...Employee’s Security Vulnerabilities and the Affects on Organization’s Information Technology University Maryland University College Employee’s Security Vulnerabilities and the Affects on Organization’s Information Technology Cyber security vulnerabilities and threats are real and constant. Information technology breakthroughs have given our adversaries cheaper and often effective cyber weapons to harm U.S. computer networks and systems (Gen Alexander, 2011). Unfortunately, our adversaries are not our greatest vulnerability to cyber security or cyber space. Cyber security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Cyber space is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (Ruquet, 2011). The government has been coordinating with private organizations and the public sector to protect information technology. They have been working to detect, prevent, and mitigate cyber threats and vulnerabilities. There are multiple vulnerabilities which adversely affect information technology but this paper will focus on the human factor. Information...
Words: 2131 - Pages: 9
...Home Security Vulnerabilities Principles & Theory of Security Management Professor James Leiman DeVry University On-Line Antoinette Bowen 19 January 2014 Home Security Vulnerability With criminals being smart enough wait and watch even pay real close attention to their victims daily habits; “at every 15 seconds, a home in the United States is broken into, said Angela Mickalide, director of education and outreach for the National Home Safety Council.” (Herbet, 2014) It would seem that it’s hopeless for people to stay safe. That in order for people to feel safe they need to purchase state of the art equipment to secure their property. For those who maybe considering the option to purchase a security system but really don’t have the funds for the monthly services should realize that there are several other methods of prevention. When observing our own environment it will appear to be safe, but how safe are we? Since people consider a very familiar area their comfort zone is when we tend to overlook the possibilities of being watched-to become a delinquent’s next victim. Let us look into our own backyards to assess the safety of our own homes. Being in a home that had been constructed in the 1920’s would seem fairly unsafe and susceptible to break-ins even becoming an easy target for offenders. Easy to kick doors in, break through windows, and bust locks due to a decaying foundation. Even as the dynamic of the changing neighborhood goes from home owners to being...
Words: 1106 - Pages: 5
...One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.1. What are the differences between ZeNmap GUI (Nmap) and Nessus?ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace...
Words: 310 - Pages: 2
...be assigned to personnel who are familiar with the facility. Depending of the community and location. For example, California prepares for an earthquake, Florida for hurricanes, and Montana for snowstorms. It is also required by the Joint Commission to have the HCF to have a hazard vulnerability analysis under the EC 4.10. (Environmental Control). The Occupational Safety and Health Administration (OSHA) regulations an National Fire Protection Association (NFPA) and standards must also be taken into account as well as the Centers for Disease Control and Prevention (CDC) Strategic Plan for Preparedness and Response to biological and Chemical terrorism. The American Institute of Architects (AIA) has also issued certain guidelines for design and construction of facilities in locations where there is a recognized potential for certain natural disasters. This plans must provide a process to: Initiate a plan HCF role with community-wide emergency response agencies, including who is in charge, Notify external authorities Notifying Identify and assign personnel during emergencies Managing the following: patients, staff, and staff and family support activities Logistics of critical supplies Security Interaction with media Evacuating and entire HCF Having another emergency care site Continuing or reestablish operations after a natural...
Words: 268 - Pages: 2
...sign an AUP and a confidentiality agreement. This domain is considered one of the weakest and the most affected for a few reasons. 1st is the lack of user awareness to correct this you should conduct security training with all personal. 2nd if you have obvious security violations after that training then you need to place the employees on probation and review the AUP. 3rd when users are downloading various different files that do not conform to the established security guidelines then enabling content filtering and automatic antivirus scans would be wise. The Workstation Domain: * Is made up of the devices that employees use to connect to the IT infrastructure. Availability for this domain is necessary so that all employees can easily access any tools needed to perform their work duties. This domain requires strong security and controls because this is where users first access the system. It is also where sizeable damage to system can occur. Here are some problems the can happen with some corrective solutions. If you can have unauthorized user access situation; make sure you have a strong password and screen lockout policy in place. If you have any software vulnerabilities or software patch updates that are needed; make sure you have the workstation OS vulnerability window policy in place so to it can be consistently monitored and updated. If you get any viruses or malware; make sure to have the automatic antivirus scanning enabled and ensure...
