...Information Security Article Evaluation CMGT 441 August 12th, 2013 Information Security Article Evaluation In today’s era where technology is always improving and moving forward faster than most people realize one thing stand consistent, company assets. Of these assets none seem more important in the era of “information highway” or “instant media” than information. Protecting information can be the key to a failure or success of a company. A group of security experts from government, industry, and academia put together a list of the 20 most critical security threats on the Internet. Released in 2001 by the Bethesda, Md.-based System Administration, Networking, and Security Institute (SANS), the list is to help network administrators steer clear of the most exploited Internet security flaws (Savage, June 2000). According to (Savage, June 2000) "The main message we're trying to deliver is that there are a few vulnerabilities that are comprising the vast majority of attacks and attempted attacks that we're seeing," said Jim Magdych, research manager at PGP Security, a division of Network Associates Inc., Santa Clara, Calif., and a project participant.” This list is for network administrators who are inundated with the security risks...
Words: 975 - Pages: 4
...Information Security Article Evaluation CMGT/441 July 10, 2013 Confidentiality As I was looking on the internet trying to locate a website to write my paper about, an article from Consumerreports.org got my attention. The article was about social media privacy. In June 2012, Consumerreports.org posted an article called “Facebook & your privacy: (Who sees the data you share on the biggest social network”), which attempts to explain and give several reasons how your privacy is being violated by social media. The article has some great points but also had many facts that made me question its validity. The article in Consumerreports.org talks a lot about how Facebook is sharing all of your information and how confusing its privacy controls are. For example, part of the article states that Facebook has many privacy controls, but good luck trying to understand them. A new study by (Siegel &Gale 2012), New York-based consultants, finds that Facebook’s and Google’s privacy policies are tougher to comprehend than the typical bank credit card agreement or government notice. There is some untruthfulness in that because I am an avid Facebook user. Finding the privacy controls are very easy but it does take a little time to decipher what you need to do to make your profile private. I think Facebook...
Words: 898 - Pages: 4
...accountable, is Barry’s reasoning for the additional insurance. To aide CPAs is preventative measures, Barry points out a new program that would decrease a CPAs insurance cost. In order to obtain this decrease they would need to take 20 hours of Risk Management courses. This short article would be beneficial for any CPA. This would be an eye opener for anyone not realizing the liability a poor computer system could cause. Considering the information, this new program should be mandatory opposed to optional. This source may bring to light the Risk Management CPE courses that are available for my boss. Most of his CPE courses are taken last minute and scheduled by our office manager, who may be unaware of these courses. Brown, T. (2015). A Primer on Data Security. CPA Journal, 85(5), 58. Data breaches are becoming a common occurrence. This article brings light to the different types of security breaches, common hacks and why...
Words: 655 - Pages: 3
...On The Development of Comprehensive Information Security Policies for Organizations The article selected for review is titled, “On the Development of Comprehensive Information Security Policies for Organizations.” The article is from the International Journal of Academic Research; the authors are Fahad T. Bin Muhaya, Fazl-e-Hadi, and Abid Ali Minhas. The article offers guidelines on the development of information security policies for organizations based on a proposed framework. The introduction of the article emphases the importance of protecting information, “Information security failures have gradually damage many progressing organizations; ruining its repute, reducing customer trust and ultimately lose its market share.” I believe is this a very strong introductory statement. The introduction of the article also implies that a new form of terroristic attacks may come from breaching organizations and accessing sensitive information. The authors further suggest that information security comprises of three elements which are human, organizational, and technological vulnerabilities. The article objective is clearly stated as a tool on how to develop or improve information security. The development approach when viewing an organizational structure is defined in the article as threats versus defense. The article identifies security policy issues at the environment, application, cryptography, network, and physical layers. This is a simple definition but I feel that viewing...
