Premium Essay

Security in the News

In:

Submitted By ruacutie1
Words 884
Pages 4
Student’s Name:
Date:
ITS111 – Introduction to IS Security
Seminar One – Security in the News Attack 1 Title: Home Depot Hit By Same Malware as Target

Type of Attack Description: BlackPOS infects computers running Windows that are part of POS systems and have card readers attached to them. Once installed on a POS system, the malware identifies the running process associated with the credit card reader and steals payment card Track 1 and Track 2 data from its memory. This is the information stored on the magnetic strip of payment cards and can later be used to clone them.
Attack Description: Its a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows.

Attack 1 Reference(s)
Constantin, L. (2013). Krebs on Security. Retrieved from http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/

Attack 2 Title: The Sony Pictures hack, explained

Type of Attack Description: hackers implanted Wiper on Sony's computer infrastructure, a malware software program designed to erase data from the servers. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers

Attack Description: It was an attack by North korea in response to the movie “The Interview” a comedy about a plot to assassinate North Korean leader. The attackers stole huge swaths of confidential documents from the Hollywood studio and posted them online in the following weeks

Attack 2 Reference(s)
Peterson, A. (2014). The Sony Pictures hack, explained. Retrieved from http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/

Attack 3 Title: Evernote Pounded By Aggressive Cyber Attack

Type of Attack Description:

Similar Documents

Free Essay

New Security Employee

...New Security Employee Guide John Siggers SEC/430 March 18, 2013 New Security Employee Guide Throughout this guide as a new employee you will learn about many of the basics of what to do in investigations. These topics will start with the basic principles of an investigation then lead into the criminal investigation basics then learn the proper evidence acquisition and management the next step in the guide to helping you with the investigation process is employee and administrative investigations ending with personnel investigations. Investigation Principles Investigations are the examination, study, tracking, and the gathering of factual information (Sennewald-Tsukayama 2006). With this being said the investigation process is more of an art form than it is science, but science in many investigations plays a large part. The person that is doing the investigation is the gather of facts; this person must hypotheses and is able to draw a conclusion that is based on the information and the evidence. The basic principle in investigation is that the process is a comprehensive activity that involves the collection of information with the application of logic and the ability to use sound reasoning. The basic end result in any investigation is that it is a factual explanation of what has happened if the issue or incident is that of history, or what is occurring, or if the issue is of the present (Sennewald-Tsukayama 2006). There are two types of investigations...

Words: 4173 - Pages: 17

Premium Essay

Inb255 Security Log News

...SCIENCE AND ENGINEERING FACULTY INB255 Security Semester 1 2014 Security News Log News 1 Title: Heartbleed: Serious OpenSSL zero day vulnerability revealed Author: Steven J. Vaughan-Nicols Reference details: Vaughan-Nicols, Steven J. (2014). Heartbleed: Serious OpenSSL zero day vulnerability revealed Retrieved From: http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/ Summary: Heartbleed bug is one of the latest bug, and a quite dangerous one as well. It was found in OpenSSL cryptographic library. This bug can be used to reveal secured message contents, online credit card transactions. It is also capable of collecting primary and secondary SSL keys. So it can practically hack a system and leave without leaving a trace of what it did. Cloudfire, a security company said that, they have fixed the bug. However their method was not suitable for broad use. A lot of companies are working to fix this bug. Type of information asset item refers to: The information asset this article is referring to can be personal details, passwords or confidential messages. Value of asset to person/organization: The value is not determined in this article, as heartbleed is a new issue. However due to it’s capability, it is safe to assume that it can access personal data and modify them. In that case data might become unavailable to user himself. Security goals compromised: This bug is capable of breaching...

Words: 1318 - Pages: 6

Premium Essay

Rodman V. New Mexico Employment Security Department, 764 P.2d 1316 (N.M. 1988)

