Security Threats and Vulnerabilities, computer science homework help

User Generated

zontvey215

Other

Description

  • Write an 8–12-page article that addresses the following:
    • Explain how security threat and vulnerability assessment can contribute to an effective disaster-recovery planning process.
    • Describe the challenges of BYOD and the use of mobile devices.
    • Analyze methods of identifying threats to organizational information assets.
    • Describe the characteristics or signatures of attacks specific to malicious software, including the following:
      • Backdoors.
      • Trojans.
      • Viruses.
      • Wireless attacks.
      • MAC spoofing.
      • Web app attacks.
      • 0-day exploits.
    • Describe the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software, including the following:
      • Backdoors.
      • Trojans.
      • Viruses.
      • Wireless attacks.
      • MAC spoofing.
      • Web app attacks.
      • 0-day exploits.
    • Describe specific adversaries and motivations to threaten information assets.
    • Describe vulnerabilities related to the failure to harden networks and network operating systems.
    • Describe the components and methods used to engage in denial of service and distributed denial of service attacks.
    • Describe the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks.
    Note: The bullet points above outline the topics that are to be addressed in this assessment, and the 4th and 5th points include subsets of the topic that must be covered in order to meet the requirements of that assessment item. The scoring rubric informs that level of detail that is required at each of the competency levels covered in the rubric.

    Additional Requirements

    • Written communication: Written communication is free of errors that detract from the overall message.
    • APA formatting: Resources and citations are formatted according to APA (sixth edition) style and formatting.
    • Page length: 8–12 double-spaced pages, not including the references page.
    • Font and font size: Times New Roman, 12 point.
Security Threats and Vulnerabilities Scoring Guide Grading Rubric
Criteria Non-performance Basic Proficient Distinguished
Explain how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process.
Does not explain how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. Explains incompletely or inaccurately how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. Explains how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process. Explains how security threat and vulnerability assessment can contribute to an effective disaster recovery planning process, including the use of supporting examples.
Describe the challenges of BYOD and the use of mobile devices.
Does not describe the challenges of BYOD and the use of mobile devices. Describes incompletely or inaccurately the challenges of BYOD and the use of mobile devices. Describes the challenges of BYOD and the use of mobile devices. Describes the challenges of BYOD and the use of mobile devices, including the use of supporting examples.
Analyze methods of identifying threats to organizational information assets.
Does not analyze methods of identifying threats to organizational information assets. Analyzes incompletely or inaccurately methods of identifying threats to organizational information assets. Analyzes methods of identifying threats to organizational information assets. Analyzes methods of identifying threats to organizational information assets, including the use of supporting examples.
Describe the characteristics or signatures of attacks specific to malicious software.
Does not describe the characteristics or signatures of attacks specific to malicious software. Describes incompletely or inaccurately the characteristics or signatures of attacks specific to malicious software. Describes the characteristics or signatures of attacks specific to malicious software. Describes the characteristics or signatures of attacks specific to malicious software, including the use of supporting examples.
Describe the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software.
Does not describe the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. Describes incompletely or inaccurately the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. Describes the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software. Describes the system vulnerabilities that attackers exploit in order to carry out attacks specific to malicious software, including the use of supporting examples.
Describe vulnerabilities related to the failure to harden networks and network operating systems.
Does not describe vulnerabilities related to the failure to harden networks and network operating systems. Describes incompletely or inaccurately vulnerabilities related to the failure to harden networks and network operating systems. Describes vulnerabilities related to the failure to harden networks and network operating systems. Describes vulnerabilities related to the failure to harden networks and network operating systems, including the use of supporting examples.
Describe specific adversaries and motivations to threaten the information assets of the project organization.
Does not describe specific adversaries and motivations to threaten enterprise information assets. Describes incompletely or inaccurately specific adversaries and motivations to threaten enterprise information assets. Describes specific adversaries and motivations to threaten enterprise information assets. Describes specific adversaries and motivations to threaten enterprise information assets, including the use of supporting examples.
Describe the components and methods used to engage in denial of service and distributed denial of service attacks.
Does not describe the components and methods used to engage in denial of service and distributed denial of service attacks. Describes incompletely or inaccurately the components and methods used to engage in denial of service and distributed denial of service attacks. Describes the components and methods used to engage in denial of service and distributed denial of service attacks. Describes the components and methods used to engage in denial of service and distributed denial of service attacks, including the use of supporting examples.
Describe the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks
Does not describe the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks. Describes incompletely or inaccurately the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks. Describes the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks. Describes the concept of bots and botnets and how they contribute to the overall security profile of both public and private networks, including the use of supporting examples

