Currently, the internet has become a significant infrastructure, which has brought new degrees of productivity, convenience, and effectiveness for the private and public firms. The many incidents of internet attacks reflect the vulnerability of the information systems, the severity of malicious programs and the offensive nature of technology. Similarly, either attackers can hide their identity, through disabling logging facilities or altering event logs, which makes them go undetected. On the other hand, some programs have the capability of disabling anti-virus or penetrate firewalls. This has made such security violations to have multi-dimensional impacts on individual internet users, businesses, time, human resources, loss of money, and psychological losses. This, on another hand, shows that the internet and the superior information infrastructure are not short of security violations (Wilson & Kiy, 2014).
Many scholars have given possible reasons the internet is vulnerable to these attacks. The reasons include failure to enforce policies, ignorance of new vulnerabilities and high expectations from technical skills. In addition, the scholars have suggested that these risks result to insecurity challenges for the information society. Although governments have made efforts to enhance security on their own computer, networks to prevent attackers from gaining access to computer systems (Li, 2006). In fact, most of the governments across the world have shown their concerns to the private sector, mainly due to them becoming targets of these attacks. Overall, cyber attacks have consequential influential impacts, mainly economic effects, because companies end up becoming targets of blackmail and loss of both financial information and money.
Cyber security is a proportional concept. On one hand, it includes a comparison between security and attack methods. On the other hand, it entails a comparison between varying security methods. In the computer world, it is common knowledge that the attack methods develop faster when compared to the security techniques, regardless of the motives. In other terms, the hardware components, software, including other information system constituents are always at risk, which makes them exploitable. In respect to the comparison between the different security methods, the existence of different settings, use of different hardware, and software, and the use of different security methods, they all result to the difference in the levels of security. Therefore, this makes it clear that every organization will have a different security level (Li, 2006).
Owing to the different views on cyber security, including the approaches used to ensure that systems are safe; there are four renowned concepts of cyber security. They include a five-layer model of computing systems, a payload vs. protection paradigm, the nine Ds of cyber security and differentiation of the security threats into distinct categories. The significance of the concepts was illustrated by examining a disturbing cyber security threat, which was easy to study and almost predictable in respect to the concepts, but of which were previously unknown. In order to attain effective protection, it is important to develop a strategy, which should be central to the analysis of relevant and potential threats (Li, 2006).
Alternatively, it is essential to model the existing computing systems as comprised of various levels to make evaluation possible. Some of the renowned examples are the TCP/IP model, which has various differentiations in four, five, and seven layers, including the four-layer privilege ring model. The five-layer model comprises straightforward categories of observable attack vectors. Computing systems are perceived as a combination of two parts: (1) the functionality, which result to an asset value (payload), and (2) the measures, which the asset owner puts in place to manage the use (protection). Lastly, the nine Ds, which are the most utilized frameworks, can help in achieving a balance, mainly because they provide an easily remembered approach, which are central to the DoD's three tenets of cyber security (Wilson & Kiy, 2014).
Significant Threat to Data
Phishing refers to ways used by cyber criminals to target organizations in order to access the company's private information. This approach uses emails, which most of the time contain malicious codes. Once one opens the email, then all our systems can become undermined. In this regard, cyber criminals have tried using this method, but most of the times we have emerged successful. Our company has installed enterprise-level email security software, which checks both incoming and outgoing email messages (PATC, 2010).
Poor Configuration Management
Although we are professionals in the area of cyber security, we have witnessed cases where some staff fails to follow the organization's configuration management policy. Owing to the vast use of networking, our company requires strong security, which restricts the computers that can connect to the company's network to make it safe from this attack. In addition, the firm has implemented a Network Access Control Solution, which helps in enforcing configuration policy needs (PATC, 2010).
Although this has not happened in the organization, it is a possible approach. This is due to the many workers who use smart phones, and their security is easily breached. Actually, this has complicated the approaches to security, considering that it is possible for the mobile phones to get lost, or cyber criminals can compromise those using malicious codes. Therefore, the firm has offered to encrypt the employee's mobile phones, and alternatively, the company is opting on implementing a strict policy, which will confine the utilization of smart phones in the work environments (PATC, 2010).
We also appreciate the fact that it is possible to have employees who cyber criminals can compromise to provide authentication information, and other relevant information, which can make the organization vulnerable to attacks. Therefore, we have provided several employees with different accounts, or rather different levels of access to the firm's systems. In addition, all the computers have disabled "auto-run" and sensory alarms in an event an employee plugs in or out a removable media (PATC, 2010).
As noted, cyber criminals target several types of enterprises, particularly when the firm or organization is dealing with information systems, and the internet. In this context, our company deals with information technology, and offers protection to cyber attacks. Therefore, our company qualifies as a high profile company, which can be a possible target from the cyber criminals. In addition, it is essential to know that we provide IT personnel for several government and private contracts. In fact, we encounter classified government information at various levels, in our course of work (Moore, 2005).
The documents we hold for the private sector, especially those with financial information, makes us possible targets from cyber criminals. Then again, our corporation has a valuable IP. Our security provision activities that have seen to success in the protection of data, networks and computer systems, have made some of the cyber criminals angry. For example, it is only a month ago when we received an infected mail, but due to our expertise, we were able to establish that the mail would cause harm to our systems (Moore, 2005).
Therefore, this is only proof that we are, and we will continue being targets as long as our business continues. Last year, we managed to secure the government's infrastructure from possible breach and later on, we received a warning message. The most significant achievement from our side is the security we provided to the electoral system from possible bugs, which were meant to manipulate the results. Therefore, our sophisticated activities make cyber criminals to get us out of business because we have served as obstruction to their anticipated "success."
Risk management is a discipline by itself and can occur in any type of organization. In this context, it is a process used by organizations to spot, examine, assess, and treat loss exposures, monitor risk manage and financial reserves to moderate the bad influences of loss. In fact, the concept of risk management was only used in business, or organizations dealing with production and such; however, with the advancement in technology the concept has been utilized and integrated in cyber security. It is because cyber attacks are possible threats to the success of an organization, mainly because it compromises the security of the organization (Kenneth & Jane, 2000).
Research has shown that security breaches have reached alarming rates, which have amounted to loss of money in billions. Therefore, this calls for risk management to ensure that it is possible to identify areas of vulnerabilities in a system and ensure it is safe. Organizations are now engaging in risk management to identify vulnerable assets, which has resulted to protection of crucial data. It is, however, impossible to prevent cyber attacks, but it is possible to know the emerging attacks, which help organizations to stay updates in case of such an attack (Kenneth & Jane, 2000).
Most of the organizations fail to purchase original recommended security software and end up relying on the software that security provide with the operating system. It is, however, essential to have security software, which will ensure that it can detect malicious programs, including the websites containing malicious codes. Alternatively, organizations should practice the…