UC Protecting National Infrastructure Annotated Bibliography

User Generated

xo1441

Computer Science

University of the Cumberlands

Description

  

Unformatted Attachment Preview

Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 7 Discretion Copyright © 2012, Elsevier Inc. All Rights Reserved 1 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks Chapter 7 – Discretion Introduction – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved 2 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include Chapter 7 – Discretion Trusted Computing Base – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved 3 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.1 – Size comparison issues in a trusted computing base 4 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – – – – – – Chapter 7 – Discretion Trusted Computing Base Assistance Fixes Limits Legality Damage Need Copyright © 2012, Elsevier Inc. All rights Reserved 5 • Security through obscurity is often maligned and misunderstood by security experts Chapter 7 – Discretion Security Through Obscurity – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved 6 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.2 – Knowledge lifecycle for security through obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.3 – Vulnerability disclosure lifecycle 8 • Information sharing may be inadvertent, secretive, or willful • Government most aggressive promoting information sharing • Government requests information from industry for the following reasons Chapter 7 – Discretion Information Sharing – Government assistance to industry – Government situational awareness – Politics • Government and industry have conflicting motivations Copyright © 2012, Elsevier Inc. All rights Reserved 9 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.4 – Inverse value of information sharing for government and industry 10 • Adversaries regularly scout ahead and plan before an attack • Reconnaissance planning levels Chapter 7 – Discretion Information Reconnaissance – Level #1: Broad, wide-reaching collection from a variety of sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target Copyright © 2012, Elsevier Inc. All rights Reserved 11 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.5 – Three stages of reconnaissance for cyber security 12 • At each stage of reconnaissance, security engineers can introduce information obscurity • The specific types of information that should be obscured are Chapter 7 – Discretion Information Reconnaissance – Attributes – Protections – Vulnerabilities Copyright © 2012, Elsevier Inc. All rights Reserved 13 • Layering methods of obscurity and discretion adds depth to defensive security program • Even with layered obscurity, asset information can find a way out Chapter 7 – Discretion Obscurity Layers – Public speaking – Approved external site – Search for leakage Copyright © 2012, Elsevier Inc. All rights Reserved 14 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.6 – Obscurity layers to protect asset information 15 • Governments have been successful at protecting information by compartmentalizing information and individuals Chapter 7 – Discretion Organizational Compartments – Information is classified – Groups of individuals are granted clearance • Compartmentalization defines boundaries, which helps guides decisions • Private companies can benefit from this model Copyright © 2012, Elsevier Inc. All rights Reserved 16 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.7 – Using clearances and classifications to control information disclosure 17 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 7 – Discretion Fig. 7.8 – Example commercial mapping of clearances and classifications 18 • To implement a national discretion program will require – – – – – Chapter 7 – Discretion National Discretion Program TCB definition Reduced emphasis on information sharing Coexistence with hacking community Obscurity layered model Commercial information protection models Copyright © 2012, Elsevier Inc. All rights Reserved 19 Creating Annotated Bibliographies Based on APA Style Annotated bibliographies are not specifically addressed in the Publication Manual of the American Psychological Association (APA) (6​th ​ed.). We have taken the example given online at the OWL at Purdue*​ ​as the basis for formatting. It is a good idea to take careful note of any directions given in your assignment, and to check with your professor if you have specific questions. Contents 1. Guidelines 2. Sample Annotated Bibliography 3. Standard Reference List/Bibliography Guidelines The following is a summary of things to know when creating an annotated bibliography based on APA Style: ● The annotated bibliography consists of two elements o Reference in current APA Style format o Annotation ● The annotation will follow the reference on the next line. There is not an extra space—double spacing is used throughout. ● An annotation is different from an abstract. It should have several sentences summarizing the main points or ideas found in the item. It should then include your own statement evaluating the quality of the item and/or relating the item to your own research topic. ● For a longer annotated bibliography, it is appropriate to divide into sections or topics, and to title those sections as seems fitting. NOTE:​ These annotations are for illustrative purposes only and have no relationship to the content of the sources. *Purdue Online Writing Lab (OWL). (n.d.). Annotated bibliography samples. Retrieved from https://owl.purdue.edu/owl/general_writing/common_writing_assignments/annotated _bibliographies/annotated_bibliography_samples.html Sample Annotated Bibliography AICPA sets ethical standards for outsourcing. (2005). ​Journal of Accountancy, 199​(1), 8. Retrieved from http://www.journalofaccountancy.com/ This article presents the new standards for outsourcing developed by the AICPA ethics committee. The standards are summarized, and a brief discussion is included of the implications going forward for business and international trade. The authors indicate that changes to the business community will be relatively minor. This is a helpful source for getting an overview of the current ethics standards in outsourcing. American Management Association. (2010). ​The AMA handbook of business writing. New York, NY: Author. The American Management Association has created its own guide for business writing. Designed as a supplemental text to more thorough style guides such as APA, this guide covers topics relating specifically to business, such as citing financials, formatting of company reports, and professional approaches to information integrity in the workplace. This is an indispensable work for anyone doing professional business writing. Barthelemy, J., & Geyer, D. (2005). An empirical investigation of IT outsourcing versus outsourcing in France and Germany. ​Information & Management, 42​, 533-542. doi:10.1016/j.im.2004.02.005 The authors present an investigation of IT outsourcing based on the combined results of a survey administered to IT firms as well as statistical measures from domestic and French or German firms. Their data covers a wide range of IT business unit types. However, the lack of longitudinal data weakens their conclusion that the slower pace of French and German IT outsourcing has had a long-term positive effect on business in those countries. Standard Reference List / Bibliography Here are the same sources, but formatted as a standard reference list/bibliography for comparison References AICPA sets ethical standards for outsourcing. (2005). ​Journal of Accountancy, 199​(1), 8. Retrieved from http://www.journalofaccountancy.com/ American Management Association. (2010). ​The AMA handbook of business writing. New York, NY: Author. Barthelemy, J., & Geyer, D. (2005). An empirical investigation of IT outsourcing versus outsourcing in France and Germany. ​Information & Management, 42​, 533-542. doi:10.1016/j.im.2004.02.005 Created by: Will Keillor, October 2015 Revised by Earleen Warner, April 2019 Bethel University Library, St. Paul, MN
Purchase answer to see full attachment
Explanation & Answer:
1 annotated bibliography
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: ANNOTATED BIBLIOGRAPHY ON DISCRETION

Annotated Bibliography On Discretion
Student’s Name
Institution’s Name

1

ANNOTATED BIBLIOGRAPHY ON DISCRETION

2

Discretion
1. Amoroso, E. (2019). Cyber Attacks: Protecting National Infrastructure. Retrieved from
https://sm.asisonline.org/Pages/cyber-attacks-protecting-national-infrastructure008981.aspx
This article explains of the methods on how to protect national property and also elaborates on
the principles that can be used in order to ensure that national information is secure. It also goes
ahead to explain ways in which National infrastructure can be secured once hacked.
However even if technological growth is of an advantage, it still continues to be of great threat to
the government and great organizations.
2. Bovis, C. (2015). Risk in Public-Private Partnerships and Critical
Infrastructure. European Journal of Risk Regulation, 6(2), 200-207. Retrieved
from http://www.jstor.org/stable/24769654
This book shows how the private sector can work together with the public sector without causing
any conflict in maters discretion. The rules to follow while working for a public sector as a
private firm. It also shows the strategies that can be used to improve the relationships and
partnerships formed within such ...


Anonymous
Nice! Really impressed with the quality.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags