1. A brief summary of the range, contents, and argument of the article.In this article, the author discusses four anti-patterns that undermine an organization’s security and how such anti-patterns can be overcome. The first anti-pattern discussed is the overreliance on intuition. Because of the lack of information regarding probability of experiencing a cyberattack, countermeasures to cyberattacks, and the impact and costs of a cyberattack, people tend to resort to their own intuition and past experiences. Intuitions and past experiences lend themselves to various cognitive biases that lead to poor decision making. Thus, in order to overcome this anti-pattern, it is important to collect actual data and to evaluate them while checking for various biases when making a decision. The second …show more content…
This makes it easy for even novice hackers to gain access to the system. To overcome this anti-pattern, companies must assess and evaluate their security foundation and then fix any gaps.The third anti-pattern is an overreliance of knowledge instead of intelligence. Much of security today involves preventing, detecting, or blocking attacks based on our knowledge of past attacks. However, if one only tries to protect oneself from known attacks, one is not truly protecting oneself because attacks adapt. The system would only be safe from attacks of the past. To overcome this anti-pattern, an adaptable approach based on cyber intelligence need to be adopted. To do this, one must understand the various strategies and tools that cybercriminals use; there must be a proper understanding of the threat. Then, one must also make sure to minimize the number of vulnerabilities that cybercriminals can exploit. In addition, the system must be monitored so that if an attack occurs, it can be detected in its early stages, before damages occur on a wider scale. Finally, the last anti-pattern discussed is weak security governance, who systematically and contributes to making IT
What may have started as a seemingly boring and meaningless computer check up and accounting problem, turned into an investigation and search for a military spy for the KGB. It seems that the more that the technical revolution grows and gets relied on more, the level of security becomes necessary to grow past it. It seems to be an ongoing battle to protect and monitor information from possible threats and hackers.
At this juncture, it may be somewhat difficult to accept the proposition that a threat to the telecommunications grid, both wired and wireless, in the United States could potentially be subject to a catastrophic cyber attack. After careful research on the subject, it appears the potentiality of an event of such magnitude, which either disrupts one or the other grids for a long period or destroys either, is both theoretically and realistically impossible. It may be that proponents—those who advance such theories—equate such “doomsday” scenarios as if a cyber attack would or could be of the same magnitude as a conventional or nuclear military strike. Terms such as “cyber Pearl Harbor,” “cyber 9/11” and “cyber Vietnam” have been used to describes potential catastrophic cyber attacks and yet, “Though many have posited notions on what a ‘real’ cyber war would be like, we lack the understanding of how such conflicts will be conducted and evolve.” (Rattray & Healey, 2010, p. 77). Yet, the U.S. government continues to focus on such events, as if the plausibility of small-scale cyber attacks were not as pressing.
Although an act of cyberterrorism has yet to occur, officials and scholars continuously study the possibilities of such an attack. As our physical and virtual worlds continue to intertwine the risk of such an event rapidly increases. Everything from our transportation systems to pharmaceutical manufacturing are computer controlled. The closest the world has come to an act of cyberterrorism was in 2000. Known as the Maroochy Shire case in Queensland, Australia was committed by Vitek Boden. Boden was an engineer for Pacific Paradise, a sewage pumping in Australia. He was able to successful hack into a control system modifying the operations and dumping millions of litres of raw sewage into the local waterways. Boden’s motivation was the only reason the act was not classified as cyberterrorism was his motivation. It was personal rather than political or religious in nature (Sharp Parker, 2009). The only reason this wasn’t the first act of cyberterrorism was motivation. As companies invest in upgrading their technological capabilities, they too need to invest in security structure to protect their systems and the public from threats of terrorism. Our government must also decide how to address public safety in regards to cyberterrorism. On September 11th, 2001 America was reminded how vulnerable we are when it comes to acts of terrorism. The sheer complexity and varying design of attacks often makes it very difficult to create a catch-all defense in fighting terrorism. To improve the disruption of terrorist activities by government agencies in the United States many laws needed to be updated to include the latest areas of electronic communications.
Implement a system Intrusion Detection/Prevention System (IDS/IPS): - Make the investment in an IDS/IPS to distinguish and prevent potential system dangers. sensors ought to be circulated all through the system, with a specific focus on general society untrusted section. Take alerts very seriously.
