Free Essay

Assignment 2: Critical Infrastructure Protection

In:

Submitted By bbraxtonjr
Words 1124
Pages 5
Assignment 2: Critical Infrastructure Protection
Benard Braxton, Jr.
Dr. Bouaffo Kouame
CIS 502 – Theories of Security Management
May 17, 2015

The Department of Homeland Security’s vison is to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards (DHS, 2015). To achieve this vision there are three key concepts that creates the foundation of our national homeland security strategy. They are security, resilience, and customs and exchange (DHS, 2015).
These key concepts drive wide-ranging areas of action that the Quadrennial Homeland Security Review process describes as homeland security missions. These missions are not restricted to the Department of Homeland Security. These objectives and goals says what it means to prevent, to protect, to respond, and to recover. They also shows how build in security, to ensure resilience, and to facilitate customs and exchange (DHS, 2015).
There are thousands of people from across the all over the country who are responsible for executing these missions. These are the people who interact with the public, are responsible for security and public safety, operate our country’s critical services and infrastructures, develop technology, perform research, watch, prepare for, and respond to emerging disasters and threats (DHS, 2015).
The five homeland security core missions are to prevent terrorism and enhancing security; secure and manage our borders; enforce and administer our immigration laws; safeguard and secure cyberspace; ensure resilience to disasters; and focus on maturing and strengthening the homeland security enterprise (DHS, 2015).
The responsibilities of the Department of Homeland Security is to ensure the security and safety of the United States against terror attacks and disasters. After the terrorist attacks of September 11, the Department of Homeland Security has focused on preparations to deal with terrorism as well as to manage emergency management, customs, and border security (Wallechinsky, 2015).
Without money, food, drinking water, or electricity, society would shut down. So emergency and intelligence services, business enterprises, and public bodies are working together closely to protect these needed services, goods and processes. They increase the knowledge about how important sectors are interdependent, improve security against theft or sabotage, organize for a flu pandemic, continuity plans help critical sectors continue operating; cooperate more closely with current sectors and the police and safety regions (Protecting critical infrastructure, 2015). The Department of Homeland Security conducts evaluations on communities and infrastructure to help local government officials and businesses make decisions about the location of resources to improve security before an incident and recovery after an incident. The Department of Homeland Security also works with communities and businesses with limited resources to offer training and other tools to instruct the broader community on the need for critical infrastructure resilience and security, and to improve their current efforts (What We Do, 2015).

Our country’s safety relies upon resilient and secure critical infrastructure. The National Infrastructure Protection Plan (NIPP) outlines how private sector and government participants in the critical infrastructure community collaborate to achieve security, manage risks and resilience outcomes (National Infrastructure Protection Plan, 2013). NIPP offers a modernized approach to critical infrastructure resilience and security, focuses on integration of physical and cyber security efforts, a closer arrangement to national preparedness efforts, focus on cross jurisdictional and cross sector coordination to achieve better results, integration of information-sharing as an important element of the risk management framework, identifies the key role and knowledge of critical infrastructure operators and owners, integrates hard work by all levels of government, nonprofit, and private sectors by offering an inclusive partnership framework and identifying exclusive capabilities each participant brings to the national effort, replicates today’s integrated all-hazards environment, grounded in existing policy and business principles, and pushes action in the direction of long-term improvement (National Infrastructure Protection Plan, 2013).
The National Institute of Standards and Technology (NIST) is a federal agency under the sponsorship of the Undersecretary for Technology. It is concerned with developing technology and maintaining measurement standards to improve promote commerce, productivity, and improve the quality of life in the U.S. NIST oversees four major cooperative programs. The NIST Laboratories advances the national technology infrastructure. The Baldridge National Quality Program was created to boost distinction among United States manufacturers, health-care companies, service providers, and educational institutions. The Manufacturing Extension Partnership is a network of local centers that helps small manufacturers. The Advanced Technology Program function is to promote development and research of new technologies in the private sector (Knight, 2004).

Recreational hackers. For an unknown amount of people, attaining unauthorized access to communication systems and information is a most captivating and challenging incline. Often they purposely organize for their activities to be seen even while hiding their exact identities. While their drives do not include actual disturbance of service, the tools and techniques they perfect among their community are accessible to those with hostile intent (Sikich, 2008).
Criminal activity. Some are interested in personal monetary gain through manipulation of financial information, credit accounts or stealing services. In comparison to some hackers, these criminals usually hope their actions will never be detected, much less accredited to them. Organized crime groups may be interested in direct financial gain, terrorism, or acquiring national intelligence (Sikich, 2008).
My three suggestions to improve protection of the critical infrastructure would be to test, train and implement. The U.S.’s critical infrastructure, should be tested regularly to ensure that the proper countermeasures are taken in the event of a catastrophic disaster. Another option would be to get the appropriate personnel training. By having more individuals aware of the signs leading up to a disaster, this can in turn prevent disasters from happening. The last option would be to implement necessary improvements to the infrastructure. Each day there are more threats being created as well as improvements. By staying up to date and making implementations as new challenges arise allows users to be ahead of many attacks and adaptable to the newer threats.

