Paper Example Undergraduate 802 words

Computer Science Defensive Response Strategy

Last reviewed: August 3, 2012 ~5 min read
Abstract

Defense in depth arises from a viewpoint that there is no real possibility of achieving total, inclusive security against threats by implementing any collection of security solutions. It assumes a broader range of possibilities, such as physical theft followed by forensic recovery of data by unauthorized persons, incidental threats as a result of dangers that do not specifically target the protected systems.

Computer Science

Defensive Response Strategy

Defense in depth arises from a viewpoint that there is no real possibility of achieving total, inclusive security against threats by implementing any collection of security solutions. It assumes a broader range of possibilities, such as physical theft followed by forensic recovery of data by unauthorized persons, incidental threats as a result of dangers that do not specifically target the protected systems. Defense in depth strategies include security preparations that are directly protective. They address such concerns such as:

monitoring, alerting, and emergency response

authorized personnel activity accounting

disaster recovery

criminal activity reporting

forensic analysis (Perrin, 2008).

A complete Defense-in-Depth information assurance strategy should be used to alleviate threats and keep an organization's it assets and proprietary information as secure as possible. This Defense-in-Depth information assurance strategy has been developed and can be adopted by any organization order to reinforce its security posture and considerably decrease the likelihood of a security breach. The Defense-in-Depth strategy encompasses the following four critical categories:

People -- personnel within the organization

Network -- firewall, VPN and NIDS

Host -- routers, workstations, servers and automated control systems

Application -- includes cgi-bin, java applications and payroll (Hazlewood, 2006).

Training

People are the most important asset in any organization. They are also the first line of defense in any widespread security strategy. Policies define the company's goals and objectives and guide each person's conduct and course of action. Formal processes and procedures establish the consistent, specific methodology directing people in their daily activities. Good security policy, properly utilized, can be one of the most important security measures for a company to put into practice (Hazlewood, 2006).

Everyone in a company must be aware of and understand the security related processes and procedures for an organizations security polity to be effective. More importantly, each person must integrate the policy, processes and procedures into their everyday job. This means the policy and supporting processes and procedures must be clear, concise, and available to and understood by each person. Formal organizational policy and security awareness training is an important part of this component (Hazlewood, 2006).

Funding

There are many areas in which funding will be necessary to implement a Defense-in-Depth strategy. These areas include prediction, prevention, response and detection. It will be important to have funds to proactively identify attackers and their objectives along with their methods prior to any attack taking place. This allows for the maximization of prevention activities. These activities include securing the current computing environment which includes any current tools, patches, updates and best known methods. This represents the bulk of the cost effective security capabilities and facilitates better detection. Visibility to key areas and activities is vital. Effective monitoring to identify issues, breaches and attacks is necessary. This drives immediate interdiction by response capabilities. Efficient management of efforts to contain, repair and recover as needed to return the environment to normal operations is vital. This reduces losses by rapidly addressing issues and feeds intelligence into both the prediction and prevention areas (Defense in depth strategy optimizes security, 2008).

Personnel Resources

Personnel requirements to implement a defense in depth strategy are many. This process will include experts drawn from several different areas. The teams that are vital include:

emerging threats team- this cross functional team continuously discusses emerging trends and events in order to identify imminent threats that might be out there.

threat horizon team -- this team works to classify different attackers or threat agents in order to understand who likely to attach, with what methods and what their motivations are.

rapid risk assessment team -- this team meets often in order to track the large number of emerging vulnerabilities and determine what risk that they bring.

You’re 83% through this paper. Sign up to read the full paper.

Sign Up Now — Instant Access Already a member? Log in
130,000+ paper examples AI writing assistant Citation generator Cancel anytime
Related Documents
Similar papers from our library
American History Since 1865
literary analysis on the short story The Shot by Alexander Pushkin
The Civil Rights Movement
Samsung Electronics Internal Environment
Professor Philip Slater Want Creation Fuels Americans Addictiveness
Cite This Paper
PaperDue. (2012). Computer Science Defensive Response Strategy. PaperDue. https://www.paperdue.com/essay/computer-science-defensive-response-strategy-75031

Always verify citation format against your institution’s current style guide requirements.