Introduction
It should not be a surprise that the biggest vulnerability in Cybersecurity is the user (Goldman, 2010). The vulnerabilities presented by the user fall into two general categories: (1) accidental and (2) malicious. Vulnerabilities are important to those that are trying to perform unauthorized actions on an information system. For this paper, the term information system is being used generically to be anything from a home computer to a global enterprise encompassing numerous servers and storage systems. These unauthorized actions are threats to the information system. While not all vulnerabilities create threats, even a single vulnerability puts the information system at risk.
Most threats that an information system faces depend on or benefit when user vulnerabilities are present (Verizon RISK Team & United States Secret Service, 2010). Additionally, the potential for damage can be more significant when exploits include user vulnerabilities, as it can have direct impact on the effectiveness of countermeasures (CERT, 2010). When a threat is executed by an attacker (e.g. hacking, social engineering), it creates an incident that affects the organization, potentially in many ways. These incidents have operation and financial costs to the organization.
It is possible to address the vulnerabilities and thus make reduce the risk that threats present. On one side, increases are necessary in training and awareness both in intensity and frequency within enterprises along with better countermeasures. On the other side, end-user training and awareness needs to be elevated in society with public campaigns for every age group. Let us take a deeper look at what are vulnerabilities induced by the user.
User Indu...
... middle of paper ...
... Retrieved February 24, 2011, from Department of Homeland Security: http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf
Pfleeger, C. P., & Pfleeger, S. L. (2007). Security in Computing (4th ed.). Upper Saddle River, NJ: Prentice Hall.
SANS Institute. (2009, September). The Top Cyber Security Risks. Retrieved February 22, 2011, from SANS Institute: http://www.sans.org/top-cyber-security-risks/?ref=top20
Vacca, J. R. (2009). Computer and Information Security. Burlington, MA: Morgan Kaufmann.
Valacich, J., & Schneider, C. (2010). Information Systems Today. Upper Saddle River: Prentice Hall.
Verizon RISK Team, United States Secret Service. (2010). 2010 Data Breach Investigations Report. Retrieved February 24, 2011, from United States Secret Service: http://www.secretservice.gov/MC14510_2010%20DBIR%20layout_US_online.pdf
However, I feel users had a different vision/perspective on security mechanisms and they trusted each other during those times and did not have to worry about protecting their information (this is how exactly, one person’s ignorance becomes another’s person’s - hacker, here bliss). This book helps us to understand the vulnerabilities; its impacts and why it is important to address/ fix those holes.
The Operating System (OS) is the heart of computer server and client systems; therefore they are the pivotal components of the Information Technology (IT) architecture. The OS contains the crucial data, information, and applications, which are vulnerable, and can be infiltrated to cripple the entire IT architecture of the organization. Therefore, it becomes mandatory to properly safeguard the OS from an internal or external intrusion (Stallings & Brown, 2012). This critical thinking report will highlight the security concerns that may impact the OS. Further, the security guidelines and best practices for the OS in general, along with the specific fundamentals regarding the Windows and Linux OS are comprehensively illustrated.
Program on Telecommunications and Cybersecurity Policy. (n.d.). The Global Information Society Project Program for Telecommunications Policy. Retrieved November 11, 2013, from http://www.telecom-program.org/
Whitman, M. E. & Mattord, H. J. (2011) Principles of Information Security. Boston: Course Technology. (Whitman & Mattord, 2011)
The Web. 16 Oct 2011. GlobalSecurity.org -. N.p., n.d. Web. The Web.
Diffie, Whitfield. (2008). Information Security: 50 Years Behind, 50 Years Ahead. Communications of the ACM. 51(1), 55-57.
"A Parent's Guide to Internet Security." FBI. FBI, 03 June 2005. Web. 16 Oct. 2014.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
BRANDON, JOHN. "When Cybercriminals ATTACK." Computerworld 45.21 (2011): 26. MasterFILE Premier. Web. 6 Feb. 2014
There are many impacts that identifies with human error and why these errors occur. The human factor is the major problem in the importance of information security. The human factor is also referred to as “the missing link” in the security world as it implies the proactive approach whether than the reactive approach. The major contributing components to security concerns concluded that the non-acquiescence to the cybersecurity policy and lack of training.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Stantis, Scott. Fighting Cyber Spying. Digital image. US News. U.S.News & World Report, 2013. Web. 22 Nov. 2013. (Source K)
Privacy threats are currently the biggest threat to National Security today. The threats are not only concerning to the government, however. An alarming 92% of Americans are concerned that the power grid may be vulnerable to a cyber-attack (Denholm). Although this is a more recent development to the cyber threats we have experienced, this is not the first time that privacy threats have stepped into the limelight as people are forced to watch their every online move.
Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...
Thomas, Teka. "Cyber defense: Who 's in charge?" National Defense July 2015: 21+. War and Terrorism Collection. Web. 28 Oct.