StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Identifying Threats and Vulnerabilities to Computer - Report Example

Cite this document
Summary
The paper "Identifying Threats and Vulnerabilities to Computer" discusses that there is a need to explicitly differentiate the roles of the employees and to stress the importance of maintaining the secrecy of protected information and carrying out their duty responsibly…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.1% of users find it useful
Identifying Threats and Vulnerabilities to Computer
Read Text Preview

Extract of sample "Identifying Threats and Vulnerabilities to Computer"

Assessment Computer Security Program Matriculation number Word Count: 1526 words Contents 3 Introduction 4 Identifying Threats and Vulnerabilities 4 Examination of the Security Principles Broken 4 Recommendations 5 References 7 Abstract Computer security refers to the minimization of vulnerabilities to assets and resources. There is no such thing has 100% security, although one can get close to it. The case study provides an example of how security lapses can occur and expose the system’s vulnerabilities. This paper looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken. It also provides recommendations for them. Threats to the system include the absence of multilayered protection. The ease with which the junior officer accessed the DRS is suggestive of implies threats too. The backup copies were not functional and the ease of access meant that the information is at a greater risk. There were also a number of security principles that were broken. These include the need for professionals to have knowledge about their profession, lack of responsibility by the duty manager etc. The recommendations encompass the development of multifactor authentication, a risk management system, introducing firewalls etc. Introduction One of the oldest definitions for security is that it is the process whereby steps are taken to minimize vulnerabilities of assets and resources. Security encompasses the elements of keeping information confidential and of upholding the integrity and availability of resources; these three elements are often used to describe computer security goals (Stallings 2009). It is often associated with the three As: authentication, authorization and accountability. Security does not entail the elimination of every threat or vulnerability to the system; rather security implies that there is no such thing has 100% security, although one can get close to it. Computer security gives rise to the notion of protecting systems from a technological point of view, as well as making systems more secure on the basis of human factor (Trček 2006). When securing data, the link between security and accessibility comes into limelight. The more accessible data is made, the lower will its security be, making it more vulnerable to threats. On the other hand, security will be high if the data is secured tightly, causing obstacles in accessibility (Cross & Shinder 2008). Computer security is also regarded as a compromise; it is seen that the greater the security, the difficult it is for users to work with the system (Salomon 2006). The case study provides an example of how security lapses can occur and expose the system’s vulnerabilities. This paper looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken. It also provides recommendations for buttressing the security of the computer systems based on the identified threats and vulnerabilities. Identifying Threats and Vulnerabilities Threat to a computing device is referred to as any potential happening, either unintentional or malicious, that may cause undesirable effects on the asset (Newman 2009). One of the main security issues that the event brought into limelight was the ease with which a junior employee was able to change the keys for the encryption on the database. There was no layered security protocol and a simple password provided the user access to valuable information. Moreover when the junior officer had logged into the system using the password of the duty manager, a message came up asking the officer to change the crypto keys on the DRS. Giving away the password to a junior officer and allowing him access to company files and other information which constitute a large value of the company gives rise to threats to the security of the computer. The junior officer did not know much about the application that launched to change the keys. The application could have been a malicious software too and could have corrupted the entire system if the junior officer simply ‘pressed a few buttons’, causing the application to disappear. The junior officer did not know about the right tape to be used for backing up the information. He used the wrong tape, causing important information from the past two weeks to be rewritten and hence lost. This also entails that anyone who has the password could use the backup tapes to wipe out the information stored. There were not sufficient backup copies of the information, and there was also doubt regarding their reliability since it was the last backup tape that finally worked and reset the system. Examination of the Security Principles Broken One of the blunders that occurred was the changing of the keys before the database was backed up. This resulted in the backup to be accessible by the old key only. When need arose to reset the system by using a backup, the procedure failed to come through because the backup was protected by the old key. The event also showed that the there was little know-how regarding restoring the backing tapes. The backing tapes had to be restored three times before they finally worked and the process was a learning experience for everyone. The staff was not adequately trained enough to deal with such situations and to reset systems from backup copies. This shows that sufficient and comprehensive integration of the security program with system operations was not present. This principle states that the people who are in charge of the security program should be able to comprehend it, its mission, its technology and the environment in which it functions (Swanson & Guttman 1996). The event also highlights that there are little or no steps taken for risk management by Attica. Risk management is important in preventing the occurrence of adverse events and reducing the risk to a minimal level. Another security principle that was not followed was that the duty manager did not