...Rodman v. New Mexico Employment Security Department, 764 P.2d 1316 (N.M. 1988). Facts: Ms. Rodman was an employee of Presbyterian Hospital for nearly eight years as a unit secretary. On February 17, 1987, the appellant was terminated under hospital personnel policies following a “third corrective action” notice. Ms. Rodman was reprimanded in June of 1986 in light of receiving an inordinate number of personal calls and visitors at her work station. The formal reprimand set forth conditions to prevent further corrective action. The conditions were as follows: no personal telephone calls during work hours outside of a designated break or dinner time, these are to occur in an area not visible to patients, physicians, or other staff. When leaving for dinner, Rodman was to report to her immediate supervisor and was not to leave the hospital. According to the testimony given by Rodman’s supervisor disruptive telephone calls continued. In November of 1986 Ms. Rodman received another written reprimand stating that her job was in jeopardy. Ms. Rodman’s supervisor established restrictions prohibiting visitors at the department and instructed her to notify security if there was a potential problem. On February 15, 1987 Ms. Rodman began work a 1:00 p.m. Ms. Rodman had spoken to her boyfriends’ mother earlier informing her she did not wish her boyfriend to use her car and that she had broken off their relationship. When the boyfriends’ mother called Ms. Rodman...

Words: 1030 - Pages: 5

Premium Essay

Brief for the New Cso, Which Will Provide Her with the Basics of Cyber Security, Acquaints Her with the Current Threats Facing Your Organization's Data Infrastructure, and the Legal Issues Related to Protecting the Enterprise.

...The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability Paul K. Kerr Analyst in Nonproliferation John Rollins Specialist in Terrorism and National Security Catherine A. Theohary Analyst in National Security Policy and Information Operations December 9, 2010 Congressional Research Service 7-5700 www.crs.gov R41524 CRS Report for Congress Prepared for Members and Committees of Congress The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability Summary In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide. From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful...

Words: 5499 - Pages: 22

Free Essay

Cyberlaw Tft Task 1

...New Policy Statements for the Heart-Healthy Information Security Policy New User Policy Statement The current New Users section of the policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” There are procedures for creating new user account profiles. HIPPA requires that an Information Security Officer (ISO) must be assigned to the network account profiles. This appointed person(s) is usually the network or system security administrator of the organization. Once this role is assigned, the security administrator can create network profiles and assign the new user to such specified profile. The network profiles are implemented in accordance with least privilege access. This means that data intended for use will only be available to the specified profile. This method protects the privacy of the data during transmission. This process complies with the 4 standard Federal regulatory requirements stated in this policy: FISMA, HIPAA/HITECH, GLBA, and PCI-DSS. Once the network account profiles are created, a new user is created and assigned. To implement a strong access control measure, a unique user identifier must be assigned to the new user account. Before the new user account is activated, the network or security administrator will need to...

Words: 971 - Pages: 4

Premium Essay

Aviation & Transportation Security Act

...Aviation Aviation and Transportation Security Act Abstract The passage of the Aviation and Transportation Security Act (ATSA) in 2001 changed the way the aviation industry operated and how passengers travel. The ATSA forced the US Government and aviation to change its security culture to ensure protection of passengers and employees from future attacks like those that occurred on September 11, 2001. The ATSA was passed and signed into law in direct response to the security vulnerabilities that surfaced during the 9/11 attacks. This paper will demonstrate how the ATSA affected how US Government agencies and aviation industry upgraded security processes in an effort to prevent terrorists from attacking the US in the future. Aviation and Transportation Security Act After the September 11, 2001 terrorist attacks, the United States Congress turned its focus towards tightening airport security by voting to standardize airport security nationwide. Before 9/11, airport security was the responsibility of airports and contracted security services utilizing unskilled passenger and baggage screener personnel. Screeners where overworked and received a minimum wage average salary. Many mistakes caused by inadequate employee security training created numerous security vulnerabilities throughout the aviation industry. After the 9/11 attack, a federal government controlled, stricter, and more sweeping passenger and baggage screening replaced this flawed system. With the aid...

Words: 2440 - Pages: 10

Free Essay

Human Security and Human Rights

...doors for a new era in the international relations history, the era of globalization. New actors, new events, new issues being securitized and new approaches of international relations, particularly of International Security Studies came out in this period. With this set of new affairs, the concepts of Human Security and Human Rights gained relevance in the international security and international norms field. And because those terms are still contested among both the academics and the States’ decision-makers, there is a need for us to understand what they really mean. The purpose of the present essay is to bring forward the differences between Human Security and Human Rights, regarding the fact that they are very similar and complementary, and also to understand the implications that the emphasis in the concept of Human Security have for the States foreign policy and for the international order and justice. The essay is composed by an introduction, a main body where we develop the answers for the research questions, a conclusion and finally the references. 2. The Prominence of the Concept Human Rights in International Relations 3.1. Human Security different from Human Rights? Despite the fact that the Universal Declaration of Human Rights (UDHR) was adopted in 1948, due the debate raised because of the Holocaust, the WWII and many others factors, it is known that Human Rights gained more emphasis in the post-Cold War period, when the emergence of new wars (no longer...