Words: 565 - Pages: 3
...Effective Information Security Requires a Balance of Social and Technology Factors MIS Quarterly Executive Vol. 9 No. 3/ Sept 2010 Team 3 Article 12 Review, BUS ADM 744 Kirt Oaks, Deepika Gopukumar, Nutan Narway, Gregory Gohr *Note: The superscript number refers to the references mentioned at the end of the document. INFORMATION SECURITY HAS BECOME A STRATEGIC ISSUE: With growing threats of cyberterrorism and evolving government regulations information security is at the forefront of many organization’s priorities. Such actions as hiring of security executives, restructuring the information security structure within a company or increasing budgets for security have helped companies to feel more secure and pass that on to their shareholders and customers. Companies have prevalently relied on technology based solutions, but that is only part of the solution. There needs to be a connection between the security entity and the business. This will allow for the budgets and policies to be more in line with the business requirements. A technically focused information security strategy was followed in the past. Since security was technically focused, organizations placed the information security group as part of low level function which operated independently from business which in turn did not serve the business effectively. To overcome this, current information security strategy follows a socio-technical security strategy which is strategically focused or business driven....
Words: 2168 - Pages: 9
...fines and penalties are being administered to organizations that are found not to be in compliance with HIPPA regulations. I’ve recently read an article about a breach in patient privacy at Kaiser Permanente. Kaiser Permanente is one of the nation’s largest not-for-profit health plans, serving approximately 9.1 million members, with headquarters in Oakland, Calif("Fast Facts About Kaiser Permanente", 2014). Issue and its impact on the population it affects most The issue that has occurred at Kaiser Permanente is that their server has been infected with a malicious malware. The breach of the organization has been going on for quite some time. The organization thinks that the server has been infected ever since October of 2011; the breach was not discovered until February of 2014. This is quite some time for a breach in security to go undetected. The breach of the “secure” server has affected over 5,000 patients. All of the patients protected health information was on the server. This breach mostly affects the 5,100 patients that had private medical information and personal information saved to the server. The breach of the 5,100 patients information that was compromised could be devastating; fraud, identity theft, poor credit scores and many more things could result from the security breach. What arguments or facts are used in the article to support the proposed solution? I would not say that...
Words: 1034 - Pages: 5
...Midterm Examination Written Responses Presented in ITS-331 Designing for Security By QUESTION 1 In Chapter 1 of Weaver, Weaver, and Farwood (2013), we considered various THREATS to network security, the FUNDAMENTAL goals of network security, and how LAYERED approaches to defense contributed to the overall security posture of an organization’s information infrastructure. Chapter 2 explored Transmission Control Protocol / Internet Protocol (TCP/IP), the Open Systems Interconnect (OSI) Model, and how various protocols operated within, as well as across OSI layers to enable telecommunications to function. In a scholarly peer-reviewed journal article entitled: "Cyber security in the Smart Grid: Survey and challenges," Wang and Lu (2013) examined security requirements, network vulnerabilities, attack countermeasures, secure communication protocols and architectures in the U.S. Smart Grid. Based upon what you read in Chapters, one, and two of Weaver et al. (2013), as well as the journal article, COMPARE and CONTRAST Vulnerabilities, Attacks, or Threats shared from the text against those provided within the journal article. IDENTIFY Three Similarities AND Three Differences that exists between the text and literature. Wang, W., & Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5), 1344-1371. Weaver, R., Weaver, D., & Farwood, D. (2013). Guide to Network Defense and Countermeasures (third Ed.). Boston, MA: Course Technology...
Words: 1934 - Pages: 8
...NORTHCENTRAL UNIVERSITY ASSIGNMENT COVER SHEET Learner: Terry L Green THIS FORM MUST BE COMPLETELY FILLED IN Please Follow These Procedures: If requested by your mentor, use an assignment cover sheet as the first page of the word processor file. The assignment header should include the Learner’s last name, first initial, course code, dash, and assignment number (DoeJXXX0000-1) justified to the left and the page number justified to the right. Keep a Photocopy or Electronic Copy of Your Assignments: You may need to re-submit assignments if your mentor has indicated that you may or must do so. Academic Integrity: All work submitted in each course must be the Learner’s own. This includes all assignments, exams, term papers, and other projects required by the faculty mentor. The known submission of another person’s work represented as that of the Learner’s without properly citing the source of the work will be considered plagiarism and will result in an unsatisfactory grade for the work submitted or for the entire course, and may result in academic dismissal. | | BTM8102-8 | Kris Iyer, PhD | | | Business Research Methodology | GreenTBTM8102-2 | | | <Add Learner comments here> ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Faculty Use Only ------------------------------------------------- <Faculty comments here> ...
