Review Questions
1. What is the difference between a threat agent and a threat?
A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger. 2. What is the difference between vulnerability and exposure?
Vulnerability is a weakness is a system that leaves the system open to attacks. Exposure is the known vulnerabilities that make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security?
If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both
…show more content…
Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
Software, Hardware, Data, People, Procedures, Networks.
Data, software, networks and procedure are the most directly affected by the study of information security. Data and software are the most associated with the study of security. 9. What system is the predecessor of almost all modern multiuser systems?
The mainframe computer system. 10. Which paper is the foundation of all subsequent studies of computer security?
The rand report R-609. 11. Why is the top-down approach to information security superior to the bottom-up approach?
The bottom-up approach lacks support from upper management. The top-down approach offers more upper management support with more funding plus clear planning. 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?
A methodology is important because it avoids missing any steps to ensure security. 13. Which members of an organization are involved in the security system development life cycle? Who leads the process?
Security professionals are involved in the development life cycle. The date owner with the help of the senior management and the security team lead the projects. 14. How can the practice of information security be described as both an art and a science? How does security
Consider your case-study industry and the security discussions that are taking place there. Consider the security discussions that are taking place in this seminar. Delve into the models that have been explored and articulate what you and your colleagues think of these conceptual frameworks. Assess the overall value of models and frameworks to your industry's security environment. Reference sources and the interview will be essential to the success of this particular assignment.
1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?
The evolution and understanding of the importance of information security and risk management originates from the awareness for the potential of IT in business functions and as a business enabler. This was then
Computing environments are comprised of networks, operating systems, applications, and databases (Figure 1). Information security, as a practice, focuses on securing an organizations most important
The BSIMM states that intelligence practices result in collections of knowledge to use to carry out software security activities throughout your organization (2015). The collection of security knowledge included in the intelligence domain are policy, standards, design and attack patterns in reference to a secure architecture and secure development framework within the SSF (McGraw, 2006). This domain provides the essential resources to equip the staff with the necessary training for development and delivery. McGraw (2006) traced that the topics included are security knowledge and assurance activities with retrofitting of the existing courseware to software security concepts. Moreover, the SAS stated that the secure developments standards are met in the proper deployment of the intelligence domain. According to the SAS SSF, developers work with the standards and guidelines that provide the foundation for building secure software (SAS, 2015).
To forestall the troubles produced by employee use of information systems and other assets, producing a thorough information security design is almost significant. This program will provide the system with necessary details regarding the role of the organization’s assets.
1.A brief summary of the range, contents, and argument of the article. Despite substantial investments, there are still major security weakness in today’s information systems. Cyber attacks have become more ubiquitous and make the affected organizations lose millions or dozens of millions of dollars. It is obvious that the security of the IT systems is stagnating and possibly degrading. Hence, the author summarizes four anti-patterns that, based on empirical evidence, are particularly common and detrimental to a strong security posture. Also, the article gives suggestion for organizations to overcome those anti-patterns. The four anti-patterns are shown below. First of all, decision
1. How can a security framework assist in the design and implementation of a security infrastructure?
Without proper security, businesses may suffer the potential consequences of operational risks, making the position of corporate security manager vital for their success and safety. In conducting research, I discovered the potential consequences of not securing your business, and the importance of protecting the resources contained within your business, making it apparent businesses will require those with the expertise to handle these threats. So it is without fail, corporate leaders
There are two types of management approach to the IT security function in the organization. The first is the bottom-up approach. The implementation of the IT security audit is from the grass-root level, whereby, the systems administrator and technical officers are the one making the decision on how to improve the security systems. This is advantageous because they possess technical expertise to enable them to execute these IT security functions. However, even with the best technical expertise, IT security within an organization would still be vulnerable due to lack of participation support from top management and the users of these IT systems. Another management approach is the top-down approach.
Be able to examine security from a holistic view, including threat modeling, specifications, implementation, testing, and vulnerability assessment;
“In today’s competitive business environment, information is the lifeline of many organisations. It should therefore be protected, secured and managed accordingly” (Broderick, 2001; Finne, 2000; Posthumus and Von Solms, 2004; Squara, 2000, cited in Kritzinger & Smith, 2008). The protection of that value information is called ‘information security’. Its primary goal is protect the information ensuring its availability, confidentiality and integrity (Posthumus & Von Solms, 2004; Kritzinger & Smith, 2008; Tashi & Hélie, 2009; Fuchs, Pernul & Sandhu, 2011). Information security management is also about ensuring the security of information conducting proactive management of information security risks, threats and vulnerabilities (Posthumus & Von Solms, 2004; Kritzinger & Smith, 2008)
decisions regarding how and where security should be applied to ensure a favourable outcome for the enterprise. Analysis
First thing that comes to mind when we talk about information technology (IT) security is computer security. In todays world, as we know technology is on the rise and more and more threats are accruing each day. By increasing and taking proper security measures in the world of evolving information technology has assist organizations in protecting they information assets. As society has grown more complex, the significance of sharing and securing the important resource of information has increased. However, over the past years organizations, firms, and cooperate business has suffered deeply financially and reputational destruction because of lack of information security management. In the early century large companies, firms, and corporation needed to make it the priority to ensure they data and electronic system was secured. Nowadays, technology is spreading in such a short period of time that it affects every part of our everyday life. Technology is the main source on what we rely on consistently to manage daily assignments. Keeping in this in mind, if we do not treat IT security seriously it can affect everyone. From small to large organization information technology usually points to laptop or desktop computers, switches, routers, and servers that form a computer system. Also, some additional technology equipment information technology has included are phone and voice mail systems, cellular phones, fax machines etc. There has been a high dependency on
This project provides you an opportunity to apply the competencies gained in various units of this course to identify security challenges and apply strategies of countermeasures in the information systems environment.