it is recommended to identify the technical risks that can be faced by the online healthcare company making use of a password for accessing the services. The process of using password-based authentication comes along with different risks that must be identified at the initial stage for the benefit of staff as well as patients.
- Synthesizing and prioritizing risks: Different types of risks will be identified for the healthcare company in the second step, and therefore, it is recommended to further prioritize the risks on the basis of their likelihood as well as their impact on the online healthcare company. With the help of these approaches, the risks that are most likely to take place can be mitigated at an early stage of the firm.
- Defining risk mitigation strategies: Appropriate strategies for the purpose of mitigating all the identified risks of the online healthcare company must be further documented in order to ensure that the staff and patients of the company make use of such approaches for mitigating the risks.
- Fixing the issue and validating the fixes: Finally, it is recommended to fix the identified issues by executing the mitigation strategies. The artifacts with respect to the password authentication process that has been identified must be rectified. With the help of validating the fixes, the healthcare company will gain confidence that the risks have been mitigated in an appropriate manner by undertaking the process of artifact improvement. In addition to this, the healthcare company will be assured that the mitigation strategies which have been undertaken by the firm are working in a proper manner.
All these approaches will be beneficial and effective for an online healthcare company for applying Cigital risk management as they are making use of a password authentication system.
Cross-site scripting (XSS) attacks are considered an attack within which an attacker undertakes the process of injecting malicious executable scripts within the codes associated with a trusted website or application. The XXS attackers are further initiated by attackers by sending different malicious links to the user and, as a result enticing the users for clicking the malicious link. In case the data are not properly protected within an application or website, then the malicious links execute the chosen code of an attacker into the system of the user. With the help of the same, the attackers are capable of stealing the active session cookies of users.
Approaches to applying Cigital Risk Management Framework in online healthcare
Time of check to time of use (TOCTTOU) attacks is a race condition based upon the files that take place when the resources are checked for a specific value. During the process of software development, TOCTTOU attacks are said to be a class related to a software bug, which is mainly caused due to changes within the system at the time of checking the condition as well as utilizing the results gained from the check. This is said to be an instance associated with a race condition. The TOCTTOU race conditions mainly take place in the Unix between the operations related to the file system. This attack can take place in contexts like local sockets as well as improper utilization of transactions associated with the database.
Within an XXS attack, the attacker undertakes the process of designing and implementing the exploit codes and, as a result, feeding the code into the websites as well as applications or by sending the URL that is crafted to the users directly. Therefore, in this type of attack, the code of the attackers are executed upon other machine and not at the same time. The XXS attacks are mainly inherited because of flaws present in the design of TOCTTOU. TOCTTOU, as mentioned, is said to be the class of software bug and is created by causing changes within the systems at the time of checking conditions and utilizing the same. The attackers get benefitted from the TOCTTOU design errors and defenders and also get benefitted from the same by undertaking alteration of system parameters within the gaps that occur from attacker end at the time of exploiting and executing upon the target for defeating the classes.
a. WannaCry ransomware is said to be an instance of crypto-ransomware and is a type of malicious software that is utilized by cybercriminals for extorting money. The WannaCry ransomware is an attack that is spread through computers, which operates upon Microsoft windows. During this attack, the files of users used were held hostage and following this, and a Bitcoin ransom was further demanded in return. The weakness available in Microsoft windows was looked at as an advantage for undertaking the WannaCry ransomware attack. This attack, after infecting the windows computers, undertakes the process of encrypting the file upon the hard drive of computers and further makes it impossible for the users to access the same. The attacker, by undertaking the WannaCry attacks, asks for the Bitcoin ransom in order to decrypt the system.
b. The impact that has been caused by the WannaCry ransomware attack involved the infection of around 200,000 computers in 150 countries. The National Health Service (NHS) hospitals situated in Scotland and England were largely struck due to the WannaCry ransomware attack. The devices like blood-storage refrigerators, computers, theatre equipment and MRI scanners were largely affected due to the WannaCry ransomware attack. In addition to this, the hospital had to divert from the activities that were non-critical along with the diversion of ambulances. The cybersecurity attacks were increased in large for the NHS hospitals and services due to the WannaCry ransomware attack.
