Premium Essay

Most Important Cybersecurity Vulnerability Facing It Managers Today: You and I

In:

Submitted By jcmann
Words 3201
Pages 13
Most Important Cybersecurity Vulnerability Facing IT Managers Today: You and I Cybersecurity vulnerabilities in the early years generally revolved around problems with computer hardware and software with no solid definition of what a vulnerability really was, much less which vulnerability would take home the “Most Important Vulnerability” title. In his thesis proposal on “Computer Vulnerability Analysis”, Krsul (1997, p. 2) starts his “Definition of Vulnerability” section by delving into the fact that there was no industry accepted definition that precisely defines “computer vulnerability.” Krsul goes on to ask us to review three of the most commonly accepted definitions of the day—remember, this is 1997!—that he will use to form the basis of this thesis (Krsul, 1997, pp. 2-3):
1. Bishop and Bailey define a vulnerability as “a characterization of a vulnerable state which distinguishes it from all non-vulnerable states.” (Bishop & Bailey, 1996, p. 2). Their report focuses on computer vulnerabilities from a state configuration view where computers are state devices, and a vulnerability is any flaw in software that allows a user (whether authorized or unauthorized) to transition the system from an “authorized state” to an “unauthorized state.” We commonly reference these types of vulnerabilities today as buffer overflow vulnerabilities, input validation vulnerabilities, improper system configuration, etc.
2. Longley and Shain define a vulnerability using several different methods.
"1) In computer security, a weakness in automated systems security procedures, administrative controls, Internet controls, etc., that could be exploited by a threat to gain unauthorized access to information of to disrupt critical processing. 2) In computer security, a weakness in the physical layout, organization, procedures, personnel, management, administration, hardware or

Similar Documents

Premium Essay

Csec Individual Assignment

...July 12, 2014 Cybersecurity Vulnerabilities Facing IT Managers Cybersecurity Vulnerabilities Facing IT Managers Table of Contents Introduction ………………………………………………………………………………………………………………… 3 Types of Vulnerabilities ………………………………………………………………………………………………. 5 Important Vulnerability, Impact & Solutions ……………………………………………………………….. 8 References …………………………………………………………………………………………………………………… 12 Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.). Before we get into the details let first examine what exactly is a security vulnerability. By definition a security...

Words: 2784 - Pages: 12

Premium Essay

Csec 610

...------------------------------------------------- VULNERABILITES FACTING IT MANAGERS TODAY ------------------------------------------------- “THE HUMAN FACTOR” Alicia M. Frazier Abstract This paper will identify and give the proper knowledge about the single most important vulnerability that IT managers face today. It will provide significant evidence about reasons why it is the most vulnerable, its impacts on a organization, and how an organization can best address its potential impacts. “As human beings, we are vulnerable to confusing the unprecedented with the improbable. In our everyday experience, if something has never happened before, we are generally safe in assuming it is not going to happen in the future, but the exceptions can kill you and climate change is one of those exceptions”. -Al Gore What is Vulnerability? When you think of the word vulnerability what comes to mind? Although, definitions of Vulnerability may vary, Vacca (2013) defines the term as “an asset or a group of assets that can be exploited by one or more threats”. In the cyberworld vulnerability can be described as a weakness in a computer hardware or software, which could possibly become exploited. Most would consider vulnerability, as a threat as the approach in which vulnerability can be exploited through a potential cause of an incident. Today, processes and technology alone can’t assure a secure organizational...

Words: 2316 - Pages: 10

Premium Essay

Single Most Importan Cybersecurity Vulnerability

...Single Most Important Cybersecurity Vulnerability Facing IT Managers Disclaimer: please do not copy and paste the paper With the growing usage of the Internet, the expansion of global communication, the office in its traditional sense is fading away. In order for corporations, whether small or large to be profitable in this competitive market, the walls of their offices have had to expand beyond the four walls located at their physical business address. In order to conduct business effectively nowadays, it has become necessary to have internal private business and government networks connecting to other corporate and government networks; as such, the use of portable devices has significantly increased and private corporate information travels more and more. While this is extremely convenient, and allows conducting business at unconventional hours and locations, it is simultaneously risky and requires organizations to proactively secure their data from being compromised. Internet access is available from the privacy of our homes, but also in an increasing number of public places: libraries, fast food restaurants, cafés, and department stores. With the growing cyberworld has come a multiplication of cyber-attacks, where both amateurs and dedicated hackers constantly try penetrating corporate networks. It has become a very challenging objective for IT managers and IT professionals to keep information secured while travelling through the internet. Additionally, one of main...