Words: 2699 - Pages: 11
...In the competitive world of healthcare, it is important that organizations establish data security measures to protect a patient’s confidentiality and privacy. Electronic health records (EHRs) must be protected against unauthorized users to prevent the misuse of protected health information (PHI). Health care organizations must protect their information systems from a variety of potential threats. This can include “intentional or unintentional damage to hardware, software, or data or misuse of the organization’s hardware, software, or data” (Wager, Lee, & Glaser, 2009, p. 252). This paper will review two data security articles and describe the measures being used, how they were being used and how effective they were. Security Measures and How They Were Used More and more organizations are using EHRs, as its use continues to grow so does the number of users. According to Gardiner (2015), “The healthcare sector experienced 340 percent more information security incidents and attacks than other industries due to the proliferation of electronic health records with sensitive data” (p.1). In the articles reviewed, the organizations have chosen to employ the following security measures; laptop and device encryption, internal content filtering, email encryption, access management, and social media policy and guidelines, and the use of an enterprise software company. Laptop, Device and Email Encryption All devices like laptops, desktops, and smartphones should be encrypted. The user...
Words: 763 - Pages: 4
...Ethical Issues for IT and Information Security Professionals Sandra J. Crossin Information Security Management- MGMT 394 Embry Riddle Aeronautical University Abstract This paper summarizes and evaluates an article addressing the ethical issues involved with being information security personnel. It will attempt to show several areas where ethics can become an issue and stimulate questions regarding activities that are not illegal, but in most cases are not ethical either. The Information Security industry does not have a specific and regulate “code of ethics” to the extent which physicians, attorneys, accountants or other professionals who have access to personal information do. This paper will attempt to evaluate whether or not such a code and its ensuing regulations should be developed. Keyword: Information Security Personnel Professionals such as doctors, lawyers, accountants and so forth, have jobs which allows them to have access to other individual’s private information and whose duties can affect the lives of others. These professionals receive training and take courses that instruct them regarding the ethical issues involved in their respective professions. Most established professions have confronted their ethical issues, which have then been “codified” by law and are strictly monitored and regulated [ (Schinder, 2005) ]. In the IT industry, security personnel weld a certain amount of power due to the access they have to confidential...
Words: 581 - Pages: 3
...hacking in today’s changing security environment, the protection of an organization’s information security system has become a business imperative . With the access to the Internet by anyone, anywhere and anytime, the Internet’s “ubiquitous presence and global accessibility” can become an organization’s weakness because its security controls can become more easily compromised by internal and external threats. Hence, the purpose of the research paper is to strengthen the awareness of ethical hacking in the Chartered Accountants (CA) profession, also known as penetration testing, by evaluating the effectiveness and efficiency of the information security system. 2 1 II. What is Ethical Hacking/Penetration Testing? Ethical hacking and penetration testing is a preventative measure which consists of a chain of legitimate tools that identify and exploit a company’s security weaknesses . It uses the same or similar techniques of malicious hackers to attack key vulnerabilities in the company’s security system, which then can be mitigated and closed. In other words, penetration testing can be described as not “tapping the door” , but “breaking through the door” . These tests reveal how easy an organization’s security controls can be penetrated, and to obtain access to its confidential and sensitive information asset by hackers. As a result, ethical hacking is an effective tool that can help assist CA professionals to better understand the organization’s information systems and its strategy...