Common Cyber Attacks: XSS and TOCTTOU
c. The lessons that were learned from the WannaCry ransomware attack was that Microsoft realized its weakness and decided to fix the same. In addition to this, the administrators decided to install the patch for the purpose of protecting their networks. The security experts also learned to preach to all the users to adopt system patching for protecting from all sorts of newly identified security vulnerabilities. The different steps that were undertaken by them as a measure of the lessons learned included the maintenance of their security software and keeping it updated. In addition to this, the organizations undertook measures for enabling the feature of automatic updates in the applications and devices utilized by them through the connection of the network. The operating system of the organizations was also kept updated for protecting against the WannaCry ransomware attack.
d. After the ransomware attack, the attackers are now gaining transition from the traditionally used ransomware attacks. This transition is being adopted because, in the traditional ransomware attack, it was essential for the attacker to stay in constant communication with the controller. As a result of the same, in the recent attacks, they have undertaken a transition into the utilization of automated as well as self-learning strategies with the assistance of which they are turning the ransom worms, which are malicious, into ransom swarms. In addition to this, after the several precautions that have been undertaken by the users against the WannaCry ransomware attack, the attackers or the cybercriminals are now making use of a strategy called the attack on all fronts for the purpose of attacking the systems of an individual or firm.
References:
Rains T. Cybersecurity Threats, Malware Trends, and Strategies: Learn to mitigate exploits, malware, phishing, and other social engineering attacks. Packt Publishing Ltd; 2020 May 29.
Mandal S, Khan DA. A Study of security threats in cloud: Passive impact of COVID-19 pandemic. In2020 International Conference on Smart Electronics and Communication (ICOSEC) 2020 Sep 10 (pp. 837-842). IEEE.
Cristea LM. Current security threats in the national and international context. Journal of Accounting and Management Information Systems. 2020;19(2):351-78.
Gupta N, Choudhary N. Past to Future of Network Security with AI. InRising Threats in Expert Applications and Solutions 2021 (pp. 375-381). Springer, Singapore.
Sharma A, Pal V, Ojha N, Bajaj R. Risks assessment in designing phase: its impacts and issues. InAnalyzing the Role of Risk Mitigation and Monitoring in Software Development 2018 (pp. 46-60). IGI Global.
Kang S, Kim S. CIA-level driven secure SDLC framework for integrating security into SDLC process. Journal of Ambient Intelligence and Humanized Computing. 2022 Mar 7:1-24.
Kure HI, Islam S, Mouratidis H. An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Computing and Applications. 2022 Feb 2:1-31.
Khan RA, Khan SU, Ilyas M, Idris MY. The State of the Art on Secure Software Engineering: A Systematic Mapping Study. Proceedings of the Evaluation and Assessment in Software Engineering. 2020 Apr 15:487-92.
Sauerwein C, Pekaric I, Felderer M, Breu R. An analysis and classification of public information security data sources used in research and practice. Computers & security. 2019 May 1;82:140-55.
Dawson M. Cyber security in industry 4.0: The pitfalls of having hyperconnected systems. Journal of Strategic Management Studies. 2018 Oct 22;10(1):19-28.
Alsmadi I, Burdwell R, Aleroud A, Wahbeh A, Al-Qudah M, Al-Omari A. Software Code Security: Lesson Plans. InPractical Information Security 2018 (pp. 181-200). Springer, Cham.
Yilmaz F. A Language-Based Approach for Securing Actionscript/Flash Vulnerabilities(Doctoral dissertation, The University of North Carolina at Charlotte).
Bhattacharyya A, Tesic U, Payer M. Midas: Systematic Kernel TOCTTOU Protection. In31st USENIX Security Symposium (USENIX Security 22) 2022 (No. CONF).
Hsiao SC, Kao DY. The static analysis of WannaCry ransomware. In2018 20th International Conference on Advanced Communication Technology (ICACT) 2018 Feb 11 (pp. 153-158). IEEE.
Kao DY, Hsiao SC. The dynamic analysis of WannaCry ransomware. In2018 20th International conference on advanced communication technology (ICACT) 2018 Feb 11 (pp. 159-166). IEEE.
Trautman LJ, Ormerod PC. Wannacry, ransomware, and the emerging threat to corporations. Tenn. L. Rev.. 2018;86:503.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