Words: 441 - Pages: 2
...For YieldMore Executives, We here in your IT department have recently audited our infrastructure for our company’s network. Upon the review we did find several threats and vulnerabilities. First off is the fact we do not have a backup system in place for any natural disaster to our headquarters. This is an exploit found in the systems and application domain that can cripple our whole company. A second system found in one of the production center could be able to be installed in case of said disaster to our corporate headquarters. Our second issue is the possibility of our sales force using their own computers to remote access into our network. There could be malware installed in their hardware at home and can be sent to our network to infiltrate our system. Good practice to this is to supply company laptop to sales and have restrictions to known websites with malware downloads to help avoid infections and malware to our system. This area is on the remote access domain and needs to be looked at on a constant basis. The third issue would be in the user domain. Any terminated or disgruntled employee can load issues to our system and need to be expelled from our system as soon as they are gone from the company. A fourth issue would be password safety. We must assume that passwords are not secure since most of our labor is found outside of our three building units. A policy to have the user change his or her password on a frequent basis will in fact...
Words: 361 - Pages: 2
...The two factors that will be discussed that can decrease human vulnerability to natural hazards are Wealth and Age. The wealthier a person is the less effected they are by natural hazards. This is because of many reasons such as, when a natural hazard occurs like an earthquake, the class a person lives in may influence how a person is affected by natural hazards. If a person lives in a lower economic group the more vulnerable they are to natural hazards. The lower the class, the less wealthy they are and the more susceptible to natural hazards like earthquakes and volcanoes. The poor are unable to pay for new housing if there houses get damaged. They have less access to medical assistance and more than likely no education this means that they...
Words: 279 - Pages: 2
...Natural disasters and the decisions that follow By Dr/hesham sleem Problem definition A natural disaster is a major adverse event resulting from natural processes of the earth ;e.g includes floods,volcanic eruptions,earthquakes and other geologic processes.it can cause loss of life or property damage and typically leaves some economic damage in its wake,the severity of which depends on the affected population's resilience or ability to recover .in another meaning (response of different industries to natural disaster such as insurance and airlines companies,how the organization manage these disasters and the decisions that may follow these disasters have serious effects on customers and So financial and human loss may follow. Justification of the problem There are several factors that affect decisions that follow natural disaster : 0/0 of accuracy in predicting natural disaster/ timing of the information/planning and rules to be set/consideration of humanity during planning and during disaster time/the government and organizations confidence in their ability to take decisions and overcome risk. List of alternatives: Comprehensive data/ awareness. Planning/prevention.... Action before and during event.... Response / recovery .the government and organization must be high confidence in their ability to take decisions and overcome risk.sufficient financial support and good communications. Evaluation of alternatives...
Words: 355 - Pages: 2
...Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities. *...
Words: 559 - Pages: 3
...HCS 533 WEEK 4 Security and Privacy Paper Security and Privacy Paper As an information systems manager, you will need to consider a very important aspect of your operation—patient information, privacy, and security. Review the following case scenarios and select one to use for your management plan for security and privacy. Case Scenario 1 (Security Breach) The administration at St. John’s Hospital takes pride in its sound policies and procedures for the protection of confidential client information. In fact, it serves as a model for other institutions in the area, however, printouts discarded in the restricted-access IS department are not shredded. On numerous occasions, personnel working late have observed the cleaning staff reading discarded printouts. What actions, if any, should these personnel take toward the actions of the cleaning staff? What actions, if any, should be taken by IS administration? Case Scenario 2 (Natural Disaster): Living on the Gulf Coast is a benefit that many residents of this small Southern town enjoy, however, natural disasters are a concern. The town has just been struck by a hurricane and the entire basement of your operation is flooded by the storm surge. Patient files were destroyed or washed away with the receding water. What actions do you take when patients ask for their health records? What processes did you have in place to protect your records in anticipation of such an event? Choose one of the scenarios above and develop...
