Free Essay

Information Security Today

In: Computers and Technology

Submitted By jrayhan
Words 1130
Pages 5
1.Potential act of Human Error
Ans: An organisation can face information security breach from various sources. Employees and stakeholders are the threat agents closest to the organisational data. Employees uses data especially who are in an important role they can access all kind of data. Any mistake happens from employees can take the organisation losing its confidentiality, integrity. Now this kind of mistake happens sometimes intuitionally or accidentally. When an employee leaves classified data in unprotected manners can be treated as potential act of human error and attacker can take the privilege to breach the information security.

According to Whitman, M., & Mattord, H., “This is because employee mistakes can easily lead to the following: revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data in unprotected areas, and failure to protect information.”

Example: In April 1997, the core of the Internet suffered a disaster. Internet service providers lost connectivity with other ISPs due to an error in a routine Internet router table update process. The resulting outage effectively shut down a major portion of the Internet for at least twenty minutes. It has been estimated that about 45percent of Internet users were affected.
(Whitman, M. E., & Mattord, H.J. 2012, p59).

2. Compromises to intellectual property
Ans: According to Whitman, M., & Mattord, H., “Intellectual property is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments or permission, but should always include proper credit to the source. Intellectual property can be trade secrets, copyrights, trademarks, and patents.”
An organisation always takes permission from other organisation for using any kind of information or other materials. Without consent if somebody uses others property can create legal issues and mostly it happens in the software privacy. Lot of organisation do not purchase software according to the licence agreement.
For example: In an organisation a software can be used for certain number of computers and using more than that numbers can be compromising the intellectual property right of the software. An organisation can face major legal problem if it occurs anytime.

3. Deliberate act of theft
Ans: Deliberate act of theft means stealing another property without consent. Electronic theft cannot be controlled in many ways. For example: In an organisation if somebody want to steal valuable information sometime it can be prevented and sometime not. A lot of organization has information hole which can damage organisation privacy and cost millions. So it is very important to have organisation security in right hand and monitor employee, server data who is accessing what kind of information. A highly protected organisation always gives restricted access to the users.

4. Deliberate software attacks
ANS: Deliberate software attack uses unauthorised software to attack the system. This software is called malicious software. It can damage the computer system. The most common type of software attacks are virus or worm attack, Trojan horses, back doors and logic bomb.
Example: Prominent among the history of notable incidences of malicious code are the denial-of-service attacks conducted by Mafiaboy (mentioned earlier) on Amazon.com, CNN.com, ETrade.com, ebay.com, Yahoo.com, Excite.com, and Dell.com. These software-based attacks lasted approximately four hours, and are reported to have resulted in millions of dollars in lost revenue.9 The British Internet service provider Cloud nine is believed to be the first business “hacked out of existence” in a denial-of-service attack in January 2002. This attack was similar to denial-of-service attacks launched by Mafia boy in February 2000. (Whitman, M. E., & Mattord, H.J. 2012, p46).

5.Forces of nature
Ans: Forces of nature can occur anytime and destroy the computer system as well as security. These threats are such as fires, floods, earthquakes, and lightning. Forces of nature cannot be controlled but an organisation can take all kind of pre caution. Fire can damage computing equipment in the building and information security can be compromised. For example in the data centre server room has to be very cool and very equipped if it catch fire. Flood can affect the system operation which can cause severe damage to organization. Lightning, Hurricane, Tornado, Electrostatic Discharge can make severe damage to organisation system. Forces of nature can disrupt lives of individuals and storage, transmission and use of the information.

6. Potential deviations in quality of service from service providers
Ans: Information security is an important aspect of an organisation. An organisation has to consider lot of factors to have successful operation and best services to its users. If service providers don’t provide up to mark services according to the requirement can cause service related issues. It can lead an organisation to face huge loss and it can face legal issues.

According to Whitman, M., & Mattord, H., “Deviations in quality of service can result from incidents such as a backhoe taking out a fibre-optic link for an ISP. The backup provider may be online and in service, but may be able to supply only a fraction of the bandwidth the organization needs for full service.”