Words: 3016 - Pages: 13

Free Essay

Russian Patriotic Hacking

...number of cyberattacks, many security professionals are greatly troubled by the real threat to the information technology infrastructure in the United States. While safeguarding information has been a major issue for the private and public sectors since the beginning of the computer era, the increased level of concern over the most recent attacks has resulted in devoting more resources to combat this threat. This paper analyzes numerous cyberattacks by Russian computer enthusiast group Chaos Hackers Crew and other hacktivists during Operation Allied Force in 1999, that included taking down and defacing various NATO and US Government websites, several successful virus propagation attempts on military servers and countless spamming storms. This particular case raises curious questions about the legal definition of term cyberconflict itself, magnitude of the damage from a potential cyberattack on U.S. Government by terrorists and the level of preparedness of key military and intelligence units for the cyberwar. The cyberterrorism threat is real, however it’s essential to recognize that preserving the state of continuous distress over computer vulnerabilities can be profitable. Based on this research, cultural differences play a huge role in the world of computer hackers who decide what entity to attack and how, also the scale of a cyberattack doesn’t matter as economic damage can be devastating regardless of its size. Global governments need to continue working on creating workable...

Words: 8586 - Pages: 35

Premium Essay

Making Money

...Guidelines for Secure Use of Social Media by Federal Departments and Agencies Information Security and Identity Management Committee (ISIMC) Network and Infrastructure Security Subcommittee (NISSC) Web 2.0 Security Working Group (W20SWG) Version 1.0 September 2009 This document is publicly releasable Intended Audience This document is intended as guidance for any federal agency that uses social media services to collaborate and communicate among employees, partners, other federal agencies, and the public. Note: The Federal CIO Council does not endorse the use or imply preference for any vendor commercial products or services mentioned in this document. Guidelines for Secure Use of Social Media by Federal Departments and Agencies Page 2 TABLE OF CONTENTS INTENDED AUDIENCE............................................................................................................................................2 REVISION HISTORY ................................................................................................................................................4 ACKNOWLEDGEMENTS ........................................................................................................................................5 EXECUTIVE SUMMARY .........................................................................................................................................6 RISKS ......................................................

Words: 7347 - Pages: 30

Premium Essay

Vulnerability Mangement

...QUALYSGUARD® ROLLOUT GUIDE July 12, 2012 Copyright 2011-2012 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners.  Qualys, Inc. 1600 Bridge Parkway Redwood Shores, CA 94065 1 (650) 801 6100 Preface Chapter 1 Introduction Operationalizing Security and Policy Compliance..................................................... 10 QualysGuard Best Practices ........................................................................................... 11 Chapter 2 Rollout First Steps First Login......................................................................................................................... Complete the User Registration.......................................................................... Your Home Page................................................................................................... View Host Assets .................................................................................................. Add Hosts .............................................................................................................. Remove IPs from the Subscription..................................................................... Add Virtual Hosts ................................................................................................ Check Network Access to Scanners .....................................

Words: 38236 - Pages: 153

Premium Essay

Paper

...Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval...

