...THREAT FRAMEWORK Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. Currently, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. The ISF’s Information Risk Analysis Methodology (IRAM) enables organizations to access business information risk and select the right set of security controls to mitigate that risk. IRAM2 Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management by developing best practice methodologies, processes and solutions that meet the business needs of its Members. ISF aims its products at large public and private sector organizations, and produces an annually updated Standard of Good Practice for Information Security. This approach has three phases: a business impact assessment which determines the security requirements of the business, a threat and vulnerability...
Words: 2215 - Pages: 9
...A Case Study on How to Manage the Theft of Information Robert M Polstra III Kennesaw State University 2004 Westwood Rd Smyrna, GA 30080 404-641-8937 rpolstra@hotmail.com ABSTRACT 1. INTRODUCTION This paper shows the importance that management plays in the protection of information and in the planning to handle a security breach when a theft of information happens. Recent thefts of information that have hit major companies have caused concern. These thefts were caused by companies’ inability to determine risks associated with the protection of their data and these companies lack of planning to properly manage a security breach when it occurs. It is becoming necessary, if not mandatory, for organizations to perform ongoing risk analysis to protect their systems. Organizations need to realize that the theft of information is a management issue as well as a technology one, and that these recent security breaches were mainly caused by business decisions by management and not a lack of technology. After counter-terrorism and counter-intelligence, cyber crime is the third highest priority for the U.S. Federal Bureau [4]. With the rise of the theft of information and the lure of big profits for this stolen information, it is necessary for information systems to have the ability to protect this valuable asset. It is estimated that a credit card number unsupported by any other documentation is worth $10, and a credit history report retails for $60 [2]...
Words: 3469 - Pages: 14
...large involvement of the church within the community influences others to gravitate towards HHH for their involvement in volunteer services. HHH works with individuals to provide them with job opportunities, food, shelter, clothing, educational assistance, and more. With this, certain frameworks should be observed and used. The NIST framework will instruct the organization on the development of controls and their benefits. The assets of the organization are the systems, network, employee and volunteer personal identifiable information (PII), and instruments. The main location of the church is also a critical asset for the organization due to it being the primary place that is used for meetings and other functions. Any attempt to defile or damage these materials can result in an interruption in the organizations operations, but the degrees vary. To protect the systems, network, PII, and instruments, certain systems must be in place. Systems should require authorization to ensure that they cannot be accessed by others without proper credentials. Each individual should have their own credentials to access systems and use Two-Factor Authentication to log into services connected to the cloud. Applications must be checked prior to going live on Sundays to ensure they have not been tampered with and are still secure. Network segmentation should also be implemented to prevent access to the network by threat actors. With network segmentation, if Internet-of-Things devices are used in the...
Words: 3281 - Pages: 14
...TFT2 Cyber Law Task 4 Jordan Dombrowski Western Governors University Situation Report It has come to my attention from the security analysts of VL Bank and victims that commercial customers of VL Bank have been involved in identity theft and fraud. Multiple user accounts were created without authorization claiming the identity of our customers. These fake accounts were used to make twenty-nine transfers of $10,000 each, equaling $290,000. The bank transfers were being sent to several U.S. bank accounts of unknown individuals. The U.S. banks involved in the transfers were Bank A in California, Bank B in New York, Bank C in Texas, and Bank D in Florida. After the funds were transferred to one of these banks, the funds were automatically transferred to several international bank accounts located in Romania, Thailand, Moldavia, and China. After further analysis we discovered that the banks affected customers all used computers infected with a keystroke logger virus that collected usernames, passwords, account numbers, personal identification numbers, URL addresses, and digital certificates. The computers infected did not have an anti-virus or security software of any type installed. Additionally, these customers have reported that they have been frequently experiencing spear phishing attacks, which is most likely the way that the keylogging virus software was installed. Finally we concluded that our banks systems have not been breached and no customer data has been...