Words: 1597 - Pages: 7

Premium Essay

A Big Idea

...under the concept of ‘national security’. This trend is driven by two simple ideas. First, countries and their citizens face many different types of security threats, and they all need to be taken seriously and given due attention and priority. Second, government has many different types of policy instruments that can be used to manage this range of security threats, and they can and should all be used in the most cost-effective combination to address the full range of security challenges. From these two ideas naturally springs a third: that governments should view the security threats they face, and the responses they make to them, holistically, and unite them under an overarching National Security Strategy. We might call these three ideas collectively ‘the idea of national security’. It is no coincidence that this idea emerged in the years after the Cold War. For forty years until 1989, one specific security issue—major war—was seen to have dominated threat perceptions, and one specific policy instrument—conventional armed forces and the intelligence apparatus that supported them—was seen to have dominated national policy priorities. As this era passed, it was natural that 2 political leaders, policymakers, analysts and voters would start to shift their attention to new threats and their priorities to new policy approaches and instruments. And sure enough, a host of new security issues swiftly emerged, demanding new policy instruments and new uses for old ones. This was a complex...

Words: 1160 - Pages: 5

Free Essay

History of Java

...Name: Tooba Mukhtar Class: Bscs 6th HISTORY OF JAVA * 1990 - Sun Micros Decided To Develop Special Software Used To Manipulate Consumer Electronic Device. * 1991 - Sun Micros Developed A New Language Called Oak. * 1992 - Green Project Team By Sun Demonstrated The New Language To Control List Of Home Applications. * 1993 - Developed Web Applets Using New Language That Could Run On Any Computer Connected To Internet. * 1994 - Developed New Browser Called Hot Java To Locate And Run Applet Program On Internet. * 1995 - Renamed Oak To Java And Many Browser Like Netscape And Ie Supports To Java. * 1996 - Sun Releases JDK 1.0. * 1997 - Sun Releases JDK 1.1 * 1998 - Sun releases Java 2 with version of software development kit. * 1999 - Sun releases Java 2 platform ,standard edition (J2SE) and enterprise edition(I2EE). * 2000 - J2SE with SDK 1.3 was released. * 2002 - J2SE with SDK 1.4 was released. * 2004 - J2SE with JDK 5.0 was released.it is known as J2SE 5.0 * 2006 - Java SE 6 * 2007 - Java sun made Java technologies as free software under general public license. Java SE 6 Update 1 Java SE 6 Update 2 Java SE 6 Update 3 2008 - Java SE 6 Update 4: HotSpot VM 10 Java SE 6 Update 5 Java SE 6 Update 6 Java SE 6 Update 7: Unofficially, Java SE 6 Update 7 (1.6.0.7) is the last version of Java that was shown to be working on the Win9x family of operating systems ...

Words: 986 - Pages: 4

Premium Essay

Alternating State Government It Security Policies

...Alternating State Government IT Security Policies University of Maryland University College Europe Instructor: Professor Cybersecurity in Government Organizations CSIA 360 24 April 2016 The purpose of IT Security Policies within the state governments IT security policies are the foundation that any business or government should have implemented with their IT systems before the systems are going to be accessed or in other terms used by users and or customers. The successful implementation of such IT security policies are necessary for the infrastructure of IT systems that are going to be operated safely. IT security policies normally are papers that address the requirements of the system’s rules that are to be fulfilled, which usually is a defined set of rules. The individual IT security policy addresses a specific area in detail like such as an acceptable user policy that outlines how the system is to be used with what each user can perform on the system (SANS, 2016). Each individual state is responsible for implementing its own IT security policy because there is no precise must do practice in place when it comes to fulfilling IT security policies for the state governments. State agencies and offices are responsible for their own IT security policies. Each state addresses IT security policies and the associated problems with implementing these, but two states barely mention the topic, which reflects with rare information concerning their cybersecurity plans...

