The adoption of a bring your own device (BYOD) strategy offers a range of advantages for organization ranging from economic savings, enhanced workforce efficiencies, and improved operational mobility. Hence, it’s not surprising to witness the exponential growth of mobile devices (personal notebook, tablets, or smartphones) in the workplace. A BYOD environment not managed appropriately, however, can pose serious and substantial risks to the cybersecurity efforts of an organization (Caspi, 2016). Major Cybersecurity Issues One major cybersecurity challenge in implementing and sustaining a BYOD atmosphere is determining how to maintain an appropriate balance between accessibility and security. According to Dave Martin (20XX), “Disallowing BYODs just pushes them …show more content…
underground where you lose visibility. But, if you’re too permissive, you’re open to data loss” (para X). Based on the advantages mobile devices afford, employees can be driven to find unauthorized and/or unsecure means to exploit them if their organization does not support their use or full potential. Likewise, organizations find benefits in mobile devices; however, they often struggle to determine exactly how to enable employees to exploit their use or full potential. Further complicating the situation is the rapid pace for which new mobile device technology hits the market. Organizations are often confronted with employees using a range of mobile device manufacturers and models that are frequently replaced. Mobile devices could also easily become lost, stolen, or compromised. Employees often use mobile devices within and outside office spaces to access work applications, calendars, emails, and files. If a mobile device is misplaced in transition, an inside or outside threat could maliciously alter or destroy device contents, implant malware, perform device reconnaissance, or retrieve sensitive data (Fisher & Allen, 2015). Therefore, to ensure the enterprises network and confidential data remains secure from insider or external threats, organizations must continuously strive to find innovative means to establish a middle-ground between BYOD availability and security. Policy Control Recommendations One crucial policy control recommendation that could help maintain the balance between BYOD accessibility and security is to ensure vulnerability assessments and penetration tests are routinely conducted. Vulnerability assessments are a critical component of any security strategy because they enable an organization to audit enterprise system security conditions, identify likely vectors of internal and external attacks, and pinpoint system exposure to new vulnerabilities. Coupled with vulnerability assessments, penetration tests are important because they offer a realistic perspective of known and unknown weaknesses.
Penetration tests are typically conducted by ethical hackers whom exploit manual and automated practices to simulate attacks from both internal and external threats (Bace & Sinchak, 2014). Working hand-in-hand, vulnerability assessments and penetration tests afford the agile intelligence needed to help organizations deploy necessary security countermeasures to mitigate the likelihood and impact of attacks. This is especially important in a BYOD environment where devices models vary and are frequently refreshed. Recognizing mobile devices are routinely transit between physical locations making them susceptible to compromise, a suggested policy control is to mandate employees sign an agreement permitting remote wiping. The agreement would include a designated timeframe an employee would need to report an incident and stiff penalties for those that do not comply. Although an employee may lose personal data, this measure will ensure the organization is appropriately protected (Fisher & Allen, 2015). Human Influences on Recommended Policy
Controls Over the last several decades, industry experts have established a variety of vulnerability assessment and penetration test standards to help organizations identify, categorize, and evaluate organizational weaknesses. Since these assessments and tests typically promote continuous analysis for maximum impact, one human factor that could skew the effectiveness of the recommended above policy control is employees who become absorbed in a check-the-box mind-set and lose focus of overarching assessment and test objectives. Additionally, vulnerability assessments and penetration tests often mandate advanced system and security comprehension in addition to the ability to offer authentic findings. Therefore, organizations must be careful to ensure the psychological mind-set of employees involved in these activities remains impartial. According to the social identify theory (SLT), humans can quickly adopt the behaviors, opinions, and temperaments from those with whom they share a collective relationship. This could especially become problematic for organizations with large IT teams. A collective mentality could regrettably blind or skew IT teams in the wrong direction rather than offer forthright assessments and tests (Campbell & Kennedy, 2014). In the event a mobile device is lost or stolen, there is also no guarantee an employee would promptly report the incident. This could come as a result of a psychological fear of penalty, disregard for impact of actions, or
Commencing penetration tests within the infrastructure of Alexander Rocco Corporation may be a strenuous, yet beneficial process. However, before commencing penetration tests, much planning, strategizing, and research is necessary in order to ensure successful, seamless, and legal operations. Based on information provided by the SANS Institute, an initial meeting should be coordinated between those responsible for conducting the tests, along with the appropriate leadership personnel of the company (source). Within the meeting, the scope of the project should be established, classifying company data appropriately, and determining which components of the company’s infrastructure require penetration testing, which may include Alexander Rocco Corporation’s
A parallel bus system is a bus system that transfers several data bits at the same time. This bus system requires wide buses because large chunks of data need to be transferred faster. Parallel buses usually have 8, 16, 32 or 64 data lines. A parallel bus system includes: ISA, PCI, VESA, and EISA buses. (Mueller, S. & Zacker, C. 1988).