Power grids, telecom networks, parts supplier, service vendors are the part of the successful system. But from these services an organisation can be affected many ways. For example A data centre is highly dependent on right amount bandwidth from the service provider. Now if the vendor provides less bandwidth, it can cause serious problem for protecting data as well as organisation reputation.

7. Technical hardware failure
Ans: Technical hardware failure occurs due to manufacturer’s faulty equipment. This can affect the system to perform outside of expected parameters, resulting in unreliable service or lack of availability. There are many types of hardware problems that can cause security at the stake. Memory errors, System timing problems, resource conflict, power loss are common technical hardware problem.

Example: In September 2010, Virgin Blue's airline's check-in and online booking systems went down. Virgin Blue suffered a hardware failure, on September 26, and subsequent outage of the airline's internet booking, reservations, check-in and boarding systems. The outage severely interrupted the Virgin Blue business for a period of 11 days, affecting around 50,000 passengers and 400 flights, and was restored to normal on October 6 and Virgin lost $20M( Example retrieved from http://www.evolven.com/blog/downtime-outages-and-failures-understanding-their-true-costs.html at 13,2012).

Reference

Whitman, M. E., & Mattord, H.J. (2012). Principles of Information Security (4th ed.). USA: Course Technology, Cengage Learning.
System Outage Nightmare Example: Virgin Blue's Reservation Desk, Retrieved December 12, 2012 from
http://www.evolven.com/blog/downtime-outages-and-failures-understanding-their-true-costs.html

Similar Documents

Premium Essay

Csec 610

...------------------------------------------------- VULNERABILITES FACTING IT MANAGERS TODAY ------------------------------------------------- “THE HUMAN FACTOR” Alicia M. Frazier Abstract This paper will identify and give the proper knowledge about the single most important vulnerability that IT managers face today. It will provide significant evidence about reasons why it is the most vulnerable, its impacts on a organization, and how an organization can best address its potential impacts. “As human beings, we are vulnerable to confusing the unprecedented with the improbable. In our everyday experience, if something has never happened before, we are generally safe in assuming it is not going to happen in the future, but the exceptions can kill you and climate change is one of those exceptions”. -Al Gore What is Vulnerability? When you think of the word vulnerability what comes to mind? Although, definitions of Vulnerability may vary, Vacca (2013) defines the term as “an asset or a group of assets that can be exploited by one or more threats”. In the cyberworld vulnerability can be described as a weakness in a computer hardware or software, which could possibly become exploited. Most would consider vulnerability, as a threat as the approach in which vulnerability can be exploited through a potential cause of an incident. Today, processes and technology alone can’t assure a secure organizational atmosphere...

Words: 2316 - Pages: 10

Premium Essay

Csec Individual Assignment

...Solutions ……………………………………………………………….. 8 References …………………………………………………………………………………………………………………… 12 Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.). Before we get into the details let first examine what exactly is a security vulnerability. By definition a security vulnerability can be flaws in hardware, software, networks or the employees that use them which in turn can allow hackers to compromise the confidentiality, integrity and availability of the information system (“Common Cybersecurity,” 2011). To thoroughly discuss this topic in more detail I will first discuss...

Words: 2784 - Pages: 12

Premium Essay

It 294 Chapter 1

...challenges of securing information 2 Objective 2: Define information security and explain why it is important 3 Objective 3: Identify the types of attackers that are common today 5 Hackers 5 Script Kiddies 5 Spies 5 Insiders 5 Cybercriminals 6 Cyberterrorists 6 Objective 4: List the basic steps of an attack 6 Objective 5: Describe the five basic principles of defense 7 Layering 7 Limiting 7 Diversity 7 Obscurity 8 Simplicity 8 Works Cited 8 Chapter 1 Objectives To accomplish the learning objectives for Chapter 1: • I have read all of Chapter 1 in the course textbook (pages 1-39); including understanding the key terms on (pages 28-29). • I have read and answered all of the review questions on (pages 29-32), then compared my decisions with the solutions posted on Canvas, any incorrect answers I corrected and confirmed in the chapter. • I have read and worked through Hands-On Projects 1-1 through 1-4 to facilitate in achieving each of the stated learning objectives. • I have read, worked through and evaluated Case Projects 1-1 through 1-8 on (pages 36-38). • I have participated in all class presentations and discussions about Chapter 1 • I have read through and examined Chapter1 slide presentations. The learning objectives for this chapter are as follows: Objective 1: Describe the challenges of securing information To achieve this objective, I have read in the course textbook (pages 5-11) Challenges of Securing Information including reviewing...

Words: 3169 - Pages: 13

Premium Essay

Cyber Security and Its Challenges to Society

...------------------------------------------------- Cyber security and its challenges to society Final Project Report Group Members Abdul Majid Qayyum Umair Arshad Hasnat Ahmed Gulraiz Shabbir Contents Introduction: 3 Why is cyber security important? 4 The Impact of Cyber Security 5 The Cultural Impact 5 The Official Impact 5 The Solution Impact 5 Defining Cyber Security 6 Technology & Modern Life 6 What is Cyberspace? 6 What is Cyber Warfare? 6 Cyber is not Hype 7 What Cyber Security Isn’t 7 Cyber-crime 8 Types of Cyber-crimes 8 Hacking: 8 Theft: 8 Cyber Stalking: 9 Identity Theft: 9 Malicious Software: 9 Child soliciting and Abuse: 9 Cyber Bullying 10 Causes of Cyber-crime 10 History of Cyber-crime 10 Cyber-crime in Modern Society 11 Categories of Cyber-crime 11 Individual: 12 Property: 12 Government: 12 How to Tackle Cyber-crime 12 RECENT SURVEY ISSUES ON CYBER SECURITY TRENDS 14 Mobile Devices and Apps 14 Social Media Networking 14 Cloud Computing 14 Protect systems rather Information 15 New Platforms and Devices 15 Everything Physical can be Digital 15 Survey Questions 16 Conclusion 16 Cyber Security and its Challenges to Society Introduction: Over the past several years, experts and policy makers have expressed increasing concerns about protecting internet from cyber-attacks—deliberate attempts by unauthorized persons to access. Many experts expect the number and severity of cyber-attacks to increase over the next several years...

Words: 3707 - Pages: 15

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see them...

Words: 1422 - Pages: 6

Premium Essay

Network Security

...this exploitation, companies subject themselves to lawsuits from their own customers. These companies often are ignorant of the simple fact that they have been exploited until customers report the issues to these companies and corporations. Many times, more than thirty days goes by before someone alerts the company of a possible security breech. Cost of an electronic exploit can be greater than a million dollars per incident as reported by the FBI. This information is found in the FBI’s (Federal Bureau of Investigation) report of cyber threats in the United States. In order to help counterbalance this, smaller to midsized companies could spend less than $5,000 to harden their systems and operating systems to put a statefull firewall in place. As stated in this paper, these companies often lack the resources, materials and funds to do so. With the FBI report showing reported incidents, there are thousands of incidents that go unreported. Often these incidents are yet to be discovered. With this number of small to mid-size corporations ignoring or slowly implementing security measures, more and more electronic computer crimes are beginning to take place throughout the U.S. With extortion now moving into the digital age, many corporations do not report intrusions to law enforcement in order to avoid negative publicity. Reports of an intrusion could directly have a negative effect on the company’s sales and position in a global competitive market. Approximately 35% of...

Words: 2166 - Pages: 9

Premium Essay

Intro to Computer Security Chap 2 Review Questions

...Why is information security a management problem? What can management do that technology cannot? Both management and IT management are responsible for the protection necessary to secure information. They are the ones who make the decisions regarding the appropriate security system and what level of security will work for the system. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important because it keeps a record of all changes and activity. Without data, the company or organization may fail because they have no records, and therefore be of no good use. 3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function? General Management and IT Management are responsible because it has to be set up for that specific system. If one part fails, then they are the ones to fix it and make it usable 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking has caused more risk for businesses using information technology because it made it much easier for attackers to breach the security systems. They are even more of a target with the internet connection. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. Information extortion is where information is taken...

Words: 1293 - Pages: 6

Premium Essay

Se571 Course Project Phase I

...SE571 Course Project Phase I Professor Wagner November 13, 2011 Security Assessment: Course Project Phase I Introduction This report focuses on a security assessment of Aircraft Solutions (AS), which is a well-known leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Headquartered in Southern California, AS depends heavily on its highly trained workforce, with a large skill base, that is beneficial for the company’s production. The goal of this report is to identify potential vulnerabilities or threats within the operations at AS while identifying their risks and consequences to the firm. Security Weaknesses Given the three areas if investigation for potential weaknesses to the security of AS, hardware, software and policy, In terms of AS assets and how they will be affected if a security threat is placed, I have concluded that one of its major assets is its Business Process Management Hardware (BPM), which handles end-to-end processes that deal with multiple systems and organizations. AS’s operations rely on this system to connect customers, vendors, and suppliers. If affected by a security threat, AS would not be able to function as usual and information could be potentially harmed. Therefore, I have decided to focus this assessment on the areas of hardware and policy. For instance, in the area of hardware it is noticeable in the network infrastructure that there...

Words: 1296 - Pages: 6

Free Essay

Enterprise Security Services

...SECTION ONE INTRODUCTION BACKGROUND OF STUDY In years past, when enterprises were starting, it suffered data lose and information retrieval was difficult since there was no strong security service to protect already gathered information. Production, distribution and some other functions were very difficult to achieve due to weak security services but as the days passed by enterprise has struggled to secure its services and with the aid of growth in technology and programming enterprise services has reached a reasonable degree in achieving its dream by protecting its services from harm. An enterprise is an activity or a project that produces services or products. There are essentially two types of enterprise, business and social enterprises. Business enterprises are run to make profit for a private individual or group of individuals. This includes small business while social enterprise functions to provide services to individuals and groups in the community. These shows that an enterprise security service is a form of protecting the services or the product of individuals and groups in the community from harm (preventing unauthorized users from gaining access). Enterprise now uses Biometric, Encryption and some others forms of security to form the backbone of its services. The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics refers to the automatic identification of a person based on...

Words: 4428 - Pages: 18

Premium Essay

Project

...ABSTRACT An organization’s information security program needs structure in order be successfully to protect its sensitive/confidential data from falling into the hands of its adversaries. There are many methods available to an adversary for breaching an Information System security protection barrier in any organization today. One of the main goals of adversaries is to obtain data illegally from an organization or user. A data breach may occur when there is a loss, theft, or other unauthorized access to data containing sensitive material that results in the potential compromise of the confidentiality, integrity, or availability. “An information security program begins with policy, standards, and practices, which are the foundation for the information security architecture and blueprint. In order for an organization’s information security program to succeed. It will need to “operate in conjunction with the organization’s established security policy.” (Whitman & Mattord, 2012) This case study will discuss the legal environment for an organization, which includes policies, regulations, and laws. Also, it will illustrate how these factors impact an organization to ensure the confidentiality, integrity, and availability of information and information systems. Foremost, in any organization, confidentiality, integrity, and availability (CIA triad) is the model which is supposed to guide information security policies that are established. Policies play an important role in any...

Words: 1779 - Pages: 8

Premium Essay

Multi Layered Systems.

...Security Domains and Strategies, Project 1 Nearly all businesses today are connected to the Internet. This detail makes any company, large or small, a target for hackers, network attacks and malware. The largest security threat to any company today is internal, and specialists in the field suggest you protect your company by layering components in a full security strategy that includes technology, policies, procedures, and best practices. The fact is that small businesses today face the same basic data protection challenges as large businesses. The dangers and potential costs of unprotected data can be catastrophic. By layering security using complementary technologies, your small to mid-sized business IT services can address all of the threats it faces. Needless to say, IT support is unquestionably needed for business data protection. It is highly recommended that you pick a company that truly understands the needs of a small business. The great thing today is that it is not necessary for IT technicians to be on site in order to service your IT network. Whether the security threats are malicious or due to inadvertent employee error, the results are the same: loss of revenue and productivity, and potential liability for the company. What Are the Questions? As organizations begin to build their incident response capability, they are looking to determine the best strategy for putting such a structure in place. They not only want to know what has worked well for others, but...

