Writing
ITS 834 University of the Cumberlands Week 4 Information Security Issues Paper

ITS 834

University of the Cumberlands

ITS

Question Description

I don’t know how to handle this Computer Science question and need guidance.

A threat is an event which has the potential to adversely affect assets. Write a paper in which you discuss information security issues faced by organizations and describe in detail a minimum of five specific threats to information assets.



The requirements for the assignment are as follows:

  • The paper should include a minimum of five peer-reviewed scholarly references published since 2015
  • Citations and references should be in APA format
  • The paper should be a minimum of 2000 words
  • The SafeAssign score of the paper should not exceed 20%

Unformatted Attachment Preview

Depth ITS 834 Emerging Threats & Countermeasures Dr. Shoraka Introduction • Any layer of defense can fail at any time, thus the introduction of defense in depth • A series of protective elements is placed between an asset and the adversary • The intent is to enforce policy across all access points General defense in depth schema Effectiveness of Depth • Quantifying the effectiveness of a layered defense is often difficult • Effectiveness is best determined by educated guesses • The following are relevant for estimating effectiveness Practical experience ➢ Engineering analysis ➢ Use-case studies ➢ Testing and simulation ➢ Moderately effective single layer of protection Effectiveness of Depth • When a layer fails, we can conclude it was either flawed or unsuited to the target environment • No layer is 100% effective—the goal of making layers “highly” effective is more realistic Highly effective single layer of protection Multiple moderately effective layers of protection Layered Authentication • A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security • Single sign-on (SSO) would accomplish this authentication simplification objective • However, SSO access needs to be part of a multilayered defense Schema showing two layers of end-user authentication Authentication options including direct mobile access Layered E-Mail Virus and Spam Protection • Commercial environments are turning to virtual, in-the-cloud solutions to filter e-mail viruses and spam • To that security layer is added filtering software on individual computers • Antivirus software helpful, but useless against certain attacks (like botnet) Typical architecture with layered e-mail filtering Layered Access Controls • Layering access controls increases security • Add to this the limiting of physical access to assets • For national infrastructure, assets should be covered by as many layers possible Network-based firewalls ➢ Internal firewalls ➢ Physical security ➢ Three layers of protection using firewall and access controls Layered Encryption • Five encryption methods for national infrastructure protection Mobile device storage ➢ Network transmission ➢ Secure commerce ➢ Application strengthening ➢ Server and mainframe data storage ➢ Multiple layers of encryption Layered Intrusion Detection • The promise of layered intrusion detection has not been fully realized, though it is useful • The inclusion of intrusion response makes the layered approach more complex • There are three opportunities for different intrusion detection systems to provide layered protection • In-band detection • Out-of-band correlation • Signature sharing Sharing intrusion detection information between systems National Program of Depth • Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems Identifying assets ➢ Subjective estimations ➢ Obtaining proprietary information ➢ Identifying all possible access paths ➢ ...
Purchase answer to see full attachment
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

Final Answer

Attached.

Running Head: INFORMATION SECURITY

1

Information Security
Institutional Affiliation
Student Name
Date

INFORMATION SECURITY

2
Information Security Issues

Organizations and individuals now more than ever, heavily rely on information systems
and the internet for various daily activities and tasks. Information technology advancements
allow fast internet connections, which enhances business creativity, including that of the black
market than ever before. Information security threats and risks now evolve constantly and are
getting more complicated. A security threat can get defined as a malicious activity aiming at
stealing or corrupting organizational data while disrupting the entire organization or its systems
(Gupta et al., 2017). A security event, therefore, is an occurrence during which organizational
data, information, or network may get exposed or breached.
Information security events can result in incidents that involve network and data
breaches. An organization must always protect their networks and data resources and remain
vigilant, as cybersecurity threats get more sophisticated and continue to evolve both in
techniques and magnitude. An organization must, therefore, analyze and research information
security and risk management issues to ensure the best security practices get implemented.
Cybercriminals in the modern world continuously discover and design new methods of tapping
and compromising sensitive company networks and data resources around the globe (Lundgren
et al., 2017). A growing and significant challenge among organizations include protecting crucial
information systems and data from malicious attacks.
Every company needs to be aware of information security importance, including financial
security, the building's security, and also the security of employees. Modern organizations
comprise of several information technology assets and infrastructures that require protection.
Organizational networks now act as lifelines that get depended on by employees to perform daily
and crucial tasks that generate revenue for the organization. It is, therefore, of importance for an

INFORMATION SECURITY

3

organization to recognize its information technology infrastructure as a vital asset that requires
optimal protection (Banham, 2017). Information and data play a crucial role in individuals' lives
and also most business processes and activities.
Most organizations now utilize business intelligence to gain meaningful insights from
organizational data, which requires gathering data from several heterogeneous sources. Insights
from business intelligence can get used to optimize the supply chain, create business
differentiators, identify social trends and issues, and also predict customer buying habits—
furthermore, business intelligence help organizations in gaining a competitive advantage.
Information security is, therefore, fundamental in protecting these assets, such as business
intelligence platforms. Information security is a collection of rules and standards that get utilized
to secure information regardless of where and how it gets used (Stewart et al., 2017). Information
security covers a broad topic that requires several technologies and mechanisms to get
implemented.
Information security threats and risks are many and of several types. These threats can
include intellectual property theft, sabotage, identity theft, information extortion, software
attacks, and even theft of information and equipment. Threats include anything or activities that
take advantage of existing vulnerabilities to breach the security of a system or network. These
breaches can negatively modify, erase, and even harm vital organizational objects. Software
attacks include attacks where the attacker utilizes a malicious code or software to breach systems
or networks (Toshniwal et al., 2015). Trojan horses, worms, bots, malware, and viruses are all
malicious software that can get used for an attack, although they behave differently.

INFORMATION SECURITY

4
Insider Threats

Insider threats are probably the most common, and they are very challenging to protect
organizational information assets against. This threat occurs when employees within an
organization unintentionally or intentionally misuse authorized access to negatively impact
organization critical systems and data. Further, insider threats can g...

nkostas (31680)
Purdue University

Anonymous
I was on a very tight deadline but thanks to Studypool I was able to deliver my assignment on time.

Anonymous
The tutor was pretty knowledgeable, efficient and polite. Great service!

Anonymous
Heard about Studypool for a while and finally tried it. Glad I did caus this was really helpful.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
Similar Questions
Related Tags