...------------------------------------------------- VULNERABILITES FACTING IT MANAGERS TODAY ------------------------------------------------- “THE HUMAN FACTOR” Alicia M. Frazier Abstract This paper will identify and give the proper knowledge about the single most important vulnerability that IT managers face today. It will provide significant evidence about reasons why it is the most vulnerable, its impacts on a organization, and how an organization can best address its potential impacts. “As human beings, we are vulnerable to confusing the unprecedented with the improbable. In our everyday experience, if something has never happened before, we are generally safe in assuming it is not going to happen in the future, but the exceptions can kill you and climate change is one of those exceptions”. -Al Gore What is Vulnerability? When you think of the word vulnerability what comes to mind? Although, definitions of Vulnerability may vary, Vacca (2013) defines the term as “an asset or a group of assets that can be exploited by one or more threats”. In the cyberworld vulnerability can be described as a weakness in a computer hardware or software, which could possibly become exploited. Most would consider vulnerability, as a threat as the approach in which vulnerability can be exploited through a potential cause of an incident. Today, processes and technology alone can’t assure a secure organizational atmosphere...
Words: 2316 - Pages: 10
...Solutions ……………………………………………………………….. 8 References …………………………………………………………………………………………………………………… 12 Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.). Before we get into the details let first examine what exactly is a security vulnerability. By definition a security vulnerability can be flaws in hardware, software, networks or the employees that use them which in turn can allow hackers to compromise the confidentiality, integrity and availability of the information system (“Common Cybersecurity,” 2011). To thoroughly discuss this topic in more detail I will first discuss...
Words: 2784 - Pages: 12
...challenges of securing information 2 Objective 2: Define information security and explain why it is important 3 Objective 3: Identify the types of attackers that are common today 5 Hackers 5 Script Kiddies 5 Spies 5 Insiders 5 Cybercriminals 6 Cyberterrorists 6 Objective 4: List the basic steps of an attack 6 Objective 5: Describe the five basic principles of defense 7 Layering 7 Limiting 7 Diversity 7 Obscurity 8 Simplicity 8 Works Cited 8 Chapter 1 Objectives To accomplish the learning objectives for Chapter 1: • I have read all of Chapter 1 in the course textbook (pages 1-39); including understanding the key terms on (pages 28-29). • I have read and answered all of the review questions on (pages 29-32), then compared my decisions with the solutions posted on Canvas, any incorrect answers I corrected and confirmed in the chapter. • I have read and worked through Hands-On Projects 1-1 through 1-4 to facilitate in achieving each of the stated learning objectives. • I have read, worked through and evaluated Case Projects 1-1 through 1-8 on (pages 36-38). • I have participated in all class presentations and discussions about Chapter 1 • I have read through and examined Chapter1 slide presentations. The learning objectives for this chapter are as follows: Objective 1: Describe the challenges of securing information To achieve this objective, I have read in the course textbook (pages 5-11) Challenges of Securing Information including reviewing...
Words: 3169 - Pages: 13
...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see them...
Words: 1422 - Pages: 6
...------------------------------------------------- Cyber security and its challenges to society Final Project Report Group Members Abdul Majid Qayyum Umair Arshad Hasnat Ahmed Gulraiz Shabbir Contents Introduction: 3 Why is cyber security important? 4 The Impact of Cyber Security 5 The Cultural Impact 5 The Official Impact 5 The Solution Impact 5 Defining Cyber Security 6 Technology & Modern Life 6 What is Cyberspace? 6 What is Cyber Warfare? 6 Cyber is not Hype 7 What Cyber Security Isn’t 7 Cyber-crime 8 Types of Cyber-crimes 8 Hacking: 8 Theft: 8 Cyber Stalking: 9 Identity Theft: 9 Malicious Software: 9 Child soliciting and Abuse: 9 Cyber Bullying 10 Causes of Cyber-crime 10 History of Cyber-crime 10 Cyber-crime in Modern Society 11 Categories of Cyber-crime 11 Individual: 12 Property: 12 Government: 12 How to Tackle Cyber-crime 12 RECENT SURVEY ISSUES ON CYBER SECURITY TRENDS 14 Mobile Devices and Apps 14 Social Media Networking 14 Cloud Computing 14 Protect systems rather Information 15 New Platforms and Devices 15 Everything Physical can be Digital 15 Survey Questions 16 Conclusion 16 Cyber Security and its Challenges to Society Introduction: Over the past several years, experts and policy makers have expressed increasing concerns about protecting internet from cyber-attacks—deliberate attempts by unauthorized persons to access. Many experts expect the number and severity of cyber-attacks to increase over the next several years...
