Cyber-attack has gained prevalence in universities, and therefore, it is an important issue that needs to be addressed while auditors evaluate cybersecurity in the university. Cyber-attack has gained a significant prevalence and especially in the university’s departments, such as the finance department. Communication departments and other essential departments that deals with essential data in the university. ISO standards and Information systems auditing have continuously been performed to mitigate fraud and detect fraud to prevent the damages caused by fraudulent activities. Workers and data are among the items that cyber intruders attack. Therefore, the audit of cyber-crime in a bid to establish cybersecurity is an essential undertaking.
There is an immediate concern on the third-party audit because it brings on insights and clarity. A third-party audit enhances the creation of awareness on security undertakings that might be assumed, thus leading to security breaches. Therefore, third-party audits mitigate the risk of failure of the auditing process through the use of the IT department personnel who ensures that security is paramount and thus security threats are minimal. Cybersecurity incorporates different policies and controls which protect the eco-system. Organizations adopt third parties to such as role-based authorization, which are cybersecurity protection mechanisms. This mechanism helps organizations to avoid cybercrimes since they are automated processes that gives feedback to the security systems.
The ISO- 13000 is the best risk management framework that is best suited for USS. The framework provides principles and guidelines for managing risks. The standard increases the probability of the achievement of the objectives improves threats and opportunities identification and allocate the resources for risks treatment equitably (Manaseer & Alawneh, 2019). Organizations can use this standard to benchmark performance and providing insightful knowledge to the management for outstanding corporate governance.
The risk management process for USS entails identifying the risks, measuring risks, examining solutions, implementing solutions, and monitoring the results. In the case of USS, the focus on the risk identification lies with the employers who channel their funds to stand with the scheme (Manaseer & Alawneh, 2019). The risk to scheme members entails the reduction of the benefits or, on the other hand, increasing the contribution due to the pessimistic assumptions that are set into place—insufficient pension to cater for the retirement benefits, which is only contributed by few sources of incomes. The risks to be prioritized first would be risks to scheme members, which entails insufficient funds that are used to cater for pension upon the retirement of the employees. The impact of this risk would be low since it will be mitigated by the presence of other sources of income that would supplement a pension. Therefore, USS will not have to struggle as it looks for sources of finance.
Ransomware is in the form of malware, which is used to encrypt the files of a victim, and in return, the attacker demands some money in order to give the owner of the files the access to restore the lost data once they pay the amount of money requested. The use of Mitre Att&k will be useful to me in a bid to prevent the Ransomware from happening through prioritizing areas of coverage, uncovering the gaps that are prevalent in the security controls, tools, and processes that are prevalent in the ransomware attack. Resonance will be the first step that I will undertake, which entails active scanning and gathering host team information (Patel et al., 2019). Active scanning will entail focusing on the person who is responsible for the malware attack. The next step under resonance is gathering victim network information. The victim network information would help to trace the data that have been attacked, and this will be detrimental in recovery and tracking the data. Phishing for information is the last step that I will conduct under the resonance process. The other step I will conduct is the acquisition of the infrastructure. Under the step, I will compromise some of the accounts in a bid to develop capabilities that will be essential in determining the attacker. Initial access is a phase that is driven by compromise. They comprise is in the form of exploiting public-facing application, and this is detrimental in the execution phase where the system admin makes commands and acquires external remote services. Finally, credential access is the final step for managing Ransomware. Under this step, I would acquire credential from the password stores and modify the authentication process. This would enable me to acquire all the data that had been stolen, back to the victim without having to give a ransom which most of the cyber intruders asks for in return of the data. The four steps would help me restore the data without having to toil so much for the data. In essence, Ransomware is a common crime that can be mitigated by the use of this technology.
Manaseer, S., & Alawneh, A. (2019). On cyber security auditing awareness: Case of information and communication technology sector. International Journal of Computer Science and Information Security (IJCSIS), 17(7). https://sites.google.com/site/ijcsis/
Patel, P., Kannoorpatti, K., Shanmugam, B., Azam, S., & Yeo, K. C. (2017, January). A theoretical review of social media usage by cyber-criminals. In 2017 International Conference on Computer Communication and Informatics (ICCCI) (pp. 1-6). IEEE. https://ieeexplore.ieee.org/abstract/document/8117694/