.
Welcome to Seniors for Cybersecurity
An Information Security Website For Seniors in High School, Seniors in College, Seniors in Life, Anyone with a Sr after their name, a Señor or a Señora.
This website designed by Wix and Michael Donegan for CSCI4017R50: Introduction to Information Assurance
About
In today’s high tech world, we must constantly be on guard when online. CyberSecurity for Seniors is an Online Information resource that provides just that. We show ways to remain secure digitally and how to protect our information.
When Security Policy Fails!!!
Lab Assignment 2 The Importance of 24/7 Awake Security: An Example of A Weak Security Policy
In the YouTube Documentary "Hacked - The Bangladesh Bank Heist" the attack on the Bangladesh central bank in Dakha was clearly an economic cybercrime. Investigations showed the motivation by the hackers was financial gain. The target was millions of dollars from bank accounts. The heist was successful due to the hackers ability to find a security policy failure through a vulnerable opening in the authenticating system used in banking transfer orders.
The result was monetary rewards for the cyber criminal. However, after cyber investigators thoroughly investigated the crime, it could be argued that this might even be a case of cyberespionage and perhaps cyberterrorism because of the hackers’ origins in North Korea, a country that has not been on the list of U-S allies because of our support of South Korea during the Korean war. And arguably if North Korea has the capacity to break into the world banking system through the United States’ Federal Reserve Bank and the Swift authentication system, then perhaps could this lead into espionage or a threat to the U-S military. This would more likely fit into a political objective by the North Korean government to target our nuclear weapons system, perhaps hacking into our system and setting off an attack by the U-S of some other nuclear power.
Right now, however, it appears to be a financial crime by a ring called the Lazarus group. It has been connected to other cyber attacks by hackers in North Korea, a break through the security system at Sony Pictures in 2014 and another attack on the Taiwanese Far Eastern International Bank. Dan Strumpf of the Wall Street Journal (2017) cited a blog post from a United Kingdom defense company as implicating Lazarus to the Taiwanese bank cybersecurity breach.
The Bangladesh attack, the subject of the documentary, attacked nations other than Bangladesh. It was connected to the Philippines who banking system has “strict secrecy laws” which made it easy for the money to be laundered. The Philippines Justice Department was in on the investigation but the Philippines secrecy laws, similar to Switzerland and Lebanon, limited information about how much money was recovered. It is believed most of it was channeled to casinos connected to Chinese nationals. So, we have Bangladesh, the Philippines, China, North Korea, the United States, the United Kingdom, Russia and perhaps the world’s entire banking system because of the security problems at Swift. As a result of this breach and others,
Swift has improved security policy and has put inwhat it calls “twenty-seven controls” to make sure all banks using Swift are following security guidelines such as multi-factor authentication and other controls. Strumpf notes in his article that while the Lazarus group has successfully penetrated financial institutions, they “still have trouble making off with their plunder.”
Reference
Strumpf, D. (2017). North korean cybercriminals implicated in Taiwan bank theft; attack bears 'hallmarks' of Lazarus group, cybersecurity firm says. WSJ Pro.Cyber Security, Retrieved from https://ezproxy.tntech.edu/login?url=https://www.proquest.com/trade-journals/north-korean-cybercriminals-implicated-taiwan/docview/2171036429/se-2
MACPCLINUX LION IS ALWAYS ON DUTY AND ALERT TO CYBERCRIME!!! YOU SHOULD BE TOO. PROTECT PASSWORDS!USE FIREWALLS! MULTI FACTOR! ENCRYPT! VPN IT! BACKUP! AND TURN ON THAT ANTIVIRAL SOFTWARE!
Physical Security - Home Office or Small Business
Here is the physical security strategy for a three bedroom home in Nashville, Tennessee: Access Control: Ensure all doors and windows are secure and that entry points are monitored with security cameras. Consider installing smart locks or a keyless entry system that can be managed remotely to control access to your home. Alarm System: Install an alarm system that covers all areas of the home, including the playhouse in the backyard, and that is connected to a monitoring service. Internet Security: Ensure that your wireless network is secured with strong passwords, encryption, and up-to-date software. Device Security: Secure all computers and mobile devices with strong passwords and up-to-date antivirus software. Consider encrypting sensitive data and backing up all devices regularly. Physical Security of Devices: Ensure that all computers and mobile devices are physically secured and cannot be easily removed from the premises. Emergency Planning: Develop an emergency plan and ensure that all family members know how to respond in case of a security breach or other emergency. Security Awareness: Regularly educate family members on security best practices, such as how to identify phishing emails and how to avoid downloading malware. Consider creating a security awareness training program that includes quizzes, videos, and other interactive elements to keep family members engaged. Guest Access: Consider establishing guidelines for visitors to your home, including guidelines for guest Wi-Fi access and physical access to the property. To increase security awareness in your home, consider the following: Regular Security Briefings: Schedule regular security briefings for all family members to go over security protocols and best practices. These briefings could cover topics such as password management, phishing, and social engineering. Security Drills: Conduct security drills with your family to practice responding to a security breach or emergency. Security Posters: Place posters around the house to remind family members of security best practices. These posters could include tips on password management, email security, and safe web browsing. Rewards and Incentives: Offer rewards and incentives to family members who demonstrate good security practices. This could include a small prize for identifying a phishing email or avoiding a malware attack. Encourage Reporting: Encourage family members to report any security concerns or suspicious activity to you immediately. Make sure that family members know how to contact you and that they feel comfortable speaking up if they notice anything out of the ordinary. Access Control is the most important of these because without it you probably could not have basic security.