Words: 3707 - Pages: 15
...this exploitation, companies subject themselves to lawsuits from their own customers. These companies often are ignorant of the simple fact that they have been exploited until customers report the issues to these companies and corporations. Many times, more than thirty days goes by before someone alerts the company of a possible security breech. Cost of an electronic exploit can be greater than a million dollars per incident as reported by the FBI. This information is found in the FBI’s (Federal Bureau of Investigation) report of cyber threats in the United States. In order to help counterbalance this, smaller to midsized companies could spend less than $5,000 to harden their systems and operating systems to put a statefull firewall in place. As stated in this paper, these companies often lack the resources, materials and funds to do so. With the FBI report showing reported incidents, there are thousands of incidents that go unreported. Often these incidents are yet to be discovered. With this number of small to mid-size corporations ignoring or slowly implementing security measures, more and more electronic computer crimes are beginning to take place throughout the U.S. With extortion now moving into the digital age, many corporations do not report intrusions to law enforcement in order to avoid negative publicity. Reports of an intrusion could directly have a negative effect on the company’s sales and position in a global competitive market. Approximately 35% of...
Words: 2166 - Pages: 9
...Why is information security a management problem? What can management do that technology cannot? Both management and IT management are responsible for the protection necessary to secure information. They are the ones who make the decisions regarding the appropriate security system and what level of security will work for the system. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important because it keeps a record of all changes and activity. Without data, the company or organization may fail because they have no records, and therefore be of no good use. 3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function? General Management and IT Management are responsible because it has to be set up for that specific system. If one part fails, then they are the ones to fix it and make it usable 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking has caused more risk for businesses using information technology because it made it much easier for attackers to breach the security systems. They are even more of a target with the internet connection. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. Information extortion is where information is taken...
Words: 1293 - Pages: 6
...ABSTRACT An organization’s information security program needs structure in order be successfully to protect its sensitive/confidential data from falling into the hands of its adversaries. There are many methods available to an adversary for breaching an Information System security protection barrier in any organization today. One of the main goals of adversaries is to obtain data illegally from an organization or user. A data breach may occur when there is a loss, theft, or other unauthorized access to data containing sensitive material that results in the potential compromise of the confidentiality, integrity, or availability. “An information security program begins with policy, standards, and practices, which are the foundation for the information security architecture and blueprint. In order for an organization’s information security program to succeed. It will need to “operate in conjunction with the organization’s established security policy.” (Whitman & Mattord, 2012) This case study will discuss the legal environment for an organization, which includes policies, regulations, and laws. Also, it will illustrate how these factors impact an organization to ensure the confidentiality, integrity, and availability of information and information systems. Foremost, in any organization, confidentiality, integrity, and availability (CIA triad) is the model which is supposed to guide information security policies that are established. Policies play an important role in any...
Words: 1779 - Pages: 8
...SE571 Course Project Phase I Professor Wagner November 13, 2011 Security Assessment: Course Project Phase I Introduction This report focuses on a security assessment of Aircraft Solutions (AS), which is a well-known leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Headquartered in Southern California, AS depends heavily on its highly trained workforce, with a large skill base, that is beneficial for the company’s production. The goal of this report is to identify potential vulnerabilities or threats within the operations at AS while identifying their risks and consequences to the firm. Security Weaknesses Given the three areas if investigation for potential weaknesses to the security of AS, hardware, software and policy, In terms of AS assets and how they will be affected if a security threat is placed, I have concluded that one of its major assets is its Business Process Management Hardware (BPM), which handles end-to-end processes that deal with multiple systems and organizations. AS’s operations rely on this system to connect customers, vendors, and suppliers. If affected by a security threat, AS would not be able to function as usual and information could be potentially harmed. Therefore, I have decided to focus this assessment on the areas of hardware and policy. For instance, in the area of hardware it is noticeable in the network infrastructure that there...
Words: 1296 - Pages: 6
...Network Security In Business Process Outsourcing Information Technology Essay The issue of information security and data privacy is assuming tremendous importance among global organizations, particularly in an environment marked by computer virus and terrorist attacks, hackings and destruction of vital data owing to natural disasters. The worldwide trend towards offshore outsourcing of processes and IT services to remote destinations, leading to the placing of valuable data and information infrastructure in the hands of the service providers, is also creating the need for information security solutions that will protect customers' information assets. As crucial information of a financial, insurance, medical and personal nature begins to get handled by remotely located offshore outsourcing service providers, there is a growing concern about the manner in which it is being collected, stored and utilized. Components of security The concept of information security is centered around the following components: · Integrity: gathering and maintaining accurate information and avoiding malicious modification · Availability: providing access to the information when and where desired · Confidentiality: avoiding disclosure to unauthorized or unwanted persons. Indian IT and ITES-BPO service providers today have the responsibility of not just protecting their own internal information, but also that of their customers, who trust them with crucial organizational data. A service providers own...