Words: 3994 - Pages: 16
...E-SECURITY REVIEW 2008 Submission from Microsoft Australia Introduction Microsoft Australia welcomes the opportunity to participate through this Submission in the Whole-of Government Review of E-Security. A periodic review of the E-Security framework, in light of the quickly evolving threat landscape, is both timely and appropriate. Over the last thirty years there have been dramatic advances in information technology - the development of the microprocessor, the rise of the personal computer, the emergence of the Internet - which have revolutionised the way information is created, stored, shared, and used. Today, powerful, affordable and diverse devices, together with expanding broadband networks, create a powerful opportunity for connectivity for individuals and communities. Over the past two decades, rapid advances in software, IT services, and communications have enabled many traditionally separate and disparate infrastructures and business operations to become more connected. Through this connectivity virtually every aspect of society has experienced a transformation. Businesses and governments have been able to manage and streamline their operations. Individuals have been offered ready access to multiple sources of information thereby expanding knowledge and choice. Across every field of endeavour – commercial, social, scientific and philanthropic – the power of information has been increased and the transaction costs of engagement have been lowered. Our broad reliance...
Words: 13936 - Pages: 56
...2013 7/15/2013 ORGANISATIONAL PROFILE History New India Assurance India Limited, incorporated on July 23rd 1919 was founded Sir Dorab Tata who was a founding member of The House of Tata’s. I got further nationalized in the year 1973 with merger of Indian companies. Present Position New India Assurance India Limited has vast presence all over the country and it is also doing remarkably high business. The company’s gross premium (in India) has increased tremendously over the years 2010-2012. It was Rs. 8542.86 crores in the year 2011-2012, as against Rs. 7097.14 crores in the year 2010-2011. Also, the company’s total assets are as high as Rs. 42162.74 crores as on 31st March 2012. The company has an extensive network of offices covering each and every state and other regions of India as shown in Figure1. . Figure 1.New India Assurance India Limited presence all over the country. Such large and extensive network makes NIA Rank No. 1 in the Indian market. Not only this, the company is also the largest Non-Life insurer in Afro-Asia excluding Japan. It is infact also the first Indian non-life company to reach Rs. 10073.88 crores Gross Premium. International Presence NIA also provides global Re-insurance facilities. It has its over-seas presence in countries like Japan, U.K, Middle East, Fiji and Australia. Overseas operations commenced in 1920. The company has operations in 20 countries in the year 2011-12 which spans through a...
Words: 14892 - Pages: 60
...Michigan Technological University Information Security Plan The Information Security Plan establishes and states the policies governing Michigan Tech’s IT standards and practices. These policies define the University’s objectives for managing operations and controlling activities. These top-level policies represent the plans or protocols for achieving and maintaining internal control over information systems as well as compliance with the requirements imposed on the University. INFORMATION SECURITY PLAN Approval by Information Security Board of Review Members Information Security Plan Rev: 3 – 10/13/2011 Page 1 Information Security Plan Table of Contents 1 2 3 4 5 6 7 8 EXECUTIVE SUMMARY ................................................................................................................. 4 PURPOSE............................................................................................................................................. 4 SCOPE .................................................................................................................................................. 5 DEFINITIONS ..................................................................................................................................... 5 IT GOVERNANCE COMMITMENTS & RESPONSIBILITIES .................................................. 6 UNIVERSITY POLICY STATEMENT .........................................................................................
Words: 10423 - Pages: 42
...management system will be influenced by the varying needs of an organization, its particular objectives, its products and services, and the processes and specific practices employed. This Standard should be applied at all stages in the life of an activity, function, project, product or asset. The maximum benefit is usually obtained by applying the risk management process from the beginning. Often a number of discrete studies are carried out at different times, and from strategic and operational perspectives. 2. Duty of care: is a legal obligation which is imposed on an individual requiring that they adhere to a standard of reasonable care while performing any acts that could foreseeably harm others. It is the first element that must be established to proceed with an action in negligence. The claimant must able to show a duty of care imposed by law which the defendant has breached. In turn, breaching a duty may subject an individual to liability. Company law: is the study of how shareholders, directors, employees, creditors, and other stakeholders such as consumers, the...