inform the junior official about the application that caused the keys to be changed. The lack of knowledge of the junior officer regarding the tape set to be used is also representative of poor conformation to security principles. The backup tapes were not functional since it took three tries to reset the system. In the end, it was the final backup tape that worked and caused the system to be reset. This shows a breach of the security principle that computer security should be periodically reevaluated (Swanson & Guttman 1996). The designation of the junior officer to perform such important work as backing up the system was an expression of lack of responsibility by the duty manager. The duty manager was given higher status and entrusted with greater responsibility than the junior officer. One of the security principles is that the responsibility of the employees should be made explicit (Swanson & Guttman 1996). The event shows a breach of this principle with the attitude of the duty manager representing lack of responsibility. Moreover, a password to important and valuable information of the company needs to remain the knowledge of a selected group of authorized personnel. Giving away the password to a junior officer takes away the meaning and purpose of setting a password in the first place. Recommendations I propose the following recommendations to improve the security of the computer systems and to minimize the threats and vulnerabilities. One of the foremost recommendations is to install a multilayered security system. This would prevent any unauthorized person from gaining access to valuable information regarding the company if he or she has acquired a password. Multilayered security involves installing multifactor authentication. There are many proposals in the market that provide two or three factor authentication. Multifactor authentication requires that three aspects are addressed, i.e. something that you know (like a password), something that you possess (such as a USB flash) and something that you are (includes biometric qualities); passwords also need to be different as well as using the same password everywhere would be a potential mistake (Dekart 2011). This would not only ensure that there is a high degree of protection available for the information you have stored in the DRS but also requires that only certain authorized individuals can access the database. Multifactor authentication is believed to take security to a whole new level. Attica already uses encryption to store important information. However, keeping in mind the ideal security protocol, there is a need to regularly update the security measures. A lot of factors can have an influence on computer security such as technological advancements, linkages to external environments, modifications in the worth or utility of information and the occurrence of a new threat. This follows that the security system should be upgraded on a regular basis. The organization should take steps for the development of a risk management system. No organization is risk proof; however the adoption of certain protocol and development of risk management systems can help the organization to decrease the probability of occurrence of an adverse event. Risk assessment compromises determining the scope and procedure needed to carry out the assessment, assimilating and interpreting data and interpreting the results of the risk assessment. Interpretation of data requires asset valuation, consequence assessment, likelihood assessment, and safeguard and vulnerability assessment (Swanson & Guttman 1996). Risk mitigation is the process whereby steps are taken to reduce risk and to manage it effectively. Selection of protection methods, acceptance of residual risk and implementation of controls and monitoring effectiveness form the various stages of the risk mitigation process. Furthermore there is a need to explicitly differentiate the roles of the employees and to stress upon the importance of maintaining secrecy of protected information and carrying out their duty responsibly. The employees should be given adequate training of the events that are not very likely to occur and they should have in-depth academic knowledge of their tasks. In this case, Attica needs to spend time developing functional copies of the information. Computer security personnel and other professionals should be aware of the consequences of security breaches, which may result in huge financial losses for the organization. Introducing firewalls can also prove to be effective in regulating the information that users can access from other computers. Thus, following the guidelines for protecting computers such as installing security software, using software patches, using software from reliable sources and avoiding opening emails and websites that are not safe can prove to be effective in building baseline security (Parsons & Oja 2008). References Cross & Shinder 2008, Scene of the Cybercrime, 2nd edn, Syngress, Burlington, MA. Dekart 2011, Main principles of computer security – learn how to protect your PC, Dekart, retrieved 16 February 2011, Newman, RC 2009, Computer Security: Protecting Digital Resources, Jones & Bartlett Learning,Sudbury, MA. Parsons, JJ & Oja, D 2008, Computer Concepts Illustrated Introductory, Cengage Learning, Boston, MA. Salomon, D 2006, Foundations of computer security, Springer, Berlin. Stallings, W 2009, Operating Systems: Internals And Design Principles, 6/E, Pearson Education India, Delhi. Swanson, M & Guttman, B 1996, Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST, retrieved 16 February 2011, Trček, D 2006, Managing information systems security and privacy, Springer, Berlin. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Computer Security Report Example | Topics and Well Written Essays - 1500 words - 1, n.d.)
Computer Security Report Example | Topics and Well Written Essays - 1500 words - 1. https://studentshare.org/information-technology/1748601-computer-security
(Computer Security Report Example | Topics and Well Written Essays - 1500 Words - 1)
Computer Security Report Example | Topics and Well Written Essays - 1500 Words - 1. https://studentshare.org/information-technology/1748601-computer-security.
“Computer Security Report Example | Topics and Well Written Essays - 1500 Words - 1”. https://studentshare.org/information-technology/1748601-computer-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Identifying Threats and Vulnerabilities to Computer