Unformatted Attachment Preview

1 RUNNING HEAD: SECURITY BASICS Security Basics Name Institution Date 2 SECURITY BASICS Introduction Understanding information security principles, practices, and processes provide reference for managing information security risks. It includes the adoption of a security program to provide vital information security concepts for managing information technology (IT). An information security program refers to a collection of controls that ensure all users and networks of an IT structure within an organization’s domain follow guidelines regarding the security of data within the boundaries of the organization (Peltier 2016). Organizations tend to design security measures to protect elements of an information security program. This paper seeks to provide an explanation of key elements of an information security program along with an overview of roles and responsibilities in information security, the concept of security layers, the OSI model, and network protocols, change management procedures, and security investigation workflow. The discussion intends to clarify individual roles in information security risk management. Key Elements of an Information Security Program Two organizations may have different information security programs because they may be facing different threats, risks, and compliance requirements. Nonetheless, every information security program comprises of similar elements (Peltier 2016). The key elements of the program are confidentiality, integrity, and availability. Confidentiality Confidentiality implies that the program must confine data and information assets only to authorized users (Peltier 2016). Thus, only those in need of access to and/or use of specific information to perform their duties would actually have access to it. The element is important because information such as bank account statements, trade secrets, and government documents are sensitive and, hence, confidential. Protecting such information is a significant aspect of an 3 SECURITY BASICS information security program. This may include encryption of data and enforcement of file permissions to prevent access to confidential information. Integrity Likewise, the integrity of information ensures that data is complete and accurate, and that information systems are operational (Peltier 2016). This involves confirming that information has not been modified or deleted through unauthorized access and/or use. The element is vital because only complete and accurate information has value. Moreover, an organization may incur costs where an unauthorized user interferes with information within its boundaries. Methods for data integrity include data comparison through hashing and use of existing schemes to digitally sign data. Availability On the other hand, availability is an objective that ensures information is at the disposal of an authorized user when needed (Peltier 2016). Availability of information is a key element because information has value if right users can access it at convenient times. Denied access to information is a common risk, and the downtime can be costly. Other factors that may hinder availability of information include power outages and natural disasters. An information security program may help establish regular offsite backups and redundancy to reduce the downtime and, hence, costs of unavailability of information. Roles that Contribute to the Information Security Program Achieving the elements of an information security program involves clarifying the roles within an organization that contribute to the program. This addresses the need of designating and assigning accountability for information security. The following roles contribute to the information security program: 4 SECURITY BASICS • Mapping of an organization’s objectives to information security and management support (Whitman and Mattord 2011). This would lead to the establishment of an information security policy. • Creation and maintenance of a security structure through feedback from security forums and program management (Whitman and Mattord 2011). It includes defining security responsibilities, authorization processes, and outsourcing information. The end result would be organizational security. • Development of a security infrastructure to protect information assets (Whitman and Mattord 2011). Methods include inventory checks and classification and handling procedures. This would ensure asset classification and control. • Reduction of risks inherent in human interaction (Whitman and Mattord 2011). This may involve screening the information security team, defining roles and responsibilities, and training team members adequately and documenting the consequences of not meeting expectations. The goal is to ensure personnel security. • Protection of information assets through proper selection of location, maintenance of a security parameter, implementation of access control, and protection of equipment (Whitman and Mattord 2011). This may guarantee physical and environmental security. • Establishment of operations security based on predetermined procedures, proper change control, handling information security incidents, separating duties, capacity planning, and network management (Whitman and Mattord 2011). This may lead to effectiveness in communications and operations management. 5 SECURITY BASICS • Control of access to assets on the basis of an organization’s requirements, identity management, and authentication and monitoring activities to ensure access control (Whitman and Mattord 2011). • Implementation of information security in every phase of a system through system development and maintenance (Whitman and Mattord 2011). • Countering disruptions of operations through continuous planning, monitoring, and testing to enhance business continuity engagement (Whitman and Mattord 2011). • Adhering to relevant regulations, contractual agreement and statutory requirements through the use of technical controls, audits, and legal awareness (Whitman and Mattord 2011). This would meet the role of compliance. Role of the Information Security Manager in Protecting Information Assets As evident in the roles above, protecting information assets is a significant contribution to the information security program. The information security manager has the responsibility of planning, directing and coordinating the information security program and its policies, and ensuring technical and administrative support for the same (Whitman and Mattord 2011). The role includes: • Monitoring all operations and infrastructure, including going through alerts and logs (Whitman and Mattord 2011). • Maintaining security tools and technology (Whitman and Mattord 2011). This may be a shared duty between the manager and the team. • Monitoring policy and regulation compliance (Whitman and Mattord 2011). This involves ensuring that a clearly laid out policy framework and policy requirements guide the workings of both vendors and team members. 