Security is a term used in almost every IT field and its usually put in place to help prevent the computer systems or computer networks from computer viruses or hackers. Security can be classified as strong or weak depending on the ease that a virus or a hacker has access to the resources available in the computer system or network. Even more, several security metrics are put in place to help ensure that the level of security which a system has is stronger. The purpose of this paper is to provide a discussion of the several commonly used metrics in the area of security while including their definitions. The security metrics are designed to provide certain functionalities such as vulnerability prevention, information gathering, and vulnerability …show more content…
This metric is designed to be reliable when it comes to the back end and it can be used easily and directly with other programs as well as scripts. This metric is considered to be good at debugging networks and exploring tools since it comes up with several connections (Bambauer et al.). Nevertheless, the tripwire is the fifth type of security metric which is associated to high expenses with its use. This metric is defined as a tool which assists the users as well as system administrators in the act of monitoring and delivering a designed file set for any relevant changes, tripwire metric is always used with system files regularly and it notifies the system administrators in the cases where there are tampered files or corrupt files so that damage control measures can be taken early before the situation worsens. Finally, the L0pht Crack is also a security metric defined as an NT tool which edits passwords. This metric computes the NT user password which is normally stored by the operating system of the NT. L0phcrack has the capability of obtaining the hashes through several sources stored by the several sources such as the registry. In addition, this metric also has ways of generating password guesses for example through the use of brute force
Kabay, M. E., & Robertson, B. (2009). Security policy guidelines. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed.). New York, NY: John Wiley
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Network Security is the protection of the computer’s network though out the entire infrastructure. It can protect very important information and computer files to help prevent theft, spyware, malware, viruses, and more. Depending on if you have a public or private network, can determine what type of security settings you need for your network. All people are different on what they want to have secured or not, but most people do not know how to prevent people or things from getting in their network. “You must have a general understanding of security terminology and specifications as it relates to configuring hardware and software systems.”(Roberts, Richard M. 599). That quote states that by knowing and understanding security terms and specifics, you can
Compare and contrast the different types of metric tools (e.g., surveys, chart review, etc) that can be used to collect information. Include in your discussion the role of technology in metric tool selection and use (e.g., online survey software vs. paper and pencil collection).
The Open Systems Interconnect (OSI) model is a standard reference model for the communication between two end users. Seven different layers make up the OSI model: physical, data link, network, transport, session, presentation, and application. This paper will cover the type of security that is associated with each level of the OSI model.
ISO 27001: Information Security Management System: This standard helps organizations implement security as a system versus numerous controls put in place to solve seemingly isolated issues. The standard includes handling of electronic information as well as paper-based information. From the management perspective, this standard, main contribution is to formalize the concept of risk assessments and organize information security as a quality improvement activity. The standard includes the plan-do-check-act (PDCA) concept as well as the principle of continually assessing the organization, not just episodically (Murphy, 2015).
Lastly, the application layer (Layer 7) supplies services to application procedures and threats are static passwords and SNMP private community strings (Holl, 2003). Organization will need to enforce encryption to limit the exposure of personal information, ensure that patches are installed for applications, patching and is performed on all network and hardware devices, hardening of operation system and implements secure authentication methods (Baker & Wallace, 2007). Additionally, a quality anti-virus is utilized on workstations, servers and other devices connected to the organization IT infrastructure. All types of attackers discussed in this paper are applicable. Black hat hackers and cyber terriorist will control exploit vulnerabilities in networks and application systems that are not properly patch as well as malware writer
Performance metrics are used to determine and quantity improvement in processes. To develop performance metrics, it is important to collect data pertaining to critical work processes, understand the desired results and the development of realistic measurements to be used to quantify the process improvements. The goal of lean is to help in comparing performance levels with the benchmarks or established standards. In order to successfully develop project metric, it is it advisable to first define the project metrics. These include the goals, objectives, and project benchmarks. For example, if the process is to produce four inch rods. The upper limits and lower limit must be set probably 4m plus or minus 0.5m. Any deviation bellows 3.5m or beyond 4.5metres shall be considered out of control (Nicoletti, 2013). Process should always be within control. Collecting data is mainly to help in quantifying process improvement and not reduce products variability. The most commonly used metrics include speed, time, quality, quantity. In lean, both primary and secondary metrics must be defined.
Information security is made up of three main attributes: Availability is the prevention of loss of access to resources and data. Integrity is the prevention of unauthorized modification of data, and Confidentiality is the prevention
Potential risks and security breaches have been on the rise with a growing number of skillful hackers. This results in an increase to external threats to personnel and businesses. However, when complex security measures and the appropriate level of controls are utilized, there is a reduction to the potential risk and loss due to failure or breach. Therefore, such practice will enhance system reliability.
Combines standards from 36 different sources regarding systems security and control standard into a single framework and is having a big impact on the IS profession. This allows management to benchmark security and control practices of IT environments, users to be assured that adequate IT security and control exist, and auditors
Security on the other hand is protection from harm and destruction. Security applies to vulnerable and valuable assets. These could be people, property, organization or a country. Security is a form of protection where a barrier exists between the assets and the threat.
Security refers to the protection of data against unauthorized access. Good security is necessary in an industry like cooperative banking in order to prevent the leakage of sensitive information. Some of the measures applied to secure the information are as
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
Establishing metrics is crucial to any organization, especially in technology related company projects. Metrics permit organizations to measure its performance against industry sectors to determine how well the company is doing. Furthermore, metrics allow organizations to evaluate and improve the effectiveness and efficiency of its processes. Metrics are designated in different categories. The categories identified in this document include output, in-process, and people. (Duris 2003) The organization must first determine exactly what the company is trying to accomplish or determine. Metrics are then identified based on what is relative to the subject matter. Finally, metrics are verified when tracking progress against previous records or a company given standards or goals.