Words: 229697 - Pages: 919

Premium Essay

This Paper Provides an Overview of the Growing Cybercrime Problem and Reviews Two Criminological Theories That Have Been Applied to the Study of Cybercrime and Cybercrime Victimization. Legislation Which Defines

...An Examination of Cybercrime and Cybercrime Research: Self-control and Routine Activity Theory Katherine M. Grzybowski Arizona State University 1 March 2012 Cybercrime 1 TABLE OF CONTENTS 1. ABSTRACT .....................................................................................................3 2. INTRODUCTION...........................................................................................4 3. A REVIEW OF CYBERCRIME ...................................................................6 3.1 Cybercrime Legislation ............................................................................7 3.1.1 3.1.2 Federal Laws .................................................................................7 State Laws ......................................................................................9 3.2 Cybercrime Law Enforcement Agencies ................................................11 3.3 Classifying Cybercrime ............................................................................16 3.4 National Levels of Cybercrime ................................................................19 3.4.1 3.4.2 Business Cyber Victimization ......................................................20 Individual Cyber Victimization ...................................................22 4. A REVIEW OF THEORIES..........................................................................26 4.1 Self-control Theory ...................................................................

Words: 13816 - Pages: 56

Premium Essay

Cyber Crime

...An Examination of Cybercrime and Cybercrime Research: Self-control and Routine Activity Theory Katherine M. Grzybowski Arizona State University 1 March 2012 Cybercrime 1 TABLE OF CONTENTS 1. ABSTRACT .....................................................................................................3 2. INTRODUCTION...........................................................................................4 3. A REVIEW OF CYBERCRIME ...................................................................6 3.1 Cybercrime Legislation ............................................................................7 3.1.1 Federal Laws .................................................................................7 3.1.2 State Laws ......................................................................................9 3.2 Cybercrime Law Enforcement Agencies ................................................11 3.3 Classifying Cybercrime ............................................................................16 3.4 National Levels of Cybercrime ................................................................19 3.4.1 Business Cyber Victimization ......................................................20 3.4.2 Individual Cyber Victimization ...................................................22 4. A REVIEW OF THEORIES..........................................................................26 4.1 Self-control Theory ....................................

Words: 13816 - Pages: 56

Premium Essay

Case Study

...obr76817_ch01_002-044.indd Page 3 09/09/10 9:50 AM user-f501 CHAPTER 1 207/MHRL043/kno31619_disk1of1/0070131619/kno31619_pagefiles: Management Challenges Business Applications Module I Development Processes Information Technologies Foundation Concepts FOUNDATIONS OF INFORMATION SYSTEMS IN BUSINESS Ch apt er Highligh t s L ea r n i n g O bj ect i v e s Section I Foundation Concepts: Information Systems in Business 1. Understand the concept of a system and how it relates to information systems. 2. Explain why knowledge of information systems is important for business professionals, and identify five areas of information systems knowledge that they need. 3. Give examples to illustrate how the business applications of information systems can support a firm’s business processes, managerial decision making, and strategies for competitive advantage. 4. Provide examples of several major types of information systems from your experiences with business organizations in the real world. 5. Identify several challenges that a business manager might face in managing the successful and ethical development and use of information technology in a business. 6. Provide examples of the components of real world information systems. Illustrate that in an information system, people use hardware, software, data, and networks as resources to perform input, processing, output, storage, and control activities that transform data resources into information...

Words: 24619 - Pages: 99

Premium Essay

Social Responsibility

...6 10 14 18 24 32 36 40 44 Samuel J. Palmisano Chairman, President and Chief Executive Officer It was at the height of the economic crisis in 2008 that IBM introduced the idea of a smarter planet. To some, this might not have seemed the most propitious moment to launch such an ambitious strategic initiative. However, we strongly believed there was an opportunity to address exactly the problems and challenges that were then gripping the world. Now it is nearly two years later and events have, if anything, strengthened this belief. The idea of a smarter planet is speaking powerfully to forward-thinking leaders and citizens around the world. It is opening up a growing global dialogue and generating thousands of innovative ideas. Hundreds of our clients have seized upon new capabilities to build smarter systems, and are achieving measurable benefits for their companies, communities and cities. Without question, this response is proving beneficial to IBM’s business. However, the phenomenon of a smarter planet is about much more than enhancing one company’s growth and profitability. And that is what this report is all about. 2 LETTER FROM SAMUEL J. PALMiSAnO IBM Corporate Responsibility Report Addressing the issues facing the world now...