Words: 285 - Pages: 2
...5.4.2) The services of the open ports are Port 80 Service(http) Port 2869 Service(http) 3. The host which is more secure is the one which has features that enable it to be protected by default in the background and is less prudent to virus attacks. The system that does not contain such services is not protected by the features that protect it by default and thus it is found to be least secure (Kanclirz & Baskin, 2008). 4.Uses of Nmap 1. Nmap can be used to detect the open ports that are on the host. This is known as port discovery or enumeration. 2. Nmap is used in service discovery that is it can be able to detect the software and the versions of the open ports respectively. 3. It is used in detecting the vulnerability and security holes through generation of Nmap scripts. 4. Host discovery. Nmap...
Words: 770 - Pages: 4
...Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after an exploitation has occurred. Patches are additional pieces of code developed to address problems (commonly called “bugs”) in software. Patches enable additional functionality or address security flaws within a program. Vulnerabilities are flaws that can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system. Not all vulnerabilities have related patches; thus, system administrators must not only be aware of applicable vulnerabilities and available patches, but also other methods of remediation (e.g., device or network configuration changes, employee training) that limit the exposure of systems to vulnerabilities. This document provides guidance on creating a security patch and vulnerability management program and testing the effectiveness of that program. The primary audience is security managers who are responsible for designing and implementing the program. However, this document also contains information useful to system...
Words: 504 - Pages: 3
...Calculate the Window of Vulnerability The four parts would be the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated. Discovery Time –is the earliest date that a vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability. Exploit Time -is the earliest date an exploit for a vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of a vulnerability as an exploit. Disclosure Time –is the first date a vulnerability is described on a channel where the disclosed information on the vulnerability is (a) freely available to the public, (b) published by trusted and independent channel and (c) has undergone analysis by experts such that risk rating information is included. Patch Time - is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention systems or anti-virus tools are not considered as a patch in this analysis. Unfortunately, the availability of patches usually lags...
Words: 603 - Pages: 3
...Ethical Hacker Unit 2 Project Presented By Sandra Grannum To Dr. Pace On December 13, 2011 Table of Contents Abstact………………………………………………………………………………………………………..3 Seven steps of Information gathering…………………………………………………..………..4 Popular Reconnaissance tools……………………………………………………………………….5 Methods to crack passwords on windows linux and Mac…………………………….…..8 Password Cracker downloads…………………………………………………………….………….9 Security Plan……………………………………………………………………………………………….. 9-11 Steps to remove evidence……………………………………………………………………………. 11 References:…………………………………………………………………………………………………..12 Abstract This paper list and describe the seven steps of information gathering and describe some of the most popular reconnaissance tools while explaining the benefits and limitations of each. Included as well is the method to crack passwords on Windows, Linux, and Mac. There is also a password cracker tool that was downloaded on my home computer that describes the steps and outcomes. Least but not last, a security plan is also included in this project and the steps to remove evidence of an attack on a network. Define the seven-step information gathering process • Information gathering is divided into seven steps. These steps include gathering information, determining the network range, identifying active machines, finding open ports and access points, OS fingerprinting, fingerprinting services, and mapping the network. Define footprinting • Footprinting...
Words: 2645 - Pages: 11
...A vulnerability is “a flaw in an information technology product that could allow violations of security policy”. (L., 2000) A vulnerability or weakness in a system or network can come about in many different ways such as poor coding, poorly configured access controls, weak security implementations or a basic design flaw. In the scenario there was no date given but it did state the server software manufacturer detected a hole the previous day and a patch will be ready in three days. The LAN administrator will need at least a week to download and test the patch, in which he’ll test the effectiveness of the patch. Once the LAN Admin is satisfied with the patch he will deploy the patch to the SMB Server and any other machines that may be in use on the network. In this case the Window of vulnerability is roughly 11 days from detection to patch implementation. Depending on the severity of the breach and size of the company they may or may not release a public statement in which it would only jeopardize bad publicity. During the time of vulnerability the word about the security breach can spread rather fast and many attacks may follow. Once the patch has been installed the company may then again go public stating the breach has corrected and there are no vulnerabilities. Bibliography L., W. A. (2000, December). Windows of vulnerability: A case study analysis. Retrieved from http://www.cs.umd.edu:...
Words: 252 - Pages: 2
