Identify Security Measures Which Address These Threats and Vulnerabilities
Any network is vulnerable at its weakest point and perpetrators will try to get in any way that they can. Some just to see if they can and others for manipulated personal gain. Security measures, policy and procedures are written and tailored to meet the specific needs of an organization. Security tools are installed on networks to keep out cyber criminals.
Vulnerability is a weakness in a security system. A threat is a set of circumstances that has the potential to cause loss or harm. How do we address the problems of threats and vulnerabilities? We use control as a defensive method. Control is an action, device, procedure, or technique that removes or reduces vulnerability. (Pfleeger & Pfleeger, 2007)It is essential to have adequately qualified IT personnel on the security team to properly monitor the network’s activity log because this log records the activities occurring in an organization’s systems and on its networks.
It is important that the Information Security Officer (ISO) ensures that every person on the security team is educated and accurately trained in security measures, policies and procedures in addition to making sure that each individual knows their role and what steps to take in case the network is compromised. Time is of the essence and could possibly be the life line of a company when its network is being attacked.
Steve Forrester, Vice-President of Sales at Jacket-X reconnected his company laptop to the corporate local area network (LAN) without being subsequent to the company’s policy; the Intrusion Detection System (IDS) alerted the ISO Jack Wilson that a malicious worm was attacking the server. The worm immediately ex...
... middle of paper ...
...rity and a resigning of the policy letter. It is everyone’s responsibility to keep the system’s network as secure as possible.
Works Cited
Geier, J. (2005). Wireless network first-step. Indianapolis, IN: Cisco Press
Goodric, M., & Tamassia, R. (2010). Introduction to computer
security, (1st ed.). Canada: Addison Wesley
Pfleeger, C.P., & Plfeeger, S.L. (2007). Security in computing,
(4th ed.). saddle River, NJ: Pearson Education, Inc.
Kent, K.,& Souppa, M. (September 2006). Guide to computer
security log management. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
The vulnerability of organizational networks and the internet.
CSEC 610 9041 online classroom, achieved at: http://webtyco.umuc.edu
Information systems infrastructure. CSEC 610 9041 online
classroom, achieved at: http://webtyco.umuc.edu
The use of cybersecurity policies within CSN is to provide security of the divisions assets. The written policies provide guidance on implementation, through references to applicable standards and statements of best practices (Booz Allen Hamilton, 2012). As stated by Control Data Corporation, there is no asset which can be 100% secure; network security is often times focused on strategic prevention or reactive procedures, rather than examination of the security policy and maintaining the operation of it (1999). Therefore analysis indicates that numerous breaches are often due to reoccurring weaknesses in the policy. “Even the most reliable, state-of-the-art technologies can be undermined or rendered ineffective by poor decisions, or by weak operational practices” (Control Data Corporation, 1999, p. 3).
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Network Security is the protection of the computer’s network though out the entire infrastructure. It can protect very important information and computer files to help prevent theft, spyware, malware, viruses, and more. Depending on if you have a public or private network, can determine what type of security settings you need for your network. All people are different on what they want to have secured or not, but most people do not know how to prevent people or things from getting in their network. “You must have a general understanding of security terminology and specifications as it relates to configuring hardware and software systems.”(Roberts, Richard M. 599). That quote states that by knowing and understanding security terms and specifics, you can
System have to be constantly updated to prevent new types of attacks. Also, different layers of security have to be employed so as to increase the fortification of the network system against possible breach. In a case where a system has been breached, awareness should become the next priority as this can still help prevent the loss of data depending how soon detection can occur. In all security measures, human error has always been identified as a great risk. To minimize this, security training is encouraged not just for security personals but for everyone who uses a
"Responding to IT Security Incidents." Responding to IT Security Incidents. N.p., n.d. Web. 19 Jan. 2014. .
Firstly, they should ensure that organizations comply with information technology regulations. Secondly, they should ensure that IT staff are well equipped with technical knowhow to ensure they can pinpoint any forms of threats and take appropriate actions in advance. Lastly, the government, private sector, and other stakeholders should share information concerning diverse forms of threats to facilitate in the establishment of effective measures for addressing any forms of security threats (Moore & Shenoi,
Today process and technology alone can’t assure a secure organizational atmosphere. To compromise a satisfactorily secure organization, cybersecurity polices and procedures are inaugurated and expertise within an
Lastly, the application layer (Layer 7) supplies services to application procedures and threats are static passwords and SNMP private community strings (Holl, 2003). Organization will need to enforce encryption to limit the exposure of personal information, ensure that patches are installed for applications, patching and is performed on all network and hardware devices, hardening of operation system and implements secure authentication methods (Baker & Wallace, 2007). Additionally, a quality anti-virus is utilized on workstations, servers and other devices connected to the organization IT infrastructure. All types of attackers discussed in this paper are applicable. Black hat hackers and cyber terriorist will control exploit vulnerabilities in networks and application systems that are not properly patch as well as malware writer
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
“Monitoring security would help organizations to minimize the window of exposure to risks and manage better their entire security process” (Priescu & Nicolaescu, 2008). Malware intrusion in businesses is costly and the outcomes are endless. One of the most efficient ways for businesses to protect themselves from malware is to have a prevention protocol. The first step in the recommended protocol is to identify vulnerabilities on networked systems. By doing this, internal and external risks are understood. This process must be continuous since vulnerabilities are changing constantly. Examples are software vulnerabilities, which are corrected by the vendors through the release of updates or patches, and incorrect system configurations like operating system-related or
Risk Management Theory. The Risk Management Theory has been around for quite some time. According to Hong, Chi, Chao, and Tang (2003), risks pertaining to IT security can be measured and evaluated by means of assessing potential attack vectors, and susceptibilities to the organization’s systems and processes. The authors suggest that the outcome of this evaluation allows for the identification of essential security programs and the employment of IT security controls to mitigate these risks. The intended outcome of utilizing this theory is to manage risks until they are at a permissible state. The Risk Management Theory, while broad in nature, does not encompass enough of the information security and risk...
The increasing proliferation and complexity of technology are creating new "opportunities" for cyber criminals to exploit. In addition, cyber crime techniques are getting ever more sophisticated. For businesses, this adds up to an increasingly more dangerous cyber threat environment. It doesn't help that human factors add to the risk. These include simple blunders, such as exposing sensitive data to the open Internet, as well as network security misconceptions and oversights. Here are two network security mistakes that invite devastating data breaches:
This paper describes the basic threats to the network security and the basic issues of interest for designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers
A critical part of network planning involves setting up of security mechanisms. Deploying the network with security configuration provides superior visibility, continuous control and advanced threat protection across the extended network. Additionally, security procedures define policies to monitor the network for securing critical data, obtain visibility, mitigate threats, identify and correlate discrepancies.