In 2010, former senior U.S. officials conducted a simulation imagining of a catastrophic cyber attack, the origins of which came by way of a mobile application having malware that was self-replicating that eventually overwhelmed wireless networks and disabled portions of wired network communications and the internet as well as curtailing electrical supply channels and oil and gas pipelines (Corbin, 2010). Rather than consider the likelihood of such a catastrophe, the panel took the position that if such an event were to occur the government would have to take over telecommunications in this country, eight-five percent of which o...
All throughout Colorado there has been many developments and expansions. One of these developments is the railroad system. Railroads were and still are such an essential means of transportation for people as well for industries involving coal and fuel, and many other things. There are many key players and developers that took part in revitalizing Colorado in the 1870s. Some of these key players that contributed to the territory’s growth were William A.H. Loveland, Edward L. Berthoud, Henry M. Teller, and William Jackson Palmer.
Works Cited for: Caplan, Hayley. How to Avoid Cell Phone Identity Theft? What Is Privacy? N.p., 31 July 2012. Web.
Security of the companies data is one of the most important components which allows the business to perform its day to day operation using various networking devices, services that absolutely needs to be protected from intruders. Some of these devices include online transactions, the exchange of data between users and clients both internal and external and external web data needs to be secured. There are several polices that would need to be configured such as a web sever and firewall configurations. However, with these configurations the first and most important task is to identify any vulnerabilities or loopholes in security within the company. The company has both LAN (Local Area Network) and WAN (Wireless Local Area Network) and a web sever. These resources need to be secured at all times from hackers or anyone else by implementing the appropriate security measures.
In this case study, I aim to present the recent issue about Cyber security, protecting client’s private data and information through the controversial Apple and
“Mobile devices range from basic, inexpensive phones used primarily for phone calls to smart phones that integrate a phone, PDA, camera, music player, and more into one device.” (Guide To Computer Forensics and Investigations - Nelson 2013) The cellular telephone could be recognized a definitive disruptive innovation: indeed, for example telephony, radio, TV, the Internet, mobile telephones are radically changing about every part of day by day life, both inside organizations and in the everyday lives of people, furnishing more provisions and gathering more private information. Cutting edge smartphones give progressed characteristics like email, Internet and recorders. Such smartphone's characteristics, other than the side of the portable devices, give to user the opportunity to co...
What concerns the government of the United States most is the security of the critical infrastructure from the cyber threats. The nation is depending heavily on the technology in most of its critical sectors to keep it up and running. Thus, this makes its more vulnerable to cyber-attacks from outsiders and insiders. Therefore, its protection must be a priority.
[15] T. J. Klevinsky, Scott Laliberte, and Ajay Gupta. (2002). Hack I.T.: Security Through Penetration Testing. Addison-Wesley Professional.
With the increasingly ubiquitous nature of mobile devices and online availability, including smartphones and tablets, there is also an understandable concern about the level of security that is afforded to such devices. This can be considered as increasingly important given the proliferation of policies such as BYOD (Bring Your Own Device) which is being used by diverse organizations as a way of lowering the cost of ownership for such devices while also leveraging the flexibility advantages that their utilization can bring. It is therefore an area of immense interest due to the changing and emerging nature of both the technology itself as well as the security concerns.
Richmond, Riva. "12 Ways Technology Threatens Your Privacy (and How to Protect Yourself)." Switched. N.p., 14 May 2009. Web. 11 Mar. 2014. .
It is difficult to define cyberculture because its boundaries are uncertain and applications to certain circumstances can often be disputed. The common threads of defining cyberculture is a culture which has evolved and continues to evolve from the use of computer networks and the internet and is guided by social and cultural movements reflective of advancements in scientific and technological information. It is not a unified culture but rather a culture that exists in cyberspace and is a compilation of numerous new technologies and capabilities, used by diverse people in diverse real – world locations. Cyberculture, a twentieth century phenomena, has brought challenges unlike any other that the United States has seen in the areas of cyber security and its impact on our most critical institutions. This presentation will focus on the aforementioned three entities where national security is in jeopardy in part due to cyberculture and its intentional use for disruptive and destructive purposes. Breaches of security to the United States Department of Defense, the national power grid and the Chamber of Commerce are very real and omnipresent.
With social media being the world’s distributor of information, it can be a hassle. In times of emergency, a person can instantly dial 9-1-1 or send a silent SMS. Cell phones have given us the power to feel secure and protected, but they can only do so much. While phone companies advertise their plans, they are also trying to protect phones and the shared data through each app. Data can be distributed to another person without the user knowing, which is why companies have created security measures within each cell phone to make sure nothing is lost or stolen from the original user.
...h the threat of “Mobile Malware” looming in the air, the desire to give the general public fair warning has never been greater. This paper was intended to provided that knowledge the general public needs and will reinforce the topic to those who were already aware. The history of malware gave you a look into the not so distant past. The discussion of technical examples of malware was intended to show you how rapidly the threat is developing along with the statistics of malware’s current expansion, and the future examples of malware and research showed you concepts that were unimaginable to the common electronic consumer. The majority of malware was originally designed to be a practical joke, but as we can see from the ever growing desire for malicious intent, the evolution of malware has followed suite. We can only hope that the growing need for security can be met.