Identify Security Measures Which Address These Threats and Vulnerabilities
Any network is vulnerable at its weakest point and perpetrators will try to get in any way that they can. Some just to see if they can and others for manipulated personal gain. Security measures, policy and procedures are written and tailored to meet the specific needs of an organization. Security tools are installed on networks to keep out cyber criminals.
Vulnerability is a weakness in a security system. A threat is a set of circumstances that has the potential to cause loss or harm. How do we address the problems of threats and vulnerabilities? We use control as a defensive method. Control is an action, device, procedure, or technique that removes or reduces vulnerability. (Pfleeger & Pfleeger, 2007)It is essential to have adequately qualified IT personnel on the security team to properly monitor the network’s activity log because this log records the activities occurring in an organization’s systems and on its networks.
It is important that the Information Security Officer (ISO) ensures that every person on the security team is educated and accurately trained in security measures, policies and procedures in addition to making sure that each individual knows their role and what steps to take in case the network is compromised. Time is of the essence and could possibly be the life line of a company when its network is being attacked.
Steve Forrester, Vice-President of Sales at Jacket-X reconnected his company laptop to the corporate local area network (LAN) without being subsequent to the company’s policy; the Intrusion Detection System (IDS) alerted the ISO Jack Wilson that a malicious worm was attacking the server. The worm immediately ex...
... middle of paper ...
...rity and a resigning of the policy letter. It is everyone’s responsibility to keep the system’s network as secure as possible.
Works Cited
Geier, J. (2005). Wireless network first-step. Indianapolis, IN: Cisco Press
Goodric, M., & Tamassia, R. (2010). Introduction to computer
security, (1st ed.). Canada: Addison Wesley
Pfleeger, C.P., & Plfeeger, S.L. (2007). Security in computing,
(4th ed.). saddle River, NJ: Pearson Education, Inc.
Kent, K.,& Souppa, M. (September 2006). Guide to computer
security log management. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
The vulnerability of organizational networks and the internet.
CSEC 610 9041 online classroom, achieved at: http://webtyco.umuc.edu
Information systems infrastructure. CSEC 610 9041 online
classroom, achieved at: http://webtyco.umuc.edu
Security of the companies data is one of the most important components which allows the business to perform its day to day operation using various networking devices, services that absolutely needs to be protected from intruders. Some of these devices include online transactions, the exchange of data between users and clients both internal and external and external web data needs to be secured. There are several polices that would need to be configured such as a web sever and firewall configurations. However, with these configurations the first and most important task is to identify any vulnerabilities or loopholes in security within the company. The company has both LAN (Local Area Network) and WAN (Wireless Local Area Network) and a web sever. These resources need to be secured at all times from hackers or anyone else by implementing the appropriate security measures.
Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.
Multi-platform computer worms are a tool that computer hackers use to infect computers to gain control access. Computer worms are a dangerous virus because they are self-replicating, meaning that they multiply themselves and spread onto other computer networks seeking a lapse in internet security. Computer worms do not need to attach themselves onto an existing computer program to gain access to the victim computer files. The computer worm was created on accident by a Cornell student named Robert Morris; he was seeking a way of managing the internet in 1988. “Morris had no malicious intent, but a bug in his program caused many of the computers the worm landed on to crash. … but worms had come of age and have since evolved into an effective way of attacking systems connected to the internet” (Barwise). Today, hackers use the Morris worm to infect computers. “Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia …” (Richmond). Since the good intended creation of the worm it has only been used maliciously as a computer virus by money seeking computer hackers such as the Koobface gang in Russia.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Collaboration among security officers will probably require them to focus on an agreed-upon definition of security incident. The group probably wants to prioritize their limited time dealing with significant threats to the system, not just review reports that have little or no security significance. It is almost inevitable that as a result of human error, a technical failure or a novel attack, that some security incident or privacy breach will occur. It is extremely important that the RHIO has agreed upon procedures for incident response, reporting, and remediation.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Network Security is the protection of the computer’s network though out the entire infrastructure. It can protect very important information and computer files to help prevent theft, spyware, malware, viruses, and more. Depending on if you have a public or private network, can determine what type of security settings you need for your network. All people are different on what they want to have secured or not, but most people do not know how to prevent people or things from getting in their network. “You must have a general understanding of security terminology and specifications as it relates to configuring hardware and software systems.”(Roberts, Richard M. 599). That quote states that by knowing and understanding security terms and specifics, you can
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Cybersecurity standards have recently been implemented to force organizations to maintain a safe environment and reduce the risk of cyber-attacks. Cyberspace is the “universe” for computers, and depending on how secure one’s system is could determine how well someone could maneuver through cyberspace. Cybersecurity is designed to find these intruders in unwanted areas, by placing barriers and obstacles. Of course cyberspace is an undefined area so it’s possible for people to get around and intrude into other networks.
Criminals take advantage of weak cybersecurity measures in order to perform criminal acts and warfare over the Internet.
To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks. Why Networks Must Be Secured? Attacks: -. Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors.
This report aim to explain how is achieved risk control through strategies and through security management of information.
A critical part of network planning involves setting up of security mechanisms. Deploying the network with security configuration provides superior visibility, continuous control and advanced threat protection across the extended network. Additionally, security procedures define policies to monitor the network for securing critical data, obtain visibility, mitigate threats, identify and correlate discrepancies.
There are different groups, from law enforcement agencies to the U.S. Secret Service, that are attempting to combat the problem through cooperation and preemptive efforts. If these groups combined with the public to protect themselves and the country from criminals that commit cybercrime, the nation’s network and technology servers would be much safer for technology users. Clearly, cybercrime is a problem because it puts internet users at risk of being taken advantage of or harmed. The advantages of technology and the internet have led more criminals to use cyberspace to commit crimes. The threat of cybercrime is increasing as globalization continues to spread across the world.