References
DHS (2015) Our Mission. U.S. Department of Homeland Security. Retrieved from: http://www.dhs.gov/our-mission
Knight, Judson (2004) NIST (National Institute of Standards and Technology), United States Retrieved from: http://www.encyclopedia.com/topic/National_Institute_of_Standards_and_Technology.as px
National Infrastructure Protection Plan (2013) U.S. Department of Homeland Security. Retrieved from: http://www.dhs.gov/sites/default/files/publications/NIPP-Fact-Sheet- 508.pdf
Protecting critical infrastructure. (2015) Retrieved from: http://www.government.nl/issues/crisis-national-security-and-terrorism/protecting- critical-infrastructure
Sikich, Geary W. (2008) Critical Infrastructure Vulnerability: Retrieved from: http://cool.conservation-us.org/byauth/sikich/elements.html
Wallechinsky, David (2015) Department of homeland security. All Gov Retrieved from: http://www.allgov.com/departments/department-of-homeland- security?detailsDepartmentID=571
What We Do (2015) U.S. Department of Homeland Security. Retrieved from: http://www.dhs.gov/what-we-do

Similar Documents

Premium Essay

Assignment 2 Critical Infrastructure Protection

...Assignment 2: Critical Infrastructure Protection Strayer University Introduction In the wake of a terrorist attack, natural disaster, or emergency, the Department of Homeland Security (DHS) is prepared to respond.   DHS primary responsibilities are combatting terrorism, securing boarders, enforcing immigration laws, safeguarding cyberspace, and responding to natural disasters. Coordination with the federal response teams and partnerships with local, state, and private sectors, enhance the DHS response tactics in a national emergency. Department of Homeland Security Mission, Operations, and Responsibilities The Department of Homeland Security’s mission is to keep America safe, protected, and resilient from various elements that threaten the country.  As identified by (dhs.gov, 2013) DHS has three key concepts that strategies are based upon security, resilience, and customs and exchange.  The process that defines homeland security missions and incorporates the key concepts is the Quadrennial Homeland Security Review (QHSR). DHS missions are spread across the enterprise and do not only cover DHS.  The delegated missions define in detail how to prevent, protect, respond, recover, secure, ensure resilience, and facilitate customs and exchange as noted by (dhs.gov, 2013).     Department of Homeland Security operations encompass five core objectives.  The objectives covered under DHS are prevention of terrorism and enhancing security; secure and manage our boarders; enforce and administer...

Words: 1685 - Pages: 7

Free Essay

Cis 502 Critical Infrastructure Protection

...CIS 502 Critical Infrastructure Protection Click Link Below To Buy: http://hwaid.com/shop/cis-502-critical-infrastructure-protection/ Due Week 6 and worth 50 points Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. The following documents titled, “National Infrastructure Protection Plan”, and “Critical Infrastructure Protection”, may be used to complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the Department of Homeland Security’s : a. mission b. operations c. responsibilities 2. Explain what Critical Infrastructure Protection (CIP) initiatives are, what are protected, and the methods used to protect our assets. 3. Describe the vulnerabilities IS professionals need to be concerned with when protecting the U.S.’s critical infrastructure. 4. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure. 5. Suggest three (3) methods to improve the protection of our critical infrastructure and justify each suggestion. 6. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times...

Words: 1288 - Pages: 6

Premium Essay

Information Security

...IT255 11/29/2011 Research Assignment 2 A sound security plan is the first step towards a multi-layer defense. To develop a plan, the company must access its most important assets; identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan in action. Emails are prime examples. It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting emails against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies. These antivirus and antispyware software, content filtering, and firewalls. Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop. The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution work together with the email program to provide a greater degree of protection against malicious code...

Words: 1445 - Pages: 6

Premium Essay

Meow Investments Meow Documents

...Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability (CIA) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure  Common threats for each of the seven domains  IT security policy framework  Impact of data classification standard on the seven domains Reading  Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work:  Data Classification Standard  Information System  Information Systems Security  Layered Security Solution  Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes  You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions. Assignment Requirements This is a matching activity. You will receive the Match Risks/Threats...

