90.2K

Verified Solution

Link Copied!

Video Case: Botnets, Malware Security, and Capturing Cybercriminals Gunter Ollmann, vice president of research at Damballa, Inc., explains what companies have learned from the Operation Aurora attacks against major companies. In the video, you will learn why it is difficult for law enforcement to track and prosecute cybercriminals, includ- ing botnet operators who now launch targeted botnet attacks with the help of automated tools. Also discussed is the effectiveness of Microsoft's legal action to shut down the C&C (command and control) network of the Waladec botnet. Visit searchsecurity.techtarget.com/ video/Botnets-malware-and-capturing-cybercriminals to view the video, read its transcript and answer the following questions. Questions 1. Why are botnets used? 2. What is needed to get started in the botnet industry? Explain why. 3. Given your answers, what should users and organizations do and/ or not do to reduce the threat of botnets? IT Toolbox This would be expressed as: P = .02, P.10, L = $1,000,000 Then expected loss from this particular attack is P,XP, XL = 0.02 0.1 x $1,000,000 = $2,000 Conducting a Cost-Benefit Analysis It is usually not economical to prepare protection against every possible threat. Therefore, an IT security program must provide a process for assessing threats and deciding which ones to prepare for, which ones to ignore and which ones to provide reduced protec- tion against. Two commonly used cost-benefit analysis tools are risk assessment and business impact analysis. Risk assessment relies solely on quantitative measures, while the business impact analysis takes into account both qualitative and quantitative indicators. Risk assessment Risk assessments are done using an app or spreadsheet. The basic computations are shown here: Expected loss = P. XP, XL where Business impact analysis A business impact analysis (BIA) estimates the consequences of disruption of a business function and collects data to develop recovery strategies. Potential loss scenarios are first identified during the risk assess- ment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios that should be considered. The BIA identifies both operational and financial impacts result- ing from a disruption. The financial impacts are easier to assess, but the operational impacts are more difficult to determine because of their qualitative nature. Several examples of operational and finan- cial impacts to consider are shown in Table 5.12. The losses assessed using these two methods should be com- pared with the costs for possible recovery strategies to determine net risk. The BIA report should also prioritize the order of events for resto- ration of the business, with processes having the greatest operational and financial impacts being restored first. P = probability of attack (estimate, based on judgment) P = probability of attack being successful (estimate, based on judgment) L = loss occurring if attack is successful Example: An organization estimates that the probability of a cyberattack is 2% and the attack has only a 10% chance of being successful. If the attack is successful, the company estimates that it will lose $1 million. TABLE 5.12 Business Disruption Qualitative and Quantitative Impacts Type Metric Description Financial Quantitative Lost sales and income Delayed sales or income Increased expenses (e.g., overtime labor, outsourcing, expediting costs) Regulatory fines Contractual penalties or loss of contractual bonuses Customer dissatisfaction or defection Operational Qualitative Delay of new business plans Video Case: Botnets, Malware Security, and Capturing Cybercriminals Gunter Ollmann, vice president of research at Damballa, Inc., explains what companies have learned from the Operation Aurora attacks against major companies. In the video, you will learn why it is difficult for law enforcement to track and prosecute cybercriminals, includ- ing botnet operators who now launch targeted botnet attacks with the help of automated tools. Also discussed is the effectiveness of Microsoft's legal action to shut down the C&C (command and control) network of the Waladec botnet. Visit searchsecurity.techtarget.com/ video/Botnets-malware-and-capturing-cybercriminals to view the video, read its transcript and answer the following questions. Questions 1. Why are botnets used? 2. What is needed to get started in the botnet industry? Explain why. 3. Given your answers, what should users and organizations do and/ or not do to reduce the threat of botnets? IT Toolbox This would be expressed as: P = .02, P.10, L = $1,000,000 Then expected loss from this particular attack is P,XP, XL = 0.02 0.1 x $1,000,000 = $2,000 Conducting a Cost-Benefit Analysis It is usually not economical to prepare protection against every possible threat. Therefore, an IT security program must provide a process for assessing threats and deciding which ones to prepare for, which ones to ignore and which ones to provide reduced protec- tion against. Two commonly used cost-benefit analysis tools are risk assessment and business impact analysis. Risk assessment relies solely on quantitative measures, while the business impact analysis takes into account both qualitative and quantitative indicators. Risk assessment Risk assessments are done using an app or spreadsheet. The basic computations are shown here: Expected loss = P. XP, XL where Business impact analysis A business impact analysis (BIA) estimates the consequences of disruption of a business function and collects data to develop recovery strategies. Potential loss scenarios are first identified during the risk assess- ment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios that should be considered. The BIA identifies both operational and financial impacts result- ing from a disruption. The financial impacts are easier to assess, but the operational impacts are more difficult to determine because of their qualitative nature. Several examples of operational and finan- cial impacts to consider are shown in Table 5.12. The losses assessed using these two methods should be com- pared with the costs for possible recovery strategies to determine net risk. The BIA report should also prioritize the order of events for resto- ration of the business, with processes having the greatest operational and financial impacts being restored first. P = probability of attack (estimate, based on judgment) P = probability of attack being successful (estimate, based on judgment) L = loss occurring if attack is successful Example: An organization estimates that the probability of a cyberattack is 2% and the attack has only a 10% chance of being successful. If the attack is successful, the company estimates that it will lose $1 million. TABLE 5.12 Business Disruption Qualitative and Quantitative Impacts Type Metric Description Financial Quantitative Lost sales and income Delayed sales or income Increased expenses (e.g., overtime labor, outsourcing, expediting costs) Regulatory fines Contractual penalties or loss of contractual bonuses Customer dissatisfaction or defection Operational Qualitative Delay of new business plans

Answer & Explanation Solved by verified expert

See Answer