Words: 19145 - Pages: 77

Premium Essay

Leadership Development - Doe

...Leadership Development Seminars and ECQ-based Readings The success or failure of any endeavor depends on leadership. Now, more than ever before, we need leaders in our organizations and in our world. Great leaders create and communicate a vision and move people into action to achieve it. They ignite our passion and inspire us to do our best. Government leaders in the 21st century are experiencing change at a more rapid pace than previous generations. Rapid advances in technology have expanded the quantity of work we are capable of accomplishing, and also where it’s accomplished. We have a more highly educated workforce, yet face diminishing resources with an increased demand for productivity, and the essential services we provide to the American public. To be successful at navigating these challenges leaders must develop the essential skills to motivate their employees, effectively communicate with others, fine-tune critical thinking skills, and build and leverage partnerships. Future leaders must also be visionary; i.e., possess the ability to identify trends and the courage to be innovative. Being technically adept in your field will no longer be enough. In response to these demands on senior executives, the U.S. Office of Personnel Management identified five Executive Core Qualifications (ECQs) that all aspiring government leaders and executives must possess. These ECQs and Fundamental Competencies were developed by OPM after extensive research on the attributes...

Words: 181771 - Pages: 728

Premium Essay

Ggao-09-232g

...United States Government Accountability Office GAO February 2009 GAO-09-232G FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM) This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office Washington, DC 20548 February 2009 TO AUDIT OFFICIALS, CIOS, AND OTHERS INTERESTED IN FEDERAL AND OTHER GOVERNMENTAL INFORMATION SYSTEM CONTROLS AUDITING AND REPORTING This letter transmits the revised Government Accountability Office (GAO) Federal Information System Controls Audit Manual (FISCAM). The FISCAM presents a methodology for performing information system (IS) control 1 audits of federal and other governmental entities in accordance with professional standards, and was originally issued in January 1999. We have updated the FISCAM for significant changes affecting IS audits. This revised FISCAM reflects consideration of public comments received from professional accounting and auditing organizations, independent public accounting firms, state and local audit organizations, and interested individuals on the FISCAM Exposure Draft issued on July 31, 2008 (GAO-08-1029G)...

Words: 174530 - Pages: 699

Premium Essay

Career Planning

...Leadership Development Seminars and ECQ-based Readings The success or failure of any endeavor depends on leadership. Now, more than ever before, we need leaders in our organizations and in our world. Great leaders create and communicate a vision and move people into action to achieve it. They ignite our passion and inspire us to do our best. Government leaders in the 21st century are experiencing change at a more rapid pace than previous generations. Rapid advances in technology have expanded the quantity of work we are capable of accomplishing, and also where it’s accomplished. We have a more highly educated workforce, yet face diminishing resources with an increased demand for productivity, and the essential services we provide to the American public. To be successful at navigating these challenges leaders must develop the essential skills to motivate their employees, effectively communicate with others, fine-tune critical thinking skills, and build and leverage partnerships. Future leaders must also be visionary; i.e., possess the ability to identify trends and the courage to be innovative. Being technically adept in your field will no longer be enough. In response to these demands on senior executives, the U.S. Office of Personnel Management identified five Executive Core Qualifications (ECQs) that all aspiring government leaders and executives must possess. These ECQs and Fundamental Competencies were developed by OPM after extensive research on the attributes...

Words: 181771 - Pages: 728

Premium Essay

It Manager

...Rethinking the future city Smart City Expo World Congress (SCEWC) has become the leading event in the smart city industry. The 2014 edition recorded its best-ever figures with 10,838 visitors, 3,661 delegates, 275 exhibitors and 370 speakers coming from 92 countries and 440 cities to share the latest thinking on current and future issues related to urban growth. They all met and networked in a 20,000 m2 venue divided into two distinct areas: The exhibition area, which was the global marketplace for all stakeholders involved in the development of smart cites. The congress area, where leading experts discussed how to make cities more efficient, manageable, sustainable, and above all livable. Citizens were invariably at the center of most debates on city planning, citizen engagement, social development, smart energy, big data management, the Internet of Things, and...

Words: 20230 - Pages: 81