Contingency plans are strategies or plans that an organization, individual, or family puts in place to ensure they are prepared for unexpected events that could disrupt their operations or normal activities. A contingency plan outlines the steps that should be taken to minimize the impact of these events and ensure that operations can be restored as quickly as possible.
A good contingency plan for the three-bedroom house with a home office could include the following:
Identify potential risks: Make a list of the possible risks that could impact your home and home office. This might include natural disasters such as earthquakes, fires, floods, or severe weather, as well as man-made incidents such as power outages, cyber attacks, or burglaries.
Develop emergency response procedures: Create a detailed plan for what you will do in the event of an emergency. This plan should outline the steps you will take to evacuate your home, how you will contact emergency services, and what you will do to protect your valuables and data.
Backup important data: Make sure you have backup copies of important files and data stored off-site or in the cloud. This will ensure that you can quickly recover your data in the event of a disaster.
Secure your home and home office: Implement physical security measures such as locks, alarms, and cameras to deter burglars and intruders. Ensure that your computer systems and networks are protected with firewalls, anti-virus software, and regular software updates.
Build an emergency kit: Assemble an emergency kit with essential supplies such as first aid kits, flashlights, batteries, and water. Keep this kit in an easily accessible location.
Test your plan: Regularly review and test your contingency plan to ensure it is up-to-date and effective. Conduct drills to practice emergency response procedures with your family or employees.
By following these steps and creating a comprehensive contingency plan, you can ensure that you are well-prepared for unexpected events that could impact your home and home office
Ready.gov - Ready.gov is a website operated by the U.S. Department of Homeland Security that provides resources for preparing for and responding to disasters. They offer a variety of checklists, templates, and other resources to help you create a customized contingency plan for your home or business.
FEMA - The Federal Emergency Management Agency (FEMA) offers a variety of resources for disaster preparedness, including guidance on developing a contingency plan. They offer a "Plan Ahead" guide for small businesses that includes information on identifying potential risks, developing emergency response procedures, and more.
Disaster Recovery Journal - The Disaster Recovery Journal is a trade publication for disaster recovery professionals that offers a variety of resources and articles on contingency planning. Their website offers free templates and checklists for developing a contingency plan for a small business.
It is important to remember that a contingency plan should be customized to the unique risks and needs of your three-bedroom house or small business. Use these resources as a starting point, but be sure to work with trusted security professionals and emergency management experts to develop a plan that is tailored to your specific circumstances.
Whitman, M. E., & Mattord, H. J. (2011). Management of Information Security (5th ed.). Cengage Learning.
Where To Find More Information
The National Institute of Standards and Technology (NIST) - https://www.nist.gov/cyberframework
The International Association of Computer Science and Information Technology (IACSIT) - https://www.iacsit.org/
The International Association of Computer Security Professionals (IACSP) - https://www.iacsp.com/
The International Association of Information Technology Professionals (IAITP) - https://www.aitp.org/
The Computer Emergency Response Team Coordination Center (CERT/CC) - https://www.cert.org/
The Information Security Forum (ISF) - https://www.securityforum.org/
The Center for Internet Security (CIS) - https://www.cisecurity.org/
The SANS Institute - https://www.sans.org/
The Information Systems Security Association (ISSA) - https://www.issa.org/
The Open Web Application Security Project (OWASP) - https://owasp.org/
The National Cyber Security Centre (NCSC) - https://www.ncsc.gov.uk/
The Cybersecurity and Infrastructure Security Agency (CISA) - https://www.cisa.gov/cybersecurity
The Electronic Frontier Foundation (EFF) - https://www.eff.org/
The Privacy Rights Clearinghouse (PRC) - https://www.privacyrights.org/
The Cybersecurity Ventures - https://cybersecurityventures.com/