Words: 1515 - Pages: 7

Premium Essay

Securities Market

...Securities Market To meet enormous capital requirements, the companies rely on individual and institutional investors. The capital (long term) require by the company is divided into small units of fixed amount. These units are called ‘shares’. Companies issue these shares to the public to raise owned capital i.e.., shares represent ownership interest. Additional capital required for medium and short period, can be raised by the company through ‘Debentures’. The debenture is an acknowledgement for raising loan from the public, by the company. Debentures denote creditor ship interest. Securities A ‘Security’ means a certificate or document indicating either ownership interest (share) or creditor ship interest (debenture). Types of Securities ‘Securities Market’ refers to both the place and the persons who deal with securities. It includes buyers and sellers of securities and agencies/institutions which help in the buying and selling of securities of companies and government. Securities market may be classified into two categories:- Primary Market ‘Primary Market’ denotes the market for new issues. It has no physical existence. It is concerned with the floatation and issue of new shares and debentures by new or existing companies. The shares are offered to the public. The primary market establishes a linkage between the companies raising finance and the investing public. To make new issues, companies are assisted by brokers, underwriters, or commercial banks. Methods...

Words: 578 - Pages: 3

Premium Essay

Ngineer

...Cycle ENISA: Risk Management and Isms activities An information security management system[1] (ISMS) is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of BS 7799. The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. Contents * 1 ISMS description * 2 Need for an ISMS * 3 Critical success factors for ISMS * 4 Dynamic issues in ISMS * 5 See also * 6 Notes and references ISMS description As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. ISO/IEC 27001:2005 therefore incorporated the "Plan-Do-Check-Act" (PDCA), or Deming cycle, approach: * The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls. * The Do phase involves implementing and operating the controls. * The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. * In the Act phase, changes are made where necessary to bring the ISMS back to peak performance. ISO/IEC 27001:2005 is a risk based information security standard, which means that organizations need to have a risk management...

Words: 5234 - Pages: 21

Premium Essay

Ssss

...relatively new businesses (often high-risk) in exchange for stock. * Individual venture capitalists invest their own money; so-called “angels” are usually individual investors, but they tend to specialize in smaller deals. To limit their risk, venture capitalists generally provide financing in stages. First-stage financing might be enough to get a prototype built and a manufacturing plan completed. Second-stage financing might be a major investment needed to begin manufacturing, marketing, and distribution. Mezzanine level financing refers to the level just above the ground floor. * Private equity is often used to label the rapidly growing area of equity financing for nonpublic companies. * Usually entails some hands-on guidance * The ultimate goal is usually to take the company public and the VC will benefit from the capital raised in the IPO * Many VC firms are formed from a group of investors that pool capital and then have partners in the firm decide which companies will receive financing Choosing a Venture Capitalist * Financial strength is important * Style is important * References are important * Contacts are important * Exit strategy is important The Public Issue * Public Issue—the creation and sale of securities, which are intended to be traded on the public markets * All companies on the TSE(Toronto Stock Exchange) come under the Ontario Securities Commission’s (OSC) jurisdiction The Basic Procedure for a New Issue ...

Words: 1620 - Pages: 7

Free Essay

Human Security

...POSSIBILITIES AND LIMITATIONS PRESENTED BY THE NEW LIBERAL APPROACH OF HUMAN SECURITY By ANON INTRODUCTION 1. ‘Human Security’ is an emerging paradigm which is used to understand contemporary security issues that affect the individual rather than the state. The notion of ‘National Security’ where the perceived threat came from another state intending to attack other states borders is being re-viewed. “Ideally, ‘national security’ and ‘human security’ should be mutually reinforcing, for the past 100 years far more people have died as a direct or indirect consequence of the actions of their own governments or rebel forces in civil wars than have been killed by invading foreign armies. Acting in the name of national security, governments can pose profound threats to human security”. 1 The stability of states in relation to ‘human security’ is viewed as issues that directly effect the population rather than the government. The fundamental objective of ‘human security’ is the freedom from fear and want. This paradigm has a number of possibilities and limitations that make it a challenging new concept. STRATEGIES FOR SUPPORT 2. The ‘Human Security’ paradigm provides the possibility to develop complex strategies which will enable timely intervention by the international community in order to provide support to countries and states that are unable to independently resolve ‘human security’ issues. By understanding the concept of ‘human security’ it is easier for the international...

Words: 1939 - Pages: 8

Premium Essay

Case Study Data Breaches and Regulatory Requirements

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1570 - Pages: 7