management information systems report topic information security threats and policies in europe

UNIVERSITY OF ECONOMICS AND FINANCE HO CHI MINH CITY UEF UNIVERSITY OF ECONOMICS & FINANCE MANAGEMENT INFORMATION SYSTEMS REPORT TOPIC: INFORMATION SECURITY THREATS AND POLICIES IN EUROP

UNIVERSITY OF ECONOMICS AND FINANCE HO CHI MINH

CITY

UEF

UNIVERSITY OF ECONOMICS & FINANCE

MANAGEMENT INFORMATION SYSTEMS REPORT TOPIC: INFORMATION SECURITY THREATS AND POLICIES IN

EUROPE Lecturer: MBA.Pham Su Tien Trinh

Student implementation: Grade: AO1E, Group 8

1 Nguyen Duc Binh - 195120416

2 Tran Van Luong - 195120467

3 Nguyen Ngoc Thanh Vy - 195120513

4 Nguyen Hoang Nhi - 195070396

5 Le Thi Bao Han - 195120309

Ho Chi Minh City, November 2022 Table of contents

List of figure

GROUP ASSESSMENT

6

7

6

Comment:

ACKNOWLEDGE

I Description of the isue

The IT sector is one of the key drivers of the European economy It

has been estimated that 60 percent of Europeans use the Internet regularly Additionally, 87 percent own or have access to mobile phones The safety and security of the Internet have been threatened

in recent years, as Internet-based cyber attacks have become increasingly sophisticated

In 2007, Estonia suffered a massive cyber attack that affected the government, the banking system, media, and other services The attack was performed using a variety of techniques, ranging from simple individual ping commands and message flooding to more sophisticated distributed denial of service (DDoS) attacks Hackers coordinated the attack by using a large number of compromised servers organized in a botnet distributed around the world A botnet is

a network of autonomous malicious software agents that are under the control of a bot commander The network is created by installing malware that exploits the vulnerabilities of Web servers, operating systems, or applications to take control of the infected computers Once a computer is infected it becomes part of a network of thousands

of “zombies,” machines that are commanded to carry out the attack The cyber attack on Estonia started in late April 2007 and lasted for almost 3 weeks During this period, vital parts of the Estonian Internet network had to be closed from access from outside the country, causing millions of dollars in economic losses At around the same time, Arsys, an important Spanish domain registration company, was

also targeted by international hackers Arsys reported that hackers had stolen codes that were then used to insert links to external servers containing malicious codes in the Web pages of some of its clients

In 2009, an estimated 10 million computers were infected with the Conflicker worm worldwide France, the UK, and Germany were among

the European countries that suffered the most infections Once installed on a computer, Conflicker is able to download and install other malware from controlled Websites, thus infected computers could

be under full control of the hackers More recently, a sophisticated malware threat targeting industrial systems was detected in Germany, Norway, China, Iran, India, Indonesia, and other countries The malware, known as Stuxnet, infected Windows PCs running the Supervisory Control and Data Acquisition (SCADA) control system from the German company Siemens Stuxnet was propagated via USB devices Experts estimated that up to 1,000 machines were infected on

a daily basis at the peak of the infection The malware, hidden in shortcuts to executable programs (files with extension Ink), was executed automatically when the content of an infected USB drive was displayed Employing this same technique, the worm was capable of installing other malware Initially, security experts disclosed that Stuxnet was designed to steal industrial secrets from SIMATIC WinCC, a

visualization and control software system from Siemens However, data gathered later by other experts indicates that the worm was actually

looking for some specific Programmable Logic Controllers (PLC) devices used in a specific industrial plant, a fact that points to the possibility that the malware was part of a well-planned act of sabotage Even though none of the sites infected with Stuxnet suffered physical damage, the significance that such a sophisticated threat represents to the industrial resources in Europe and other parts of the world cannot

be underestimated

As of 2001, EU member states had independent groups of experts that were responsible for responding to incidents in information security These groups lacked coordination and did not exchange much information To overcome this, in 2004 the European Commission established the European Network and Information Security Agency

(ENISA) with the goal of coordinating efforts to prevent and respond

more effectively to potentially more harmful security threats

II.Solution

To overcome this issue, the European Commission established the European Network and Information Security Agency (ENISA) with the goal of coordinating efforts to prevent and respond more effectively to potentially more harmful security threats ENISA’s main objectives are

to secure Europe’s information infrastructure, promote security standards, and educate the general public about security issues ENISA

organized the first pan-European Critical Information Infrastructure

Protection (CIIP) exercise, which took place in November 2010 This exercise tested the efficiency of procedures and communication links between member states in case an incident were to occur that would

affect the normal operation of the Internet ENISA acts as a facilitator

and information broker for the Computer Emergency Response Teams (CERT), working with the public and private sectors of most EU member states The European Commission has recently launched the Digital Agenda for Europe The goal of this initiative is to define the key role

that information and communication technologies will play in 2020

The initiative calls for a single, open European digital market Another goal is that broadband speeds of 30Mbps be available to all European citizens by 2020 In terms of security, the initiative is considering the implementation of measures to protect privacy and the establishment

of a well-functioning network of CERT to prevent cybercrime and respond effectively to cyber attacks

