HOC Cyber Security Profiles
Cyber security profiles (System Security Plans or SSP) are an essential component within an organizational security program. An Organizations Cyber security profile references to information pertinent to the security of a system such as security issues, security controls, security categories to which the system belongs, and concern pertaining to the environment in which the system is installed. Cyber security profiles provides security administrators with essential information necessary to ensure that the proper countermeasures are in place for each system in order to maintain confidentiality, integrity and availability requirements of the organization as well as those that apply specifically to each system. HOC (Housing Opportunities of Montgomery County) maintains a security program designed to protect the highly technical and sensitive cliental information stored within their systems and networks. To ensure that each system within the organizations IT infrastructure is properly, securely configured and protected, Cyber Security Profiles must be implemented for each system in order to concisely document the required secure configuration of both the system and the environment in which the system is installed.
1. Management Control
1.1 System and Services Acquisition Controls (SA)
System services and acquisition controls focus on the procurement and life cycle support for items acquired in order to conduct business. For HOC, items such as network devices, computer workstations, and WAN services, established during acquisition are covered by this management control.
1.1.1(SA-5) Information System Documentation
Information system documentation records the det...
... middle of paper ...
...nt. Cyber security profiles help tremendously by organizing security related information in a way that avoids confusion, facilitates coverage and essential understanding. These same profiles are also essential to certification and accreditation efforts as well as routine, periodic audits, as they facilitate communication between the auditors and the organization and ensure that an understanding of the systems, configurations, policies and procedures are in line with best practices and regulatory compliance.
NIST, (2006), FIPS Pub 200: Minimum Security Requirements for Federal Information and Information Systems, Retrieved from http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
NIST, (2013), National Vulnerability Database – Security Controls, Retrieved from http://web.nvd.nist.gov/view/800-53/class?controlClassName=Management
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- Weaknesses to mistreatment in contemporarymainframes are wide-ranging. They variant from weaknesses of internet server which permitthe hackers or assailantsto command the internet server to a cultured lateral network that uses stuff like packet technique or immediate control depletion to collect private and trustworthy material from cyber security computersystems. Vulnerabilities or weaknesses seem to be in the customer software whois a fellow of an industry that uses it to get their tasks performed.... [tags: hackers, cyber security, softwares]
1270 words (3.6 pages)
- Cyber Security as an International Security Threat National and International Security is a sum of the actions taken by countries and other organizations that can guarantee the safety and well being of their population. It is vital for a nation to pre-emptively discover what issues could affect their security, and take action to prevent any detrimental or harmful events from happening. With the development of technology and the transition into a more technologically savvy society, cyber security has become one of the most prevalent and important economic and national security issues that the United States will come to face.... [tags: cyber terrorists, cyberspace]
2186 words (6.2 pages)
- ... The U.S. Department of Homeland Security (DHS) reported that the number of cyber attacks launched against U.S. infrastructure in 2012 increased by over 50 percent, and over 7,000 key industrial control systems are vulnerable to attack. Cybercriminals tend to focus where the weak spots are and use technique until it becomes less effective, and then move on to the next frontier. For this reason, the targets and the attacks techniques change every time. As example of some of the most attacks techniques utilized are socially engineered, unpatched software and Phishing attacks.... [tags: cyber attacks, hacking]
1282 words (3.7 pages)
- Due to the growth and success of Advanced Research our systems have recently become a target for hacking and cyber-attacks. As an organization we know of several attempts to steal the intellectual property of Advanced Research and sell the stolen properties to direct competitors. Beyond that we are all aware of the 2011 issues involving Advanced Research’s public website, website defacement and Denial of Service (DoS) attacks are common tactics of attackers. Also in today’s cyber climate it is well known that any organization, no matter the size or prestige, with a cyber-presence is vulnerable to attacks and exploits.... [tags: metasploit pro, IT, hacking, cyber attacks]
1358 words (3.9 pages)
- Society today is plagued with crime that is difficult to combat, constantly changing, and has no borders; this type of crime is called cybercrime. The United States of America is attacked on a daily basis by cyber criminals both foreign and domestic. The crimes committed involve fraud, identity theft, theft of proprietary trade secrets, and even theft of national secrets. The 2009 Internet Crime Report indicates there were 336,655 received cybercrime complaints in 2009 and a total monetary loss of $559.7 million (“2009 Internet Crime Report,” 2009).... [tags: Technology, Cyber Crime]
2164 words (6.2 pages)
- ... On the same day, United States Secretary of State Hillary Clinton issued a brief statement condemning the attacks. Dmitri Alperovitch, Vice President of Threat Research at cyber security company McAfee, named the attack "Operation Aurora". Research by McAfee Labs discovered that “Aurora” was part of the file path on the attacker’s machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation," McAfee Chief Technology Officer George Kurtz stated.... [tags: modern technology, security breaches]
1071 words (3.1 pages)
- Networking is a norm in many corporate based institutions in modern society. Computerized applications, software and communication has been greatly deployed to foster service delivery in the organizations. Despite the many merits tied to networking, it poses some threats that can proof costly if not handled professionally. Good news is that there are measures that can be adopted to form a robust computer network system that will ensure minimal or no intrusion by any assailants. This paper seeks to explore a number of factors indicative of weak computer networking system, and various measures to plan and enable stern security.... [tags: cyber crime, cyber security]
2848 words (8.1 pages)
- In this day and age, Cyberspace touches almost every part of our daily lives. There are few activities and places that we approach that are not in one way or another tied into cyberspace. On a small scale, matters such as your home, work, hospitals, schools and even a lot of restaurants are tied into cyberspace. On a much larger scale, matters such as the power grids that bring us power every day, nuclear power plants , military information and most of the intelligence the US government has ever collected are accessible in cyberspace.... [tags: professional coders, banking online]
940 words (2.7 pages)
- Denial of service (DoS)- This type of attack occurs when a hacker overloads a server or network device with numerous IMCP (Internet Control Message Protocol) ping requests, such that it is unable to respond to valid requests. By updating to the latest service pack and applying security patches, you can minimize the threat of DoS attacks by reducing the vulnerabilities in the TCP/IP network protocol. Although disabling ICMP can remove valuable troubleshooting tools, it can effectively remove the possibility of DoS attacks.... [tags: Cyber-security, Enterprise Security]
3468 words (9.9 pages)
- In Greek mythology, the Theogony recalls the lineage of Greek deities. Part of the story contains information about a monster named Orthrus. The beast is a two headed dog that was responsible for guarding the island. However, Orthrus was eventually slaughtered by the epic hero, Heracles. Obviously, a two headed, monster dog has potential to bring about catastrophe. But trained in the correct way, Orthrus could have been a valiant watchdog and become an honorable hero in Greek legend. Technology in the present is very much like Orthrus in that progress and advances can lead to a positive or negative impact on the world.... [tags: Internet, technology, cyberspace, abuse, Orthus]
1532 words (4.4 pages)