Computer Security
In the past few years, viruses like "I Love You" and "SoBig" have generated much publicity and apprehension and highlighted problems of computer security. In the last month alone, experts estimate that 52 new viruses have spread through computer networks. In addition, the growing incidence of identity theft also illustrates the growing sophistication of hackers and their tools.
This paper examines the main problems related to keeping the information on one's computer safe and secure. The first part of the paper looks at the main threats to computer security, both at home and in larger networks. These include hackers and infected files.
The next part then discusses the steps computer users need to take to protect themselves from such attacks, from simple steps such as periodically changing passwords to installing elaborate firewalls.
Types of Viruses
Breaches in computer security usually take the form of infected files. The most basic of these infected files…...
mla
References
Evarts, Eric C. "Fighting off worms and other PC invaders." The Christian Science Monitor. September 22, 2003. ProQuest Database.
Seltzer, Larry. "10 Fast and Free Security Enhancements: Before You Spend a Dime on Security, There are Many Precautions..." PC Magazine. October 1, 2003: 83.
Wildstrom, Stephen H. "Fighting Viruses Begins at Home." Business Week. September 8, 2003: 18.
SE571 Principles of Information Security and Privacy
TOC o "1-3" h z u
AS Company Overview
Two Security Vulnerabilities
Software Vulnerability
ecommended Solutions
Telecommunications Closet Security ecommendation
Impact on Business Processes
Budget
Aircraft Solutions (AS) is a globally recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Their manufacturing plants are located in San Diego, California and a second, in Santa Ana, California. At present these plants' manufacturing systems are linked entirely over the public Internet, with firewalls protecting the headquarters systems in San Diego that have IT, Finance and Sales & marketing. Production in Chula Vista, California and Santa Ana, California are located behind the same firewall that protects headquarters. This configuration presents a myriad of security challenges for the company, with the most significant being exposure of their manufacturing planning data in their manufacturing resource planning (MP) and enterprise…...
mla
References
Brehm, N., & Jorge, M.G. (2005). Secure web service-based resource sharing in ERP networks. Journal of Information Privacy & Security, 1(2), 29-48.
Leong, K.K., Yu, K.M., & Lee, W.B. (2003). A security model for distributed product data management system. Computers in Industry, 50(2), 179-193.
Marnewick, C., & Labuschagne, L. (2005). A conceptual model for enterprise resource planning (ERP). Information Management & Computer Security, 13(2), 144-155.
Soja, P. (2006). Success factors in ERP systems implementations: Lessons from practice. Journal of Enterprise Information Management, 19(6), 646-661.
Computer Security: Corporate Security Documentation Suitable for a Large Corporation
Item
(I) in-Depth Defense Measures
(II) Firewall Design
(III) Intrusion Detection System
(IV) Operating System Security
(V) Database Security
(VI) Corporate Contingency of Operation
(VII) Corporate Disaster Recovery Plan
(VIII) Team Members and Roles of Each
(IX) Timeline with Goal Description
(X) Data Schema
(XI) Graphical Interface Design
(XII) Testing Plan
(XIII) Support Plan
(XIV) Schematics
Computer Security: Corporate Security Documentation Suitable for a Large Corporation
(I) In-Depth Defense Measures
Information Technology (IT) Acceptable Use Policy
The intentions of IT for the publication of an Acceptable Use Policy are to ensure that non-restrictions are imposed that are not contrary to the organizations' culture of openness, integrity and trust. IT has a firm commitment to the protection of the company's employees, partners and the company from any individuals that are illegal or that would otherwise cause damage with or without knowledge or intent to the following:
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network…...
Kiely, Don (2005) Microsoft SQL Server 2005. Security Overview for Database Administrators. SQL Server Technical Article. Jan 2007. SQL Server 2005 RTM and SP1.