Words: 1736 - Pages: 7
...Home Depot Data Breach Background on the 2014 Home Depot Data Breach Home depot was the target of a cyberattack on their information system infrastructure that lasted from April of 2014 to September of 2014. As a result of the attack and following data breach, 56 million credit-card accounts and 53 million email addresses were stolen. (“Home Depot Hackers Exposed 53 Million Email Addresses”) The cyberattack involved several steps. First, the attackers gained third party credentials allowing them into the system. Next they exploited an unknown weakness in the system that allowed for the attackers to elevate their own access privileges. Finally, they installed malware on Home Depot’s self-checkout systems in the U.S. and Canada, allowing for the data to be stolen. Because this was a multistage attack, there were several stages of failures. While this shows that there were multiple lines of defense, the fact that there were multiple failures as well is a large issue. It demonstrations that even with multiple lines of defense Home Depot was still not adequately protected. The first failure was that the attackers acquired credentials from a third party vendor. This may not have been Home Depot’s fault directly, but there are still governance processes they could’ve employed to prevent it. Once the attackers were in the system they exploited yet another vulnerability that allowed themselves to elevate their access rights. The third vulnerability that was exploited was the lack of...
Words: 2954 - Pages: 12
...judicial officers in cyber forensics. Public Advocacy, Thought Leadership, Awareness and Outreach and Capacity Building are the key words to continue to promote and enhance trust in India as a secure global sourcing hub, and also to promote data protection in the country. For more information about DSCI or this report, please contact: Data Security Council of India Niryat Bhawan, 3rd Floor Rao Tula Ram Marg New Delhi – 110057 India Phone: +91-11-26155070 Fax: +91-11-26155072 Email: info@dsci.in Foreword Insider threats originate from within the organisation. The trusted employees, contractors, partners and suppliers are the source of these attacks. Some of them are as trusted as privileged users. Hence, they can cause more damage. Verizon 2010 Data Breach Investigation Report attributes 48% data...
Words: 7525 - Pages: 31
...Fraud Prevention and Management Recommendations The purpose of this Fraud Prevention Plan is to set out the approach to dealing with fraud risk within our organization. In order to prevent the types of frauds that have already occurred within our organization it will be necessary to create “a culture of honesty, openness, and assistance…..fraud prevention is where the big savings occur” (Albrecht, Albrecht, Albrecht, & Zimbelman, 2012, p.103). What is required is the implementation of a comprehensive hiring, fraud, and ethics training program with strong controls, with punitive treatment of fraud offenders. “Research confirms that anyone can commit fraud. Fraud perpetrators usually can’t be distinguished from other people on the basis of demographic or psychological characteristics.” (Albrecht et al. 2012, p. 33). The value of an effective fraud prevention program requires several components. The lack of fraud prevention leads to enormous risk. The corporation will need to install processes and controls to ensure that honest people are hired. When candidates are going through our interview process they will need to be thoroughly vetted on the accuracy of their work history, education, and stated accomplishments. In addition to the standard practiced of contacting references provided by the candidate, these referenced individuals will be asked to provide additional references. The result of checking references provided by the initial reference will in many instances...
