Metrics Implementation and Enforcement Security Governance Research Paper

Download this Research Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Research Paper:

Metrics, Implementation, and Enforcement (Security Governance)

How can you determine whether there has been a malware outbreak?

The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior to the operating-system and then evading antivirus defence (Mitre, 2012). Consequently, danger vulnerability has hit unprecedented degrees that need a brand new method of security and safety. With built-in security and safety options from McAfee as well as Intel, one might gain an additional layer of safety that is effective aside from the operating-system to avoid attacks instantly whilst successfully managing security over to a system of endpoints. These revolutionary options gather world-class processor chip technologies from Intel and major security application from McAfee for the industry's initial precautionary security and safety method.

With security and safety risks increasing -- and risk dissemination utilizing the type of hidden techniques -- the situation has evolved. Actually, it is a lot more than most businesses are able to keep track of. Today's expert cybercriminals have substituted the amateur online hackers in history. Some possess more than ten years of expertise and operate in specialised roles for example malware designers, botnet herders, spammers, as well as document forgers (Homeland Security, 2012). These types of opportunistic assailants have been extremely structured and have been in the market to profit-usually economically-whether by maliciously aiming for a company brand, robbing beneficial consumer info or personnel information, or closing internet sites. Moreover, hacking subjects can easily turn out to be unsuspecting individuals in a botnet group that has been accustomed to additional dispersed malware, junk mail, as well as distributed denial-of-service (DDoS) assaults (Mitre, 2012).

An additional typical threat has been targeted strikes, which have a remarkably automated "low and slow" method. Targeted strikes make use of system tampering to get into data files, after which they integrate social engineering elements for optimum gain. These kinds of mission style strikes have been created for the long-term manipulation of the targets and for that reason have been frequently related to espionage. A number of targeted strikes have led to media censorship, enormous amounts stolen when it comes to intellectual property, jeopardized military intelligence, as well as organizations going broke. Sadly, attacks such as these have been usually executed utilizing stealth methods. Including advanced persistent threats (APTs), which have been an accumulation of malicious strategies accustomed to carry out targeted strikes, for example managing or corrupting a particular program or network. Rootkits, an essential component of numerous kinds of attacks, have been widely used by APTs along with other malware to conceal from customers or security application. Often this is accomplished by increasing privileges as well as attaining root-level entry to computer systems free of detection. Creating things worse, rootkits have been among the fastest expanding forms of malware, with well over 110,000 brand new rootkits discovered every quarter (Intel, 2012).

No matter the kind of attack, cybercriminals have been increasingly utilizing rootkits to avert conventional security and safety procedures. Simply because several rootkits have been in a position to load prior to the operating-system, this means they load prior to conventional safety measures, such as antivirus security. Conventional security and safety options function at the software level, utilizing hooks to get involved with the actual computer operating systems. Rootkits have been actively playing unfair by proceeding underneath the operating-system to cause their harm. In this manner, the malware has been in a position to conceal its presence as well as inflict harm, all whilst avoiding detection (Intel, 2012).

What metrics do you use to make that decision?

As malware strategies keep growing in intricacy, so does the possibility for breach. Present computing developments have been adding natural risk, via the start of virtualization as well as cloud computing towards the surge of cellular devices along with information technology consumerization. There has been an increasing array of computers connecting towards the corporate network system at any time, even though many have been corporate-owned, several fit in with workers who might or might not have permission to utilize them for company functions. This concern brings IT protection to a different level -- and additionally, it produces completely new possibilities for hackers (Intel, 2012).

Within this computing atmosphere, cybercriminals have been currently capable of working inside a bigger "attack surface" when it comes to devices, information, applications, as well as systems -- and they merely have to find one way of many to get in. They are able to also more easily make the most of interlocked, international networks to propagate large-scale attacks. Attacks usually exist in a phased strategy that begins with initial contact and then ends with harm which takes on the variety of purposes. And initial contact can happen easier than one may think-through e-mail, via social networking connections, or just by physical association. Two main contact options have been malicious internet sites, which have been allowed to download malware at the time of accidental "drive-by" visits, as well as thumb drives, which have been especially threatening simply because they have not been normally examined by antivirus application (Wedge et al., 2011). Thumb drives allow it to be particularly simple for malware to produce contamination, and therefore, have been frequently utilized to start APTs (Intel, 2012).

Soon after contact has been confirmed, stealthy malware will probably take advantage of any susceptibility it may discover within the system, like a settings error, to determine its existence. Subsequently, it embeds itself to disguise while it commences infection by increasing privileges, installing malware, as well as executing self-preservation endeavours when needed to make sure that it continues to be hidden (Intel, 2012).

The harm inflicted with this kind of malware might have catastrophic effects, for example loss of data and conformity offenses that go against corporate, personnel, as well as consumer privacy- and as a result, tarnish a company's status. Additionally, it may have significant business ramifications, for example lost personnel productiveness and elevated operating expenses because of the time allocated to system remediation (Intel, 2012).

How are you going to implement your response plan and the monitoring of your metrics?

These days, numerous threats make use of kernel-mode rootkits that disguise malware from conventional operating-system-established protection, and have been consequently extremely hard to identify. Furthermore, detection frequently happens as soon as the rootkit has been installed and also the malware did its harm, regardless of whether it is obtaining confidential business or personnel information, network system credentials, or maybe intellectual property. In either case, this kind of infringement puts your business susceptible to reducing regulatory conformity, penalties, along with a tarnished name (Intel, 2012).

