This paper provides a structured overview of three interconnected areas of computer security: threat and vulnerability assessment, malware identification and prevention, and organizational cybercrime defense. It defines security threats and vulnerabilities, categorizes common threat types such as errors and omissions, fraud, and sabotage, and introduces the DREAD risk assessment model for evaluating potential losses. The paper then surveys the major forms of malware and outlines a layered approach to protection. Finally, it addresses the responsibilities of IT managers, recommending best practices β including the principle of least privilege, regular software updates, and encryption β to safeguard organizational information in an increasingly dangerous digital environment.
A security threat is a potential event that may have an undesirable effect on a system, its resources, or the organization as a whole. A vulnerability is the weakness that makes it possible for a threat to occur. There are a number of threats that can occur on a system, and they are usually grouped together because some overlap. Common categories include:
Errors and Omissions β Data entry errors, data verification failures, and programming bugs.
Fraud and Theft β Skimming and controlling access to the system for profit.
Employee (or Outside) Sabotage β Destroying information, planting viruses, or stealing proprietary data or customer information (NIST, 2012).
There are a number of losses that can occur based on threat and vulnerability; some are more serious than others, and all are somewhat dependent on the type of organization under analysis. For instance, a bank's security loss may differ from an academic institution's, but both constitute a form of data loss. Losses may result in:
1) Data or information loss β customer information, financial records, personal data; 2) Time β downtime, data reconstruction, and human resource costs; 3) Reputation β loss of business due to security incidents or fraud; 4) Legal vulnerabilities β HIPAA compliance for medical organizations, privacy regulations, and related obligations; 5) Equipment β damage to technical or physical assets.
An acronym that helps frame these losses comes from a Risk Assessment model called DREAD: (D)amage, (R)eproducibility, (E)xploitability, (A)ffected Users, and (D)iscoverability (Bishop, 2003).
Malware is a shortened name for malicious software β software used to disrupt computer operations or gain access to private information. Malware may appear in many forms: code, scripts, content, or standalone software. It is a general term for hostile or intrusive software that includes viruses, ransomware, worms, Trojans, dialers, spyware, adware, and other hostile programs. Malware can be guarded against, detected, or removed depending on the approach taken. Most experts believe that even on the simplest of systems, a layered approach to security is necessary (Kassner, 2009).
Because malware attacks are now so frequent, there are several ways to help protect against intrusion:
1) Anti-virus and/or anti-malware software; 2) Backup and recovery strategies (regular and robust); 3) Website security scans; 4) Elimination of over-privileged code (streamlining software for security); 5) Password security (changed regularly with strong security measures enforced); 6) System updates applied when needed β critical updates often include anti-malware properties; 7) A system of firewalls to protect against threats before they occur.
Additionally, many computer security experts recommend that Active X security settings be regularly adjusted from their default to a higher protection level. These same experts advise maintaining a backup browser in case a primary browser is compromised. Finally, it is advantageous to disable auto-run and auto-fill functions and to exercise extreme caution about what is downloaded and from where (MajorGeeks.com, 2010).
"Examines cybercrime scope and IT manager responsibilities"
"Lists actionable security protocols for organizations"
You’re 52% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.