Words: 2662 - Pages: 11
...issues related to information technology and identify situations in which they occur. 2. Identify the many threats to information security. 3. Understand the various defense mechanisms used to protect information systems. 4. Explain IT auditing and planning for disaster recovery. Ethics, Privacy, and Information Security LEARNING OBJECTIVES rain_c03_070-121hr.qxd 28-09-2009 11:25 Page 71 WEB RESOURCES Student Web site www.wiley.com/college/rainer • Web quizzes • Lecture slides in PowerPoint • Author podcasts • Interactive Case: Ruby’s Club assignments WileyPLUS • All of the above and... • E-book • Manager Videos • Vocabulary flash cards • Pre- and post-lecture quizzes • Microsoft Office 2007 lab manual and projects • How-to animations for Microsoft Office • Additional cases CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources What’s in IT for me? ACC FIN MKT OM HRM MIS rain_c03_070-121hr.qxd 28-09-2009 11:25 Page 72 72 Chapter 3 Ethics, Privacy, and Information Security Opening Case NASA Loses Secret Information for Years The Business Problem Over the past decade, U.S. government agencies have been the victims of an unprecedented number of cyber-attacks. One government official noted, “It is espionage on a massive scale.” Government agencies reported almost 13,000 security incidents to the U.S. Homeland Security Department during fiscal year 2008, triple the number from two...
Words: 25389 - Pages: 102
...Business Information Systems Elizabeth Hardcastle Download free books at Elizabeth Hardcastle Business Information Systems Download free eBooks at bookboon.com 2 Business Information Systems © 2011 Elizabeth Hardcastle & bookboon.com ISBN 978-87-7681-463-2 Download free eBooks at bookboon.com 3 Business Information Systems Contents Contents 1 Defining Information Systems 7 1.1 Defining Data and Information 7 1.2 Defining Systems 8 1.3 Defining Information Systems 8 1.4 Business Information Systems 8 1.5 Types of business information system 9 2 Hardware 10 2.1 Input devices 10 2.2 Central Processing Unit (CPU) 10 2.3 Internal and External Memory 10 2.4 Output devices 10 2.5 Major categories of computers 11 3 Software 12 3.1 Systems software 12 3.2 Application software 13 The next step for top-performing graduates Masters in Management Designed for high-achieving graduates across all disciplines, London Business School’s Masters in Management provides specific and tangible foundations for a successful career in business. This 12-month, full-time programme is a business qualification with impact. In 2010, our MiM employment rate was 95% within 3 months of graduation*; the majority of graduates choosing to work in consulting or financial services. As well as a renowned qualification...
Words: 20690 - Pages: 83
...Aircraft Solution (AS) Company Ali Hassan Submitted to: John Michalek SEC571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: April 21, 2013 Table of Contents Company Overview ……………………………………………1 Company Assets ………………………………………………..1 Vulnerabilities ………………………………………………….2 Hardware Vulnerability………………………………….......2 Policy Vulnerability …………………………..……………..3 Recommended Solutions…………………………………….... 5 Hardware Solutions ……………………...………………..…5 Policy Solutions ……………………………...……………...10 Budget ………………………………………………………….12 Summary ………………………………………………………13 References……………………………………………………...14 Company Overview Aircraft Solutions (AS) company located in Southern California design and fabricates component products and provide services for companies in the electronics, commercial, defense, and aerospace industry. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. AS uses Business Process Management (BPM) to handle end-to-end processes. BPM system is designed to connect customers, vendors, and suppliers. Security Weakness In the communication between AS’s headquarter and its two departments make the AS’s headquarter assets are targeted, I will discuss here about the vulnerabilities in software and the policy. Company’s Assets The assets for AS are the Business Process Management, BPM, system and the...
Words: 4091 - Pages: 17
...COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E E X E C U T I V E October 2011 Ta b l e o f C o n t e n t s Executive Summary ................................................................................................................................ i Scope Note ........................................................................................................................................... iii US Technologies and Trade Secrets at Risk in Cyberspace.....................................................................1 The Appeal of Collecting in Cyberspace................................................................................. .....1 Security and attribution ....................................................................................................... 1 Faster and cheaper .............................................................................................................. 2 Extra-territoriality ................................................................................................................ 2 Large but Uncertain Costs........................................................................................................... 3 Pervasive Threat from Intelligence Adversaries and Partners ...............................................................4 China: Persistent Collector..............................................................................................
Words: 11021 - Pages: 45