The easiest method to shield your current systems from all of these stealthy threats has been to get rid of them well before they are able to inflict harm. McAfee Deep Defender has been the world's exclusive hardware-assisted security and safety answer that employs McAfee DeepSAFE* technologies to reveal attacks and prevent them instantly.4 This phenomenal product harnesses characteristics inside the Intel Core vPro processor chip hardware to set up protection aside from the operating-system for zero-day security -- the capability to identify, prevent, quarantine, and get rid of threats well before harm has been carried out-without needing any previous information about the malware threat (McAfee, 2012).

This tech's platform, collectively produced by McAfee along with Intel, offers kernel-mode security and memory checking which goes beyond detection to avoid malicious activity. It instantly exposes and eliminates sophisticated threats that will usually proceed unnoticed, such as kernel-mode rootkits. Moreover, the working platform has been made to scale to deal with new kinds of threats for future application development (McAfee, 2012).

What measures are you going to add in an attempt to reduce the potential for malware infection?

Acquire Visibility directly into Method Memory space

McAfee DeepSAFE makes use of Intel Virtualization Technologies (Intel VT) baked into Intel Core vPro processor chips to protect against viruses as well as malware in the hardware level. Intel VT allows McAfee DeepSAFE undertake a real-time examination of system memory space to watch the boot procedure and identify any efforts at memory accessibility.6 McAfee DeepSAFE subsequently notifies McAfee Deep Defender of dubious conduct at launch and then removes any kind of footprints of kernel-mode rootkits that had been found to remove them from the particular system. As this distinctive, integrated security and safety product sits underneath the operating-system, it may end attacks as they happen and well before they are able to induce any harm (McAfee, 2012).

Deep Defender in Action: Blocking the Cridex Worm

Malware authors have been increasingly utilizing inadequate electronic digital certificates to sidestep antivirus detectors along with other normal safety measures. McAfee Deep Defender safeguards from this kind of malware threat by preventing self-signed drivers from setting up directly into kernel memory. One particular existing illustration…[continue]

Cite This Research Paper:

"Metrics Implementation And Enforcement Security Governance" (2012, November 30) Retrieved December 2, 2016, from http://www.paperdue.com/essay/metrics-implementation-and-enforcement-security-106488

"Metrics Implementation And Enforcement Security Governance" 30 November 2012. Web.2 December. 2016. <http://www.paperdue.com/essay/metrics-implementation-and-enforcement-security-106488>

"Metrics Implementation And Enforcement Security Governance", 30 November 2012, Accessed.2 December. 2016, http://www.paperdue.com/essay/metrics-implementation-and-enforcement-security-106488

Other Documents Pertaining To This Topic

  • Computer Security People Process and Technology Are

    Computer Security People, process and technology are three things which are involved in information security. Biometrics, passwords and firewalls are some of the technical measures and these are not enough in justifying threats to information. In order to protect information from destruction and to secure systems, a blend of different procedures is required. While deploying information security some factors need to be considered for instance processes like de-registration and registration

  • Corporate Governance in Australia Corporate

    (Millstein, 2005) Since United States and Australia are countries which are already considered to be globally competitive that has attained its almost perfect status in the world market, developing countries are basically taking into account every step that they make for which they might soon adapt to attain the same position in the global context. Therefore, studying both countries' corporate governance is necessary in order for other developing countries to

  • Principal Agent Model in Economics and Political Science

    Principal-Agent Model in Economics and Political Science The international political perspectives of free trade A Global Analysis International Trade Impact on Tunisia The Export of agricultural products International trade and development of Tunisia Balance in the Trade Regime Imports and exports of Tunisia Exports Imports Coping With External and Internal Pressures The Common External Tariff (CET) Safeguard Measures Anti-Dumping Duties (ADDs) and Countervailing Duties (CVDs) Rules of origin The New Commercial Policy Instrument Sector Based Aspects GATT/WTO's Main Principles Non-discriminatory trade Multilateral negotiation and free trade The Trading Policies

  • Start and Run a Successful

    1.7. Key definitions of terms Research process = a sustained effort concentrated around a topic or subject of study aimed at generating new findings, and characterized by identification and labeling of variables, research design, collection of data, analysis of data and evaluation of the problem (Shinde). Qualitative research = Research method through which researchers address the studied phenomenon by observing it in its natural environment and strive to make sense of it

  • Inter Parliamentary Union and Its Role

    8). Likewise, the Institute of Agriculture required a quorum of two-thirds of its members for voting purposes and for the balancing of votes according to the size of the budgetary contributions (Bowett, 1970). While this analysis of these early forms of public international unions is not complete, it does suggest that they were beginning to identify the wide range of interests involved in modern international commerce and what was required

  • Environmental Issues Faced in 21st Century Aviation

    Environmental Issues Faced in 21st Century Aviation Reducing Communication and Coordination Tools and Metrics Technology, Operations and Policy Demand Aviation and the Environment Effects on the health Local Air Quality Climate Change Total Climate impacts from aircraft Interdependencies Mobility, Economy and National Security Interactions between Government, Industry and Groups Aviation Greenhouse Gas Emissions Economic Impact SPCC Regulations Local Airport Issues De-icing Fluids A Framework for National Goals Realities and Myths Metrics Recommended Actions Environmental Issues Faced in 21st Century Aviation Environmental awareness in regards to 21st century aviation among the public and politicians has

  • Environmental Sustainability Has Been Increasingly

    Literature Review, Analysis and Discussion 7,500 words This section presents a review of the recent relevant peer-reviewed and scholarly literature concerning environmental sustainability in general and how environmental sustainability initiatives can help multinational corporations of different sizes and types achieve a competitive advantage in particular. Literature Review. According to Michalisin and Stinchfield (2010), "There is widespread consensus that human activity has had a significant impact on global climatic patterns which will have


Read Full Research Paper
Copyright 2016 . All Rights Reserved