Words: 11999 - Pages: 48
...Preventing Security Breaches: Collaborative Summary Jasmine Crosby BIS/221 March 26, 2015 Mr. Kelvin Sigler Preventing Security Breaches: Collaborative Summary Within Week 2 we had to discuss an article on Preventing Security Breaches. The article of discussion was “Confronting the Emerging Threat”. Out of this article was listed several ways companies could use to prevent security breaching within their company. One major preventive measure that was interesting in the article is that companies should prohibit employees on transmitting confidential information via email this prevents outsiders from breaching data within the company. Although it is important to use high security within company email does this really stop encrypted information going out into the wrong hands? It was also stated in this article that companies using database systems that are outside of the company are at a great risk. This great risk for example, is a company my employer uses that host several employees training classes and also the last four of each employee social security number. There was an instance when they had an issue with their server which placed our database at risk of losing thousands of data. The major issue is that their IT department stated to us that they had no backup of all the data that we entered in the system for the past year. If we had not saved all the data we input for the past year we would have had to start from scratch. Therefore it is better to be safe than sorry...
Words: 398 - Pages: 2
...Case Study 2: Information Security and the National Infrastructure Tamika C. McCray Professor Darrel Nerove SEC 310 – Homeland Security July 19, 2012 In reading the article, I gather that our country’s natural resources might be at very real danger due to cyber threats. I am once again surprised that there is no effective plan in place for protecting these very important resources. In any company that has something to lose, there should be appropriate security measures taken in accessing their company information. Along with those passwords, a level of security needs to be given to each individual with a password. Learning of the different security possibilities to protect our resources should be at the top of voter’s lists along with job security and a few other things this coming election. If we are easily hacked with simple things, more individual than world-wide, we should take heed when a security breech on a national level will affect millions. All possible threats should be taken seriously as with everything being wireless these days, there is more of a chance for hackers to find a way to get through the cracks. The fact that these industries rely heavily on information technology to conduct everyday service alone is a very real reason to be concerned. Being that there might be thousands of miles between employees, branches and facilities that operate in these areas, there is a great emphasis on telecommuting. When dealing with any type of outpost employment...
Words: 835 - Pages: 4
...Ethical Individual Ethical Situations Student Name CMGT 230 28 Sept 2015 Instructor Name Individual Ethical Situations The use of sensitive information at an organization comes with responsibilities that the users and security professionals need to be aware of. Without proper procedures, policies, and training this sensitive data could be breached and cause significant problems for the organization, users, or customers. As security professionals we need to ensure that all aspects of the security triangle are followed along with are organizations policies and procedures to ensure any breach or disclosure of data has minimal effects. One instance of sensitive information being mishandled is the case with classified information that was discovered on a home server of Hillary Clinton. To sum up the situation storage of the server was handed over to Clinton’s lawyer and a safe was put into place to store the material, but later the State Department deemed that the information on the server and the safe provided was not up to standards with the classification of the material on the server. The information was deemed to be higher than what initially it was stored at. This brings into call confidentiality of the CIA security triangle. This entire situation calls into play ethics of if and how classified documents are used and stored. Depending on the classification there are specific actions that need to be addressed before a site can...
Words: 913 - Pages: 4
...Case Study 1: Advanced Persistent Threats Keyth Lee Strayer University Online CIS 502 Dr. Emmanuel Nyeanchi January 22, 2014 Abstract This paper analyzes the 2011 APT Summit findings and the 2012 RSA Security Brief. It summarizes the findings of both of the aforementioned documents, examines several popular cyber attack methodologies, and describes various ways to respond to these attacks. It is interesting that both documents allude to the fact that persistence on the part of humans to “wreak havoc” is the root of most security threats. Additionally, both documents unambiguously assert that the most effective way to combat unwanted activity on networks is to share any data regarding network attacks and/or attempts to hack a system. Apparently, organizations are averse to such collaboration for fear of divulging unrelated, sensitive information or because of legal concerns. Not to mention that organizations are generally unenthusiastic about publicizing a network breech. Advanced Persistent Threats If you have ever had a pest infestation in the attic of your home, you will find the concept of “advanced persistent threats” easy to understand. Can you remember how the whole thing started with an intermittent “scratching” noise? Well, that was a persistent pest trying to gain access to your attic. Can you remember how the “scratching noise” gradually morphed into multiple “scratching noises”? Well, that was probably the pest inviting all of his friends after having...
Words: 1640 - Pages: 7
