Description
- Write an 8–12-page article that addresses the following:
- Explain how security threat and vulnerability assessment can contribute to an effective disaster-recovery planning process.
- Describe the challenges of BYOD and the use of mobile devices.
- Analyze methods of identifying threats to organizational information assets.
- Describe the characteristics or signatures of attacks specific to malicious software, including the following:
- Backdoors.
- Trojans.
- Viruses.
- Wireless attacks.
- MAC spoofing.
- Web app attacks.
- 0-day exploits.
- Describe the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software, including the following:
- Backdoors.
- Trojans.
- Viruses.
- Wireless attacks.
- MAC spoofing.
- Web app attacks.
- 0-day exploits.
- Describe specific adversaries and motivations to threaten information assets.
- Describe vulnerabilities related to the failure to harden networks and network operating systems.
- Describe the components and methods used to engage in denial of service and distributed denial of service attacks.
- Describe the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks.
Additional Requirements
- Written communication: Written communication is free of errors that detract from the overall message.
- APA formatting: Resources and citations are formatted according to APA (sixth edition) style and formatting.
- Page length: 8–12 double-spaced pages, not including the references page.
- Font and font size: Times New Roman, 12 point.
Criteria | Non-performance | Basic | Proficient | Distinguished |
---|---|---|---|---|
Explain how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. | Does not explain how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. | Explains incompletely or inaccurately how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. | Explains how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. | Explains how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process, including the use of supporting examples. |
Describe the challenges of BYOD and the use of mobile devices. | Does not describe the challenges of BYOD and the use of mobile devices. | Describes incompletely or inaccurately the challenges of BYOD and the use of mobile devices. | Describes the challenges of BYOD and the use of mobile devices. | Describes the challenges of BYOD and the use of mobile devices, including the use of supporting examples. |
Analyze methods of identifying threats to organizational information assets. | Does not analyze methods of identifying threats to organizational information assets. | Analyzes incompletely or inaccurately methods of identifying threats to organizational information assets. | Analyzes methods of identifying threats to organizational information assets. | Analyzes methods of identifying threats to organizational information assets, including the use of supporting examples. |
Describe the characteristics or signatures of attacks specific to malicious software. | Does not describe the characteristics or signatures of attacks specific to malicious software. | Describes incompletely or inaccurately the characteristics or signatures of attacks specific to malicious software. | Describes the characteristics or signatures of attacks specific to malicious software. | Describes the characteristics or signatures of attacks specific to malicious software, including the use of supporting examples. |
Describe the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. | Does not describe the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. | Describes incompletely or inaccurately the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. | Describes the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. | Describes the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software, including the use of supporting examples. |
Describe vulnerabilities related to the failure to harden networks and network operating systems. | Does not describe vulnerabilities related to the failure to harden networks and network operating systems. | Describes incompletely or inaccurately vulnerabilities related to the failure to harden networks and network operating systems. | Describes vulnerabilities related to the failure to harden networks and network operating systems. | Describes vulnerabilities related to the failure to harden networks and network operating systems, including the use of supporting examples. |
Describe specific adversaries and motivations to threaten the information assets of the project organization. | Does not describe specific adversaries and motivations to threaten enterprise information assets. | Describes incompletely or inaccurately specific adversaries and motivations to threaten enterprise information assets. | Describes specific adversaries and motivations to threaten enterprise information assets. | Describes specific adversaries and motivations to threaten enterprise information assets, including the use of supporting examples. |
Describe the components and methods used to engage in denial of service and distributed denial of service attacks. | Does not describe the components and methods used to engage in denial of service and distributed denial of service attacks. | Describes incompletely or inaccurately the components and methods used to engage in denial of service and distributed denial of service attacks. | Describes the components and methods used to engage in denial of service and distributed denial of service attacks. | Describes the components and methods used to engage in denial of service and distributed denial of service attacks, including the use of supporting examples. |
Describe the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks | Does not describe the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks. | Describes incompletely or inaccurately the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks. | Describes the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks. | Describes the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks, including the use of supporting examples |
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Hello! Here is the answer to this question. Please have a look at it and get back to me in case of anything.
1
Running head: SECURITY THREATS AND VULNERABILITIES
Security Threats and Vulnerabilities
Name
Institution
Date
2
SECURITY THREATS AND VULNERABILITIES
Security Threat and Vulnerability Assessment
Security threat and vulnerability assessment involve investigation and identification of
security risks to enable modification of information security framework (Whitman & Mattord
2011). The process generally enhances the commitment of management and other stakeholders in
the allocation of limited resources to provide greater levels of threat and vulnerability reduction
for an effective disaster-recovery process. The benefits include:
•
Establishing whether an attack or malware has already compromised information security
(Whitman & Mattord 2011). For instance, malware may hide in common services and
employ new forms of communication such as peer to peer. Thus, an assessment helps
monitor such trends while also enabling one to be aware of new security threats.
•
Increasing awareness and understanding of information security matters throughout an
organization (Whitman & Mattord 2011). This is important in disaster-recovery
management because a process such as a weak program may affect individual systems, but
can also pose a significant overall risk to an organization.
•
Making effective security investments by prioritizing and focusing on important items and
processes (Whitman & Mattord 2011). The assessment ensures security team members
identify organization functions that have a higher risk of disruption. To further indicate
technological and infrastructural needs for securing such items and processes.
•
Demonstrating the importance of information security to clients (Whitman & Mattord
2011). Conducting an assessment creates the perception that an organization cares about
its clients and their data.
•
Determining the value of types of data that an organization generates and stores across its
departments (Whitman & Mattord 2011). Without placing value to different kinds of data
3
SECURITY THREATS AND VULNERABILITIES
in an organization, it may be challenging to prioritize and allocate resources to processes
and items that need them the most.
Challenges of BYOD and Use of Mobile Devices
BYOD and use of mobile devices may provide an organization with reduced costs and
increased productivity from the workforce (Morrow, 2012). However, they also pose significant
challenges to information security management, which may lead to uncertainty among security
team members in the event of a disaster. The challenges include the following:
•
Mobile devices are small and portable, and this makes them easy to steal or accidentally
leave behind in a public spot (Morrow, 2012). Thus, physical access to a mobile device by
an adversary may lead unauthorized access to and use of information.
•
Use of mobile devices may expose one to socially engineered malware threats (Morrow,
2012). Common ones include spam and malicious applications and links. For instance, one
may click a link to a website while totally unaware that he/she is downloading a virus or
one may download illegal files using a torrent program.
•
Mobile devices are prone to browser-based attacks and exploitation due to buffer overflow,
among other targeted attacks (Morrow, 2012). Such attacks typically involve gaining
control of a device and accessing information or attempting a distributed denial of service.
•
Mobile devices using wireless fidelity are susceptible to attacks due to the availability of
technology that can readily hack into wireless networks (Morrow, 2012). This includes
interception and decryption of cellular data transmission. Likewise, people logging on to
organization systems may be providing an avenue for hacker...