Ill Application

3.1 Introduction

A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization A security event refers to an occurrence during which company data or its network may have been exposed And an event that results in a data or network breach is called

a security incident

As cybersecurity threats continue to evolve and become more sophisticated, enterprise IT must remain vigilant when it comes to protecting their data and networks To do that, they first have to understand the types

of security threats they're up against

Below are the top 10 types of information security threats that IT teams need to know about

Information Security Threats and

Policies in Europe ©

Jun Sanghyuk (Se *

By

ê

Figure 1: Information security threats and policies in Europe

3.2 Why we chose Information Security Threats and Policies in Europe

An insider threat occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization's critical data or systems Careless employees who don't comply with their organizations' business rules and policies cause insider threats For example, they may inadvertently email customer data to external parties, click on phishing links in emails or share their login information with others Contractors, business partners and third-party vendors are the source of other insider threats

Some insiders intentionally bypass security measures out of convenience

or ill-considered attempts to become more productive Malicious insiders

intentionally elude cybersecurity protocols to delete data, steal data to sell

or exploit later, disrupt operations or otherwise harm the business

3.3 Possitive and negative about Information Security Threats and

Policies in Europe

Possitive: In Europe is the concentration of large countries with many associations to help protect users' personal information, so the ability to secure information will be higher than some other regions in the world In addition, this is also one of the advanced technical centers in the world, so they need good confidentiality of technical information

Negative: However, information security is always a serious problem worldwide, not only in Europe Every year, there are still many cases of stealing and selling user information to third parties, even they take advantage of security holes to steal important information for their own gain Nowadays, it is easy to find other people's information on the deep web By some means even your information can appear on this site and be used for

an evil purpose

me three securiby== Y= ||

PS mxC crime ori unlock eprotectin

oars

Figure 2: Possitive and negative about Information Security

Threats and Policies

3.4 Application privacy policy in Europe

* Establish an effective governance mechanism to promote cooperation among all EU organisations, agencies, offices and agencies, in particular the Joint Information Security Coordination Group;

* Establish a common approach to information classification based on security level;

* Show bigize the information security policy, including all digital, transformation and teleworking;

* Streamline existing measures and achieve greater compatibility between the systems and devices involved

- Strengthen the security of essential services and connected tools, such as: Revising rules for system security, network and information security; develops a European cyber shield through a network of artificial intelligence (Al)-enabled security operations centers that can detect signs of cyberattacks and enable preemptive action harm occurs; set a high standard of cybersecurity for all connected entities; attracting and

"retaining" talents and experts in cybersecurity; invest in research and innovation; 5G network and supply chain security

- Strengthen collective capacity to respond to major cyber attacks, such as: Supporting EU countries to protect their citizens and national security interests; working together to prevent and respond to cyberthreats, with the joint cybersecurity agency having the greatest strength, especially in responding to cross-border cyberattacks

- Strengthen cooperation with partners around the world With the goal of ensuring international security, promoting a safe and open global cyberspace, ensuring international law, human rights, fundamental freedoms and democratic values are respected The EU Cyber Defense Policy Framework was developed, cyber defense training and exercises were improved, and dialogue and coordination among international partners was promoted to “ensure the defense effectively and clearly define areas of cooperation”(11)

- The EC will support Member States to strengthen their capacity to fight cybercrime and work closely with the European Cybercrime Center in Europol and Eurojust to align new policy approaches with how it works the best

- Policy development and cyber defense capabilities To increase the cyber resilience of information systems, the development of cyber defense capabilities should focus on detecting, responding to, and remediating

sophisticated cyber threats, strengthening the synthesis “between civilian and military approaches to the protection of critical cyber assets"(12)

- Develop industry and technology resources for cybersecurity, with a focus

on supply chain security The European Commission launched a_ public- private platform based on the solutions laid out in the Cybersecurity and Information Security Directive (NIS) proposed in February 2013 to encourage the adoption of solutions secure information technology The solutions are: (1) Improving the national cybersecurity capacity; (2) Building cooperation at

EU level; (3) Promote information security and the ability to detect and report incidents At the same time, the EC is also looking at ways in which major hardware and software suppliers can notify national authorities of the discovery of significant vulnerabilities affecting cybersecurity

3.5 Application Security threats in Europe

The digital transformation process creates many major vulnerabilities, inadequate security leads to the leakage of personal information of internet users across Europe The reason for this phenomenon is due to the following basic factors:

Firstly, legal regulations have restricted EU countries, especially police forces, from slowing down the processing of data on crime and cyber threats Besides, the problem of cybersecurity is not limited to the territory of an individual country, so the national police and security forces face difficulties when they need to get data from a third country father The difference in legal frameworks among EU member states is a major obstacle to international cybercrime investigations Obviously, there is a need for better international cooperation mechanisms and rapid information exchange Second, the allocated financial resources are not enough for the cybersecurity sector, as the competition between government cybersecurity agencies and private enterprises with sufficient human resources and qualifications is increasing

Third, the challenge of public-private partnerships Cooperation with the private sector is crucial to combating cybercrime, however, in reality, no standard rules have been enacted

Fourth, EU countries do not have a common strategic policy to jointly respond to cyber attacks Due to the transnational nature of cybercrime, it is