This is not a small issue. The book "Analyzing Computer Security" lays out the following scenario: "First, 20 million U.S. smart phones stop working. Next follow outages in wireline telephone service, problems with air traffic control, disruptions to the New York Stock Exchange, and eventually severe loss of power on America's East Coast" (Pfleeger & Pfleeger, 2011, 3). The authors are talking about a situation in which the computer networks that control those devices and services are compromised. As has been seen in recent years, this lack of computer security is something that is not an apocalyptic myth, but an unfortunate reality. As soon as systems are designed to thwart attackers, they are broken and new security measures have to be put in place. It is a never-ending battle that requires a vigilant and resourceful security team to police. Unfortunately, these large breaches…...
Pfleeger, C.P., & Pfleeger, S.L. (2011). Analyzing computer security: A threat, vulnerability, countermeasure approach. Upper Saddle river, NJ: Pearson Education, Inc.
Waterman, S. (2011, August 15). Mediocre hackers can cause major damage: Researchers find vital infrastructure, factories at risk. Washington Times. Retrieved from hackers-can-cause-major-damage/print/http://www.washingtontimes.com/news/2011/aug/15/mediocre -
The public-key cryptography approach also creates a more efficient means of cryptographic security by ensuring SA-compliant encryption and decryption throughout the secured network (Sarkar, Maitra, 2010). As a result the use of public-key cryptography hardens and makes more secure each connection and node on a network (Chevalier, usinowitch, 2010).
C3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it improve trust?
First, the reliance on public-key cryptography from unfamiliar sites can increase trust by having the specific security levels of security configured on an enterprise-wide network to only support more advanced forms of cryptography-based configurations (Galindo, Herranz, 2008). In other words configuring an entire network to support only the more advanced forms of public-key cryptography can make each site accessed more trustworthy. In organizations this is possible yet in individual system and website use, the reliance on certificate-based encryption significantly…...
mla
References
Jason E. Bailes, & Gary F. Templeton. (2004). Managing P2P Security. Association for Computing Machinery. Communications of the ACM, 47(9), 95-98.
Bajaj, oA., Bradley, W., & Cravens, K.. (2008). SAAS: Integrating Systems Analysis with Accounting and Strategy for Ex-Ante Evaluation of IS Investments. Journal of Information Systems, 22(1), 97-124.
Caviglione, L.. (2009). Understanding and exploiting the reverse patterns of peer-to-peer file sharing applications. Network Security, 2009(7), 8-12
Chevalier, Y., & Rusinowitch, M.. (2010). Compiling and securing cryptographic protocols. Information Processing Letters, 110(3), 116.
who have access to the network do not maintain proper security procedures and remain well-informed regarding potential risks and updated procedures and policies (Cobb, 2011; Whitman & Mattord, 2011; IC, 2008). Any security policy must, after being properly designed and established, be communicated clearly and comprehensively to all relevant personnel, which in today's organizations typically means anyone with access to a company computer and/or the company network, or who handles digital information or communication for the company (Kizza, 2009; Lahtinen et al., 2006). Ongoing training and development programs for all relevant personnel should be made a regular feature of the company's overall security policy, and there should be a trend towards the greater recognition of the importance of human resources as the ultimate line of defense against malicious security breaches and errors (Cobb, 2011; Greene, 2006). With the right people doing the right things -- that is, following proper…...
mla
References
Bishop, M. (2003). Computer Security. Boston, MA: Pearson.
Cobb, C. (2011). Network Security for Dummies. New York: Wiley.
Greene, S. (2006). Security Policies and Procedures. Boston, MA: Pearson.
ICR. (2008). Computer Security Management. New York: Institute for Career Research.
Computer Security Information
In the 21st century, information is the key to almost every organization's success. Data is the lifeblood of business -- the information one uses to be competitive and the information that spells success or failure in the marketplace. Data is so important that an entirely new security focus has arisen -- Computer Information Security. In an era in which we must choose which issues for focus, the issue of cybercrime has the potential of impacting more global citizens than any other single criminal activity. Cyberspace is real, and so are the risks -- damage comes in all forms, not just fraud, but downtime, information crime, and indeed, the ability to work and live within a global environment. Nothing short of a strong security and continual monitoring system has any chance of controlling the plethora of Internet crime. Individuals need to exert more personal diligence to control Cyber theft.…...