Every year, cybercrime costs businesses $400 billion and by 2019, cybercrime will have cost the global economy 2.1 trillion dollars (Morgan 1). But, economic loss isn’t the only problem caused by weak cybersecurity; weak cybersecurity measures could allow hackers to collect data on citizens, cause widespread death, and destroy entire nations. Despite the massive threat the problem poses, no one has yet to institute an effective solution. Although government regulation and website blocking attempt to eliminate cybercrime and cyberwarfare, an ideal solution exists in government guidance and collaboration with the private sector.
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
the risk of security incidents and breaches is reduced by encouraging employees to think and act in more security conscious ways;
Many nations in the world - the United States, China, Russia, Iran, Germany, and more- use cyber warfare as a method of conducting sabotage and espionage. Nations, such as China and Russia, use espionage in order to prevent their economy and their military technology from falling behind by stealing advanced nations’ technology. Other nations, including Israel and Iran, focus on sabotaging other nations to cripple them, by sending malwares that destroy important data on the system, from advancing their technology and costing them a decent amount of money due to repairs. Another popular cyber attack used, mainly with hacktivist, government- sympathetic groups not owned by the government, and nations less advanced in technology, is Denial-of-service, or DoS. DoS is used to hinder the target’s website and other things that are maintained by computers by making it unavailable to intended users. People argue there are no benefits for cyber warfare due to its potential destructive powers and instant process of destruction. While other people-looking from a different view find that cyber warfare does have its benefits. They argue that an important benefit is that cyber warfare takes place in cyber space meaning that it does not physically harm people. They also argue that cyber warfare draws the awareness of the nation on the ever increasing dangers of cyber warfare and forces the government to set up stronger cyber security to fend off international attacks, which also help protect the government from internal hackers. It also creates more jobs for hackers, who use their knowledge to increase the security instead of harm it. Although cyber warfare produces damaging effects on a nation, in the long run, it crea...
The ability to conduct warfare through technological methods has increased information security awareness and the need to protect an entities infrastructure. Subsequently, cyber warfare produces increased risk to security practitioners that employ technology and other methods to mitigate risks to information and the various systems that hold or transmit data. A significant risk to information lies in the conduct of electronic commerce, hereinafter called e-commerce. E-commerce is the purchasing or selling of goods and/or services through the internet or other electronic means (Liu, Chen, Huang, & Yang, 2013). In this article, the researcher will discuss cyber warfare risks, present an evaluation on established security measures, identify potential victims of identity theft, and present an examina...
National and International Security is a sum of the actions taken by countries and other organizations that can guarantee the safety and well being of their population. It is vital for a nation to pre-emptively discover what issues could affect their security, and take action to prevent any detrimental or harmful events from happening. With the development of technology and the transition into a more technologically savvy society, cyber security has become one of the most prevalent and important economic and national security issues that the United States will come to face.
Johnson, B. R. (2005). Principles of Security Management. Upper Saddle River, NJ: Pearson Prentice Hall.
It is asserted in an article the battlefield of cyber space: the inevitable new military branch-the cyber force by Natasha Solce. In this article she has analyzed cyberspace as future battlefield she stressed on the need of plans which include amendments in constitution, establishing a cyber-force and strictked security measures to tackle cyber terrorism. She points out different events which held only because of the mismanagement by security institutions. She investigated that 8th US Air force was designed as the most modern operational force against the cyber terrorist. She concludes that terrorist may instigate more vulnerable attacks in future if they are not dealt with priority (Solce, 2008).
It is also useful to consider not only these specific threats, but also the underlying themes that are of particular concern in recent years. Three such themes are terrorism, identity theft and internal fraud (that is, fraud committed by employees or other “insiders” in the organization).
Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...
The world is in another cold war, except this time countries are battling for cyber supremacy. Cyberspace is a massive land of ever-changing technology and personal interaction (McGuffin and Mitchell 1). Cyberspace is not only a place where people post pictures and update their profile, but it also plays an enormous role in running a country. Advanced countries use computers to guide their military, keep track of citizens, run their power grids, and hold plans for nuclear devices and nuclear power. Risks to commercial and government concerns are now being noticed and many countries are taking actions to prevent such threats (McGuffin and Mitchell 1).