Words: 1616 - Pages: 7
...SECTION ONE INTRODUCTION BACKGROUND OF STUDY In years past, when enterprises were starting, it suffered data lose and information retrieval was difficult since there was no strong security service to protect already gathered information. Production, distribution and some other functions were very difficult to achieve due to weak security services but as the days passed by enterprise has struggled to secure its services and with the aid of growth in technology and programming enterprise services has reached a reasonable degree in achieving its dream by protecting its services from harm. An enterprise is an activity or a project that produces services or products. There are essentially two types of enterprise, business and social enterprises. Business enterprises are run to make profit for a private individual or group of individuals. This includes small business while social enterprise functions to provide services to individuals and groups in the community. These shows that an enterprise security service is a form of protecting the services or the product of individuals and groups in the community from harm (preventing unauthorized users from gaining access). Enterprise now uses Biometric, Encryption and some others forms of security to form the backbone of its services. The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics refers to the automatic identification of a person based on...
Words: 4428 - Pages: 18
...towards a technology-centered society, both public and private sectors have to keep up with and evolve just as quickly, while trying to be proactive when it comes to security. The world today is not as safe as it once was, and as it changes to a more paperless, technological-based society, access to information is becoming increasingly accessible. With this, cyber-attacks and security breaches have become a significant risk of doing business. As hackers, botnets, and various other cyber-based threats have become progressively more malicious and continue to attack organizations and governments alike, a prevailing question is how to unite the public and private sectors so that they can evolve to defend against that which they cannot see. Introduction Today's reality is rapidly advancing into a world that depends exclusively on technology as an approach to work together and connect. With this move towards a technology-focused culture, both government and private sectors are needing to stay aware of and develop almost as fast, while attempting to be proactive in the matter of security. The world today is not as protected as it once seemed to be, and as it changes to a more paperless, computer-oriented culture, access to more and more data is getting to be progressively available. With this, cyber threats and security breaches have turned into a critical danger of working together. As hackers and different other digital based dangers have...
Words: 2198 - Pages: 9
...career success. Many jobs today are requiring college degrees, even for positions that did not require it in the past. People must continue to achieve higher levels of education and skills to be competitive in the workforce. By developing personal skills and increasing professional knowledge, people are more likely to reach their professional goals. The skill and knowledge that one develops are an essential for career success. “The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. The primary goal of the Information Systems Security Association is to promote management practices that will guarantee the confidentiality, integrity, and availability of information resources” (ISSA Information and Systems Securities Association, 2010). The Information Systems Security Association promotes the education and expands the knowledge and skills of its members. Members exchange free information on security techniques and problem-solving. All members are kept up-to-date on current events in information and security through communication provided by the Information Systems Security Association. The importance of establishing controls necessary to guarantee the secure organization and use of information processing resources is...
Words: 598 - Pages: 3
...Security Domains and Strategies, Project 1 Nearly all businesses today are connected to the Internet. This detail makes any company, large or small, a target for hackers, network attacks and malware. The largest security threat to any company today is internal, and specialists in the field suggest you protect your company by layering components in a full security strategy that includes technology, policies, procedures, and best practices. The fact is that small businesses today face the same basic data protection challenges as large businesses. The dangers and potential costs of unprotected data can be catastrophic. By layering security using complementary technologies, your small to mid-sized business IT services can address all of the threats it faces. Needless to say, IT support is unquestionably needed for business data protection. It is highly recommended that you pick a company that truly understands the needs of a small business. The great thing today is that it is not necessary for IT technicians to be on site in order to service your IT network. Whether the security threats are malicious or due to inadvertent employee error, the results are the same: loss of revenue and productivity, and potential liability for the company. What Are the Questions? As organizations begin to build their incident response capability, they are looking to determine the best strategy for putting such a structure in place. They not only want to know what has worked well for others, but...
Words: 394 - Pages: 2
...Principles of Information security textbook problems Chapter ... www.cram.com/.../principles-of-information-security-textbook-problems... Study Flashcards On Principles of Information security textbook problems Chapter 1 & 2 at ... What is the difference between a threat and a threat agent? A threat ... 01_Solutions - Principles of Information Security, 4 th Edition ... www.coursehero.com › ... › ISIT › ISIT 201 Unformatted text preview: Principles of Information Security, 4 th Edition Chapter 1 Review Questions 1. What is the difference between a threat agent and a ... Chapter 1-Introduction to Information Security Principles of ... www.termpaperwarehouse.com › Computers and Technology Jun 16, 2014 - Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an ... Category:Threat Agent - OWASP https://www.owasp.org/index.php/Category:Threat_Agent May 15, 2012 - The term Threat Agent is used to indicate an individual or group that can ... Organized Crime and Criminals: Criminals target information that is of value ... Threat Risk Modeling is an activity to understand the security in an application. ... NET Project · Principles · Technologies · Threat Agents · Vulnerabilities ... Threat (computer) - Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Threat_(computer) A more comprehensive definition, tied to an Information assurance point of view, can be found ... National...
Words: 598 - Pages: 3