Computer Security
Over the last several years, cyber attacks have been continually rising. This is in response to emerging threats from nations such as China who are increasing their attacks on government and military installations. According to James Clapper (the Director of National Intelligence) these threats have become so severe that they are surpassing terrorism as the greatest challenge facing the nation. To fully understand what is occurring requires focusing on a recent attack and the underlying effects. Together, these elements will highlight the scope of the threats on government and military information systems. (Hosenball, 2013)
In early September 2012, the White House was the target of a cyber phishing attack. This is when hackers sent a fictitious email (which looked official) to this location. One of the staffers made a critical mistake in opening it. This infected a variety of computer networks and gave them access to some of the most…...
This particular instance was significant as the attackers used a generic approach instead of a site specific or application specific exploitation by devising tools that used the web search engines to identify ASP applications that are vulnerable. SQL injection attack was used to propagate the malicious code that exploited zero day vulnerability in Microsoft Internet explorer last year. [Symantec, (2009 ) pg. (47)] the aim of the attackers employing this kind of a generic attack is to exploit the trust of visitors of a website that is usually known to be safe and secure. More recent attack involving a web application was the zero-day attack that exploited multiple vulnerabilities in Adobe Flash Player. [Kaspersky Lab, 2009]
Conclusion
There is a clear change in the computer security scenario. Cybercriminals do not just do it for fun or fame anymore but are getting more professional and monetizing their skills in the underground economy.…...
Computer Security
Although it is never possible to fully prevent the unauthorized use of information from people with security clearances and access, the use of security clearance and access is important to ensure that people without security clearance cannot access the confidential information. In other words, the concept of 'absolute security' is a chimera. It is the nature of security that makes it necessary to weigh up the threats, the risks, the harm arising, and the cost of safeguards (Bach, 1986). A balance must be found between predictable costs and uncertain benefits, in order to select a set of measures appropriate to the need.
In most of the cases, the risks of security clearance involve on the personal integrity, trustworthiness, and honesty than the information systems (IS) security measures. Even if IS security measures are handled to monitor and control all of the keystrokes of the computers, there are instances of unauthorized…...
mla
References
Bach, Maurice J. (1986). The Design of the Unix Operating System. Englewood Cliffs, N.J: Prentice-Hall.
Bhargava, Gautam, and Gadia, Shashi K. (1990). The Concept of Error in a Database: An Application of Temporal Database. Data Management: Current Trends. McGraw-Hill: New Delhi, India, pp. 106-121.
Bjork, L.A. (1975). Generalized Audit Trail Requirements and Concepts for Database Applications. IBM Systems Journal, Vol. 14, No. 3, pp. 229-245.
Denning, Dorothy E. (1988). Lessons Learned from Modeling a Secure Multilevel Relational Database System. Database Security: Status and Prospects. North-Holland, Amsterdam: Elsevier, pp. 35-43.
Using Perl LWP Library scripting and data harvesting tools, data is quickly collected, aggregated and used to launch a phishing attack with a stunning success rate of 72%. The rapid nature of how this attack was planned and executed shows how lethal from a privacy standpoint phishing can be when based on social network-based data. There is an implied higher level of trust with any e-mail originating from social networks, as it is assumed it is from friends and those a respondent or test subject trusted. The impersonation or spoofing of e-mail addresses also made the communications all the more contextual and believable, a key trait of successful phishing programs. More education is definitely needed, in addition to more effective approaches to blocking personal information on social networks as well. All of these deterrents are secondary to strong education on the threats of phishing however.
Part III: Password protection by…...
Managing security strategies for an enterprise requires intensive levels of planning and integration across each of the functional area, in conjunction with synchronization across departments, business units and divisions (Bellone, de Basquiat, odriguez, 2008). Enterprise Security Management strategies continue to become part of the overall strategic plans of an enterprise, supporting each strategic initiative and its related tactics to ensure profitable growth (Bellone, de Basquiat, odriguez, 2008). The aspects of intrusion detection, web security, deterring and defeating hackers, and the development and execution of an effective security strategic plan is the purpose of this analysis.