An Assessment of the Vulnerabilities of the iPhone

An Assessment of the vulnerabilities of the iPhone ... he various six steps in the vulnerability analysis help in the easy identification and the evaluation of the various vulnerabilities found in the various steps where the identification is necessary.... The various six steps in the vulnerability analysis help in the easy identification and the evaluation of the various vulnerabilities found in the various steps where the identification is necessary....
20 Pages (5000 words) Dissertation

Computer Security and the Systems Vulnerabilities

The essay looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken.... This paper looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken.... It also provides recommendations for buttressing the security of the computer systems based on the identified threats and vulnerabilities.... dentifying threats and vulnerabilities ...
6 Pages (1500 words) Essay

Threats to Mobile Phone Users Privacy

When laptops are kept open as well as unattended, the physical vulnerability can occur as different relevant data becomes exposed to threats and network access can be done by others using the device.... Cybersecurity can be defined as the process of ensuring the protection of any computer-related system, software-based program along with data against unlawful use, transfer, disclosure, destruction, or modification either deliberate or unintentional.... Physical Vulnerability Tablet computer, smartphones, and notebooks among others are mobile devices which are taken by professionals and also different individuals when they are traveling or are used at home....
9 Pages (2250 words) Report

Network Security Best Practices

A risk assessment is a tool for identifying weaknesses and vulnerabilities within a network, and then assessing where to implement security and preventative measures.... With a constantly changing technological environment, malicious threats are continually adapting and evolving.... The document should never be considered complete, as threats are continually adapting, and in this way, so should the security policy.... Once a company knows how much its assets are worth, and what threats could potentially affect those assets, they are able to formulate intelligent decisions regarding how to protect said assets....
8 Pages (2000 words) Essay

Voice over Internet Protocol: Security, Vulnerabilities and Recommendations

Important VoIP communications should be encrypted Besides software, social control measures have also been discussed, which are just as important as deploying software controls due to human vulnerabilities.... All potential vulnerabilities must be identified.... Software controls try to prevent the exploitation of vulnerabilities but not all attacks can be contained by technical measures.... Many vulnerabilities are due to 'poorly designed implementations that can provide inroads to data networks....
8 Pages (2000 words) Research Paper

Information Technology and Information System Security

This clearly indicates that modifications such as developing a more generic methodology should be considered to minimize the exposure of my computing system and data to huge threats and vulnerabilities.... This methodology is ideal for this exercise simply because it identifies threats and it could help me to define the risk mitigation policies for my computer systems and information resources.... It becomes quite clear that the new generic approach will involve threat analysis and security metrics that will effectively prioritize threats and the associated vulnerabilities so as to continue enhancing the security of my computing systems and environment....
8 Pages (2000 words) Coursework

Security Threat Assessment and Security Risk Assessment

He sees the objective of risk management as that of creating a level of protection aimed at mitigating vulnerabilities to threats and the potential consequences, thereby reducing risk to acceptable levels (Katsicas, 2009).... In this regard, he states that risk management is the act of determining what threats the organization faces, analyzing the related vulnerabilities to assess the level of threat while determining how the organization will deal with the associated security risk....
5 Pages (1250 words) Essay

Comparing and Contrasting Security Threat Assessment and Security Risk Assessment

On the other hand, different types of threats could exploit various vulnerabilities with the objective of attacking one critical asset.... Therefore, security risk assessment is utilized to offer a comprehensive structure for analyzing security risk, which consequently can result in the uncovering of vulnerabilities and threats.... Although the threats to all assets may be developed as well as mapped individually, the most effective approach is by developing a list of different types of threats as well as identifying how they could be utilized for attacking a business or nation....
6 Pages (1500 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us