Words: 1409 - Pages: 6

Premium Essay

Organizational Risk Appetite and Risk Assessment

...Assignment 2: Organizational Risk Appetite and Risk Assessment Due Week 4 and worth 70 points Imagine you have just been hired as an Information Assurance Officer and the leader of business impact analysis (BIA) and risk assessment team for a video game development company. The organization network structure is identified in the network diagram below and specifically contains: •2 firewalls •3 file servers •1 Web / FTP server •1 wireless access point (WAP) •1 exchange email server •100 desktop / laptop computers •1 Network Intrusion Detection System (NIDS) •In-house PKI environment •2 Windows 2008 Active Directory Domain Controllers (DC) •VoIP telephone system Description: Network The Chief Information Officer (CIO) has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requests your help. Write a three to five (3-5) page paper in which you: 1.Conduct an organizational business impact analysis (BIA) and determine which information assets need to have a risk assessment performed. 2.Conduct an organizational risk assessment and provide an initial report that includes the following: 1.Identify information assets and prioritize identified assets. 2.Define risks and prioritize the risks. 3.Identify the critical asset(s) and its associated...

Words: 539 - Pages: 3

Free Essay

Security

...nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and infrastructure In simple way, we can say that threat actor is the person who does the attack while the threat action is how this attack assaults the system 2. What were the vulnerabilities that the Threat exercised? The most recent use exploits are : 1. Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779) 2. Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) 3. Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889) 4. Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) The attackers gained access to the source code or reserve-engineered to those complied applications. Then use them to hit the targeted victim. 3. Was the attack on Confidentiality, Integrity, and/or Availability? Please provide an explanation for your response. I believe that this attack on confidentiality because the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists and this leads to disclosure of data to non-authorized users so it violates the confidentiality 4. What was the attacker's profile based on the definitions provided on the Week 2 lecture material? Based on information provided in the Elderwood Project I categorized this attacker’s profile as a Nation...

Words: 671 - Pages: 3

Premium Essay

Star Gazer

...Assignment: Improving Security through Layered Security Control Learning Objectives and Outcomes * Analyze the given case study to evaluate how information technology (IT) security can be improved through layered security control. Assignment Requirements Read the text sheet named “Global Access Control Case Study” and prepare a report capturing the following points: * Synopsis of the given case problem * Analysis of the strengths and weaknesses of the steps taken by the organization * Assessment of access control/IT domains given in the business problem for data confidentiality, integrity, and availability * Evaluation of how layered security proved to be a positive solution in the given problem, including the impacts of layered security In addition, your report must also include answers to the following questions: * What is the significance of compliance and financial reporting from an insecure system? * What influence did the risk management process have in Global fulfilling its goals? * What is the significance of remote external access into the Global network? * What are the other tools comparable to the ones used by Global to solve their internal problems? Required Resources * Text sheet: Global Access Control Case Study (ts_globalcasestudy) Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: APA * Length: 1–2 pages Self-Assessment Checklist ...

Words: 1445 - Pages: 6

Premium Essay

Infrastructure and Systems Implementation Plan

...Infrastructure and Systems Implementation Plan Sabrenna Anderson Kaplan University Primary Contact | Name | Rosanne Moran | | Phone | 732-930-3800 | | Email | rmoran@wint.net | Backup Contact | Name | Sabrenna Anderson | | Phone | 732-656-3575 | | Email | sanderson@wint.net | Proposal Type | Idea To Be Explored Potentially Identified Solution | Project Type | New Project Enhancement to Existing or Former Project | Working Title of Project | Infrastructure and Systems Implementation Plan | Project Sponsors | WInt IT department, Rosanne Moran, IT Director. | ------------------------------------------------- ------------------------------------------------- Introduction Widgets International, Inc. currently consists of Widgets USA, LLC and Widgets-R-Us, LTD. Combined Widgets International, Inc. has 50 years of experience in providing function critical assembly and machinery solutions. WUSA has cornered the Business to Business market while WRU has grown in leaps and bounds in the retail market. Together as Widgets International, Inc., they stand to increase their market share substantially by creating and offering innovative and cost effective assembly solutions globally. (Anderson, Unit1, 2014) ------------------------------------------------- ------------------------------------------------- Purpose and Justification This proposal will explore the requirements for the application and implementation of an easily manageable information...

Words: 2927 - Pages: 12

Premium Essay

Brief for the New Cso, Which Will Provide Her with the Basics of Cyber Security, Acquaints Her with the Current Threats Facing Your Organization's Data Infrastructure, and the Legal Issues Related to Protecting the Enterprise.

...the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide. From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the...