Defining A Framework for Enterprise Security Management
Developing an effective framework for managing security needs to begin with an analysis of an organizations' data availability, confidentiality and data integrity needs overall (Bellone, de Basquiat, odriguez, 2008). This is often defined as an Information Security Management Systems (ISMS) strategic plan or initiative as it seeks…...
mla
References
Jason Bellone, Segolene de Basquiat, Juan Rodriguez. 2008. Reaching escape velocity: A practiced approach to information security management system implementation. Information Management & Computer Security 16, no. 1
DiBattiste, C. (2009) Privacy and Information Security 101: Have a plan Information Security Best Practices 2009 conference archive The Wharton School, University of Pennsylvania. Zicklin Center for Business Ethics Research. Retrieved on July 26, 2010 from http://technopolity.editme.com/files/isbp2009talks/DiBattiste-summary.doc
His study includes the following;
The U.S. government through the executive to provide appropriate leadership to steer the country in the domain of cyber security.
The state to conduct immediate risk assessment aimed at neutralizing all the vulnerabilities.
The creation of an effective national security strategy as well as the creation of an elaborate national military strategy.
Molander (1996) uses a qualitative research approach and methodology .The method used is constructive. The constructive method used is used whenever there is a need to come up with ways of solving various problems. The significance of this technique is due to the fact that there is a need of coming up with general steps that are aimed at the identification and creation of an elaborate strategy that is aimed at reducing all the negative effects of information warfare. The objective is to come up with appropriate methods of. As a result, this is useful in…...
mla
Bibliography
Arquilla, J. (2001). The Networking of Terror in the Information Age. Networks and Net Wars. Santa Monica, CA: Rand. 29 -- 41.
Ahern, M, (2003).Control System Security Must Be Updated in This Age of Cyber Terrorism. Electric Light & Power, July 81-7, pp. 13.
Browning, G.(2001). "Filling the Ranks- Agencies Scramble for Infosec Experts"
Computer Security is vitally important to the success of any 21st century firm. However the integrity of computer security has been greatly compromised in recent years and hackers have found creative ways to invade computer systems. The purpose of this paper is to assess how vendor's solutions enable organizations to better meet their overall business goals and strategies. We will also discuss the security of several vendors, which include www.requisite.com, www.ariba.com, and www.trade-ranger.com.Let's begin by discussing the computer security threats that vendors face.
Computer Security Threats
With the advent of the Internet, vendors have encountered monumental problems with the security of their networks. According to a whitepaper published by AirDefense, the most severe threats to computer security involve wireless LAN's. The whitepaper explains that wireless LAN's create a security challenge because,
Without proper security measures for authentication and encryption any laptop with a wireless card can connect with the network or stealthily eavesdrop…...
Computer Security Systems
All-in-One Computer Security Systems
Being able to have a single, unified security platform that can manage detection, deterrence and maintenance of all inbound and outbound network traffic while ensuring high reliability for Virtual Private Network (VPN) connections is the design objective of many all-in-one security systems. The ability to significantly drop the Total Cost of Ownership (TCO) by having a single enterprise-wide security platform is critical for global organizations to compete more effectively is a key design criterion for all-in-one computer security systems (Anderson, 2007). Two market-leading systems in this category are the Cisco Comprehensive Network Security Services Adaptive Security Appliance 5500 (ASA 5500 Series) and the Juniper Networks Integrated Security Gateway (ISG). Companies are increasingly adopting these all-in-one computer security systems to drive down the costs of securing their networks and computers while also gaining enterprise-wide protection against threats while ensuring a high level of network performance…...
mla
References
Anderson, J.D. (2007). Security & productivity: An all in one solution. CPA Practice Advisor, 17(3), 64-64.
Hatlestad, L. (2005). Cisco slides into security -- all-in-one defense approach helps clients minimize risk. VARbusiness, 21(7), 48-48.
Jones, J. (2002). The promise of all-in-one security. Network World, 19(30), S12-S14.
Sign Up for Unlimited Study Help
Our semester plans gives you unlimited, unrestricted access to our entire library
of resources —writing tools, guides, example essays, tutorials, class notes, and more.
