Reply To: OCU ISSO D Week 04 Lesson 15 Discussion

Kelly Crooks

One of the “more advanced attacks” discussed was ransomware. A more sophisticated type of ransomware is being used to target key and specific data. The agenda of the attackers may not be to take down an organization but to see what data it can steal and sell for the highest price. The attacker determines where the biggest payoff can be found and holds that data for money or ransom. I can think of several cases of this just within the last year or so where the attackers gained access to the data and held it for a high price.

Another “more advanced attack” they discussed was Trusted Third Parties. These kinds of attacks include attacks on our supply chain and the attack on the Microsoft Exchange Server. These kinds of attacks go undetected for a longer period. This kind of malware threat is concerning the fact it can go unnoticed for so long. This is a concern because it allows the threat to access more data and possibly steal that data and sell or dispose of it before the company even realizes there is a threat.

A security officer can try to mitigate and minimize the loss of data by making sure the right security policies are in place and as I mentioned before, making sure those policies and procedures are tested daily. A security officer can also make sure that the up-to-date and current firewalls and antivirus software are installed and working properly. Another way to minimize data theft or loss is to make sure only the right people have access to that data and that their credentials are checked and updated regularly.


Please Note:

The support ticket system is for technical questions and post-sale issues.


If you have pre-sale questions please use our chat feature or email .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.


Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  



We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense


The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission

error: Alert: Content is protected !!