Abstract The purpose of this paper is to discuss the security and vulnerabilities dealing with network security and management policy in information technology to maintain the integrity, confidentiality, and availability of a system or network, its information, resources, and its immediate infrastructure. The topics are the overview of Web services, social engineering, system components, architecture, protocols, future security trends, security vulnerabilities programs, the evolution of network security, internet vulnerabilities, online security and the protection of civil rights, practical attacks on mobile cellular networks and possible countermeasures, analysis of network security policy-based management, the risks and threats that …show more content…
The conclusions will draw forth all the findings and results that were found during the research of this paper.
Threats & Vulnerabilities
The security threats and vulnerabilities in information security are weaknesses that expose people and companies to risks that are either acceptable or mitigated. The key to understanding vulnerabilities is the first step of mitigating or accepting them. Risk revolves around and is caused by business disruption, financial loss, damage to reputation, loss of privacy, loss of life, loss of confidence, legal penalties, and impairs business growth.
The concerns about security are a major deterrent to companies considering the use of technology (Kearney, Chapman, Edwards, Gifford, & He, 2004). The security threats are caused by angry or disgruntled employees, dishonest employees, criminals, governments, terrorists, the News and press, competitors of other businesses, hackers, crackers, and natural disasters or unforeseen events that may occur. The vulnerabilities are the areas that have yet to be found, updated, or patched. The vulnerabilities are caused by software bugs, broken processes, ineffective controls, hardware flaws, business changes, old or legacy systems, inadequate business continuity plan, and of-course human error.
An employee can fall under two categories and they are current and former. Current employees cover a lot of the normal business process of day
The next step is to identify the risks, threats and vulnerabilities. Hackers attack from the Internet, failure of hardware or software systems, or network outages are the most common threats. And common vulnerabilities are absence of firewall and antivirus software, absence of update patches, not adequately trained associates etc.
C. Risk management – There are always risks involved with change or creating an IT infrastructure. Up front funding risks can be minimized by having a detailed plan and knowing what you want. Training is another common risk for implementing an IT infrastructure. Many of the functions may be new to the employees, which presents a steep learning curve. This risk can be managed by ensuring that all employees are fully engaged in training and that training is something that is continuous to ensure level of knowledge is maintained. Finally, security is a risk that will not only be on the mind if the business, but the customers as well. Compromising sensitive information can not only hurt business, but result in legal action. This risk will be minimized by ensuring that security measures are put in place by the installation team. This will include both hardware and software. Also, a security disclaimer will be placed on both company documents and the website to let the customers know that their information is safe and will not be used for any illegal activity.
Security flaws or vulnerabilities have increased and spread rapidly over the past several years. More and more vulnerabilities are being discovered by security experts worldwide. Some of these flaws have proved to be extremely dangerous and lethal as they have caused unmeasurable damages to industries and organizations as well as individual users. Security vulnerability can be identified as a fault or weakness in a product or system that allows an attacker to exploit and manipulate that particular vulnerability and compromise the confidentiality, integrity and availability of that product or system (Definition of a Security Vulnerability ).
Security vulnerabilities can be defined as an unintended flaw in the system that leaves opportunity for unauthorized access of malicious software such as viruses, Trojans, worms and other malwares. It can result from bugs in software and weak passwords. These require fixes in order to prevent the integrity of the system compromised by hackers or malwares. Hackers try to steal sensitive data such as corporate or personal information.
During an initial review of data for Jacket-X from last year, several potential threats and vulnerabilities were identified. Specifically, the payroll business process was highlighted as containing threats and vulnerabilities requiring immediate attention from management in order to prevent a data breach. Recall threats and vulnerabilities, although often utilized together in discussing cybersecurity risks, are two separate concepts. To review, a threat is defined as an undesirable event that can cause harm”. It is also important to note that threats can be internal or external to an organization (Valacich). Alternately, a vulnerability is defined as a “weakness in an organization’s systems or security policies that
In order to diminish both security and privacy risks to organizations, measures need to be taken to combat risks throughout the various stages of the threat’s life cycle. Specific processes must be implemented to identify threats, procedures to follow when the attack occurs, and finally methods to recover from the attack (Houlding, 2011).
While running businesses, owners must be aware of crucial security threats that their organizations are exposed to in order to formulate
This area of the Security Policy articulation presented is a report that all in all make up the Security Policy that administers the activities of the Campbell Computer Consulting and Technology Company. The security strategy covers the accompanying:
Information security:When it comes to information security, every company faces a threat of losing important information through hackers, natural disasters and employee dishonesty. Loss of information could greatly affect the company 's activities and cause a slow-down in production.
There are a variety of vulnerability identification factors that are seen as critical. The types of vulnerabilities associated with the Information Technology System depend on the nature of the system itself. Certain rules govern what action should be taken in this step. If the system has not yet been designed, the search for vulnerabilities should concentrate on the security policies of the organization, security procedures, system requirement definitions, vendor and developer’s product analysis. If the system is being implemented the identity of vulnerabilities should to expanded to include more specific information including security features described in the security documentation and results of the security certification test and evaluation. If the system is up and running, then the analysis of the IT system security features and security controls, technical and procedural should be used to protect the system. A table of Security Criteria can be found below:
Three key factors in conducting a risk assessment identifying vulnerabilities, possible threats, and the associated risks, with operations, events, and other specified functions or roles. First and foremost, vulnerability, by definition, is identifiable weaknesses that can be exploited for malicious intent, gain unintended access, or even disrupt service. (Pinkerton, 2014) In the modern world, no product or security measure manufactured or implemented is invulnerable; in order to make technology work some vulnerability is accepted. In my place employment, there are numerous applications, servers, and other transmission capable devices that communicate in plaintext, which is susceptible to packet sniffing from hackers. However, the technologies would not operate as the developers intended without these vulnerabilities.
Threats and vulnerabilities could be explained separate, but since the two together equal risk together they shall remain. When considering threats in information systems security auditing all aspects must be thought of, but first what
Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.
Because technology is consistently growing and changing, preventative measures must include flexibility to allow for change and growth. Without these considerations, a business could jeopardize themselves by restricting the ability to expand or even update the systems with necessary security patches. Preventative measures should include future growth. As technology grows, risks increase. Protection mechanisms will change as new threats are introduced to business as well as new legislations. Many security standards are based on data protection regulations and as laws change or new laws are introduced, information technology is the most costly element in ensuring compliance. There could be costly ramifications with poor planning.
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.