Words: 5499 - Pages: 22

Premium Essay

Business Continuity Planning

...BCP INTERNAL ASSIGNMENT Anirudh 1. Asset – People, property, and information.  People may include employees and customers along with other invited persons such as contractors or guests.  Property assets consist of both tangible and intangible items that can be assigned a value.  Intangible assets include reputation and proprietary information.  Information may include databases, software code, critical company records, and many other intangible items. An asset is what we’re trying to protect. Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. A threat is what we’re trying to protect against. Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. A vulnerability is a weakness or gap in our protection efforts. Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. Risk is the intersection of assets, threats, and vulnerabilities. A + T + V = R That is, Asset + Threat + Vulnerability = Risk. Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, you can have a vulnerability, but if you have no threat, then you have little/no risk. Impact is the total profit/loss which is obtained through...

Words: 882 - Pages: 4

Premium Essay

Nt1330 Unit 2 Assignment 1

...Assignment 2 Ebtesam Falah Alhajri, 2120007594, G:1 Write down detailed answers to following questions. At least write 250 words for each question. All assignments will be evaluated with plagiarism software and submissions having a similarity rate of more than 35% will be awarded 0 marks. While answering the questions use the rules of scientific writing such as in-text citations, paraphrasing etc. Maximum Marks=5 Due Date: 23 November 2016 1. The web services model involves managing and performing all types of business processes and activities through accessing web-based services rather than running a traditional executable application on the processor of your local computer. Debate on this statement by discussing...

Words: 1271 - Pages: 6

Premium Essay

Hoan My Hospital's Expansion Plan in Cambodia

...RMIT International University Vietnam Bachelor of Commerce Program Assignment Cover Page Subject Code: BUSM3311 Subject Name: INTERNATIONAL MANAGEMENT Location & Campus (SGS or HN) RMIT SGS Campus where you study: Title of Assignment: Report Proposal File(s) Submitted: BUSM3311_G4_A1_s3192820_PhanThu yChau Student names: Phan Thuỵ Châu Student Numbers: s3192820 Lecturer and Group number: Mr. Dung Huynh Group 4 Assignment due date: 5pm 23rd March 2012 Date of Submission: 22nd March 2012 Late Submission Approval: NI Number of pages including this one: 12 pages Word Count: 1099 (Main Content) BUSM3311 – International Management [REPORT PROPOSAL] Table of Contents A. Objective.............................................................................................................................................................3 B. Potential Market Analysis ........................................................................................................................4 C. Business Model ...............................................................................................................................................5 1. Foreign Acquisition: ...................................................................................................................................5 2. Going alone: Greenfield Entry:...............................................................................................................6 D. Environmental Issue ..........

Words: 1833 - Pages: 8

Premium Essay

Cyber Security

...or a component of a threat. For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. 2. What is the difference between vulnerability and exposure? Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and published; others remain latent (or undiscovered). Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The organization needs to have clear parameters and set regulation when it comes to the protection of itself. Clear goals and objectives when it comes to protection will lead to a better protection on regards to the information security. 4. What type of security was dominant in the early years of computing? Early security was entirely physical security. - EX: Lock and Key 5. What are the three components of the C.I.A. triangle? What are they used for?...

Words: 894 - Pages: 4

Premium Essay

NT1330 Unit 1 Assignment

...PA018 ADVANCED TOPIC IN INFORMATION TECHNOLOGY SECURITY ASSIGNMENT-2, PART 1 1.1 Describe a system of your choice (can be a standalone computer with peripherals or small network) so that this description can be used for further discussion of risk assessment and choice of countermeasures. Solution: The system which we can consider for this description is Hospital’s Patient’s Data Management System. INTRODUCTION In medical practice patients are required to share their health information(data) regarding their symptoms, conditions, and past and present risk behaviors. Based on this information the doctor’s provide necessary treatments. These information(data) provided by the patient and the treatment provided by the doctor is required to...

Words: 1097 - Pages: 5

Premium Essay

Cloud Computing

...Amazon Simple Storage Services (Amazon S3), and RightScale. Examine the security concerns for cloud-based services and make suggestions to cope with these concerns. Assess possible scalability, reliability, and cost issues associated with cloud computing, and make suggestions to overcome each of these issues. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Cloud Computing, an Internet-based computing in which large groups of remote servers are networked so as to allow sharing of data-processing tasks, centralized data storage, and online access to computer services or resources (http://dictionary.reference.com/browse/cloud+computing). The cloud computing is roughly in Iaas, PaaS, SaaS these 3 categories, but they all have a common principles which are to use pays principle of how much is how many. It is not the same way as traditional building to purchase the largest estimates of the number of users’ hardware resources. Therefore, the cloud computing also has environmental protection significance. However, how effective and full use of maximum resources in the cloud computing is a desirable subject for discussion. The study suggests use of the working scheduling models to improve the resource allocation in the cloud computing, however, the cloud computing and distribution of resources is more responsive application needs to be time and resources optimal applications...

Words: 1464 - Pages: 6