Words: 394 - Pages: 2

Premium Essay

Bpo Cyber Security

...Network Security In Business Process Outsourcing Information Technology Essay The issue of information security and data privacy is assuming tremendous importance among global organizations, particularly in an environment marked by computer virus and terrorist attacks, hackings and destruction of vital data owing to natural disasters. The worldwide trend towards offshore outsourcing of processes and IT services to remote destinations, leading to the placing of valuable data and information infrastructure in the hands of the service providers, is also creating the need for information security solutions that will protect customers' information assets. As crucial information of a financial, insurance, medical and personal nature begins to get handled by remotely located offshore outsourcing service providers, there is a growing concern about the manner in which it is being collected, stored and utilized. Components of security The concept of information security is centered around the following components: · Integrity: gathering and maintaining accurate information and avoiding malicious modification · Availability: providing access to the information when and where desired · Confidentiality: avoiding disclosure to unauthorized or unwanted persons. Indian IT and ITES-BPO service providers today have the responsibility of not just protecting their own internal information, but also that of their customers, who trust them with crucial organizational data. A service providers own...

Words: 1616 - Pages: 7

Premium Essay

Private and Public Sector Cyber Security Needs

...towards a technology-centered society, both public and private sectors have to keep up with and evolve just as quickly, while trying to be proactive when it comes to security. The world today is not as safe as it once was, and as it changes to a more paperless, technological-based society, access to information is becoming increasingly accessible. With this, cyber-attacks and security breaches have become a significant risk of doing business. As hackers, botnets, and various other cyber-based threats have become progressively more malicious and continue to attack organizations and governments alike, a prevailing question is how to unite the public and private sectors so that they can evolve to defend against that which they cannot see. Introduction Today's reality is rapidly advancing into a world that depends exclusively on technology as an approach to work together and connect. With this move towards a technology-focused culture, both government and private sectors are needing to stay aware of and develop almost as fast, while attempting to be proactive in the matter of security. The world today is not as protected as it once seemed to be, and as it changes to a more paperless, computer-oriented culture, access to more and more data is getting to be progressively available. With this, cyber threats and security breaches have turned into a critical danger of working together. As hackers and different other digital based dangers have...

Words: 2198 - Pages: 9

Free Essay

Professional Knowledge and Abilities

...career success. Many jobs today are requiring college degrees, even for positions that did not require it in the past. People must continue to achieve higher levels of education and skills to be competitive in the workforce. By developing personal skills and increasing professional knowledge, people are more likely to reach their professional goals. The skill and knowledge that one develops are an essential for career success. “The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. The primary goal of the Information Systems Security Association is to promote management practices that will guarantee the confidentiality, integrity, and availability of information resources” (ISSA Information and Systems Securities Association, 2010). The Information Systems Security Association promotes the education and expands the knowledge and skills of its members. Members exchange free information on security techniques and problem-solving. All members are kept up-to-date on current events in information and security through communication provided by the Information Systems Security Association. The importance of establishing controls necessary to guarantee the secure organization and use of information processing resources is...

Words: 598 - Pages: 3

Premium Essay

Hello Hello

...Principles of Information security textbook problems Chapter ... www.cram.com/.../principles-of-information-security-textbook-problems... Study Flashcards On Principles of Information security textbook problems Chapter 1 & 2 at ... What is the difference between a threat and a threat agent? A threat ... 01_Solutions - Principles of Information Security, 4 th Edition ... www.coursehero.com › ... › ISIT › ISIT 201 Unformatted text preview: Principles of Information Security, 4 th Edition Chapter 1 Review Questions 1. What is the difference between a threat agent and a ... Chapter 1-Introduction to Information Security Principles of ... www.termpaperwarehouse.com › Computers and Technology Jun 16, 2014 - Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an ... Category:Threat Agent - OWASP https://www.owasp.org/index.php/Category:Threat_Agent May 15, 2012 - The term Threat Agent is used to indicate an individual or group that can ... Organized Crime and Criminals: Criminals target information that is of value ... Threat Risk Modeling is an activity to understand the security in an application. ... NET Project · Principles · Technologies · Threat Agents · Vulnerabilities ... Threat (computer) - Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Threat_(computer) A more comprehensive definition, tied to an Information assurance point of view, can be found ... National...

Words: 598 - Pages: 3