Abstract The purpose of this paper is to discuss the security and vulnerabilities dealing with network security and management policy in information technology to maintain the integrity, confidentiality, and availability of a system or network, its information, resources, and its immediate infrastructure. The topics are the overview of Web services, social engineering, system components, architecture, protocols, future security trends, security vulnerabilities programs, the evolution of network security, internet vulnerabilities, online security and the protection of civil rights, practical attacks on mobile cellular networks and possible countermeasures, analysis of network security policy-based management, the risks and threats that …show more content…
The conclusions will draw forth all the findings and results that were found during the research of this paper.
Threats & Vulnerabilities
The security threats and vulnerabilities in information security are weaknesses that expose people and companies to risks that are either acceptable or mitigated. The key to understanding vulnerabilities is the first step of mitigating or accepting them. Risk revolves around and is caused by business disruption, financial loss, damage to reputation, loss of privacy, loss of life, loss of confidence, legal penalties, and impairs business growth.
The concerns about security are a major deterrent to companies considering the use of technology (Kearney, Chapman, Edwards, Gifford, & He, 2004). The security threats are caused by angry or disgruntled employees, dishonest employees, criminals, governments, terrorists, the News and press, competitors of other businesses, hackers, crackers, and natural disasters or unforeseen events that may occur. The vulnerabilities are the areas that have yet to be found, updated, or patched. The vulnerabilities are caused by software bugs, broken processes, ineffective controls, hardware flaws, business changes, old or legacy systems, inadequate business continuity plan, and of-course human error.
An employee can fall under two categories and they are current and former. Current employees cover a lot of the normal business process of day
Because technology is consistently growing and changing, preventative measures must include flexibility to allow for change and growth. Without these considerations, a business could jeopardize themselves by restricting the ability to expand or even update the systems with necessary security patches. Preventative measures should include future growth. As technology grows, risks increase. Protection mechanisms will change as new threats are introduced to business as well as new legislations. Many security standards are based on data protection regulations and as laws change or new laws are introduced, information technology is the most costly element in ensuring compliance. There could be costly ramifications with poor planning.
The next step is to identify the risks, threats and vulnerabilities. Hackers attack from the Internet, failure of hardware or software systems, or network outages are the most common threats. And common vulnerabilities are absence of firewall and antivirus software, absence of update patches, not adequately trained associates etc.
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
In order to diminish both security and privacy risks to organizations, measures need to be taken to combat risks throughout the various stages of the threat’s life cycle. Specific processes must be implemented to identify threats, procedures to follow when the attack occurs, and finally methods to recover from the attack (Houlding, 2011).
Security vulnerabilities can be defined as an unintended flaw in the system that leaves opportunity for unauthorized access of malicious software such as viruses, Trojans, worms and other malwares. It can result from bugs in software and weak passwords. These require fixes in order to prevent the integrity of the system compromised by hackers or malwares. Hackers try to steal sensitive data such as corporate or personal information.
Security flaws or vulnerabilities have increased and spread rapidly over the past several years. More and more vulnerabilities are being discovered by security experts worldwide. Some of these flaws have proved to be extremely dangerous and lethal as they have caused unmeasurable damages to industries and organizations as well as individual users. Security vulnerability can be identified as a fault or weakness in a product or system that allows an attacker to exploit and manipulate that particular vulnerability and compromise the confidentiality, integrity and availability of that product or system (Definition of a Security Vulnerability ).
While running businesses, owners must be aware of crucial security threats that their organizations are exposed to in order to formulate
C. Risk management – There are always risks involved with change or creating an IT infrastructure. Up front funding risks can be minimized by having a detailed plan and knowing what you want. Training is another common risk for implementing an IT infrastructure. Many of the functions may be new to the employees, which presents a steep learning curve. This risk can be managed by ensuring that all employees are fully engaged in training and that training is something that is continuous to ensure level of knowledge is maintained. Finally, security is a risk that will not only be on the mind if the business, but the customers as well. Compromising sensitive information can not only hurt business, but result in legal action. This risk will be minimized by ensuring that security measures are put in place by the installation team. This will include both hardware and software. Also, a security disclaimer will be placed on both company documents and the website to let the customers know that their information is safe and will not be used for any illegal activity.
4. Security Awareness: A large percentage of successful attacks do not necessarily exploit technical vulnerabilities. Instead they rely on social engineering and people’s willingness to trust others. There are two extremes: either employees in an organization totally mistrust each other to such an extent that the sharing of data or information is nil; or, at the other end of the scale, you have total trust between all employees. In organizations neither approach is desirable. There has to be an element of trust throughout an organization but checks and balances are just as
This area of the Security Policy articulation presented is a report that all in all make up the Security Policy that administers the activities of the Campbell Computer Consulting and Technology Company. The security strategy covers the accompanying:
A threat is anything that represents a risk to information property. There are many several threats that represent a persistent danger to people and organizations information assets. In this report, I will cover four remarkable threats and their countermeasures. These threats are Security threats, Netiquette threats, Privacy threats, and Ethics threats.
There are a variety of vulnerability identification factors that are seen as critical. The types of vulnerabilities associated with the Information Technology System depend on the nature of the system itself. Certain rules govern what action should be taken in this step. If the system has not yet been designed, the search for vulnerabilities should concentrate on the security policies of the organization, security procedures, system requirement definitions, vendor and developer’s product analysis. If the system is being implemented the identity of vulnerabilities should to expanded to include more specific information including security features described in the security documentation and results of the security certification test and evaluation. If the system is up and running, then the analysis of the IT system security features and security controls, technical and procedural should be used to protect the system. A table of Security Criteria can be found below:
During an initial review of data for Jacket-X from last year, several potential threats and vulnerabilities were identified. Specifically, the payroll business process was highlighted as containing threats and vulnerabilities requiring immediate attention from management in order to prevent a data breach. Recall threats and vulnerabilities, although often utilized together in discussing cybersecurity risks, are two separate concepts. To review, a threat is defined as an undesirable event that can cause harm”. It is also important to note that threats can be internal or external to an organization (Valacich). Alternately, a vulnerability is defined as a “weakness in an organization’s systems or security policies that
Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.