6 SECURITY BASICS • Coordinating with different departments of an organization to minimize or eliminate risks (Whitman and Mattord 2011). It entails working across departments to ensure all relevant parties are working to achieve relevant objectives. • Implementing new technology (Whitman and Mattord 2011). If an organization faces new technology, an information security manager is responsible for evaluation and implementation of any controls that might reduce or eliminate risks of its operation. • Auditing policies and controls continuously (Whitman and Mattord 2011). Information security is a circular process that should involve regular audit of program policies and controls to highlight aspects that need improvement, remediation, or quick fix. • Detailing out program response measures for information security incidents (Whitman and Mattord 2011). It involves creating and documenting a proper plan of action that would address any occurrence of a security incident. It also involves testing the program throughout the organization. The Concept of Security Layers Security layers are vital for detecting and preventing unauthorized access to information. The concept of security layers involves having multiple tools and techniques to prevent unauthorized access, providing alerts in case of breach to information, establishing reporting and follow-up activities, and remediating any vulnerability that may have allowed the unauthorized access (Johnson and Goetz 2007). Such layered security includes endpoint, application, and network protection, and end-user controls. The concept of security layers addresses the exploitation paths that attackers and malware take to breach information. For example, recent trends include targeted phishing attacks against information users (Johnson and Goetz 2007). This implies that everyone who accesses some information is a target and, hence, there is need to expand 7 SECURITY BASICS security features for protection and defense against opportunistic information breach. The concept of security layers describes a defense strategy comprising multiple defensive layers that would slow down any attack or malware (Johnson and Goetz 2007). This means causing delays for attackers and malware, and detecting them before they cause any significant damage. In other cases, having a properly placed security layer may be effective in deterring attackers and malware. Nonetheless, some attacks and malware may contain contingencies to establish multiple vulnerabilities within information systems. If management is unaware of an attack or malware, security layers may slow the hostile activity, but a security incident may ultimately evade the security layers. Thus, consistent monitoring and reporting is critical for the effectiveness of the security management program. The OSI Model and Network Protocols The OSI is a standard seven-layer model defines internetworking in terms of network protocol architecture; upper layers of the model represent software for implementing network services such as encryption and connection management, while the lower layers implement hardware-oriented functions such as routing and addressing (Veiga and Eloff 2007). Data communication occurs within the following protocols: TCP/IP v4 and 6 These are the basic communication protocol of the internet. The protocol lies in the network layer of the OSI model. The network layer ensures logical addressing and routing of files (Veiga and Eloff 2007). TCP layer oversees the assembling of files into smaller packets for transmission over the internet and into another TCP layer which would reassemble the packets into the original file, while IP layer handles the address function as it ensures each packet reaches the proper destination (Veiga and Eloff 2007). For example, if a file transfer module in computer A is 8 SECURITY BASICS transferring file records sequentially to computer B, each record at computer A would be availed to TCP through a command. The arguments of the command would include the destined computer address, port, and record. TCP would tag the destination port and relevant control information to the record. This, in turn, would result in the creation of a TCP segment, and another command would hand it down to IP. Ultimately, the network layer constructs a network packet from an IP datagram (Veiga and Eloff 2007). DNS This is an internet service that maintains a record of domain names and converts them into IP addresses (Veiga and Eloff 2007). This is vital because people access websites based on IP addresses. Therefore, every time one uses a domain name, a DNS service translates the name into a corresponding IP address. DNS lies in the application layer of the OSI model. The application layer provides a network interface that supports network applications during file transfer and communications (Veiga and Eloff 2007). The DNS uses UDP, which is related to TCP/IP. HTTP This protocol also lies in the application layer. It defines the format and transmission of files or messages and the response of servers and browsers to relevant commands. For instance, if one enters an URL in a browser, it sends an HTTP command to a server, directing it to look for and transmit the requested site or page. HTTP also contains common status codes where a site or page has been moved or deleted, or one enters a wrong URL or file name (Veiga and Eloff 2007). For example, a 404 error code implies that a word in the URL may have been misspelled. SSL This is a standard security protocol that encrypts connections between servers and clients to ensure confidentiality of communications. For example, one may use an Internet browser to 9 SECURITY BASICS access a website using private, confidential information such as login credentials or banking data. The SSL ensures secure transmission of such information in an encrypted form (Veiga and Eloff 2007). The protocol lies in the presentation layer, which manages data encryption and compression. TLS This protocol also lies in the presentation layer. It evolved from the SSL, and it is more secure and efficient in file or message authentication, virtual private network connections, voice over services, and instant messaging (Veiga and Eloff 2007). When one visits a website by typing https:// on a browser, one is most likely using TLS for secure data transfer to and from the web server. TLS encases application-specific protocols such as HTTP and SMTP as it allows clientserver applications to communicate securely through an untrusted network to prevent unauthorized access to information (Veiga and Eloff 2007). SMTP SMTP is a component of TCP/IP in the application layer of the OSI model. It enhances the sending and receipt of electronic mail across networks by providing codes to simplify communication of electronic mail between servers. As each mail moves towards its destination, it may pass through multiple computers and Mail Transfer Agents where it undergoes brief storage before moving on to another computer in the path, thus creating the need for SMTP to govern electronic mail which can be sent by one connection (Veiga and Eloff 2007). For example, an organization can put a limit of 100 on the amount of recipients it can have on a single sent electronic mail. 10 SECURITY BASICS UDP This is an alternative communications protocol to TCP because it can establish connections between applications that do not require the service level of TCP, and it can It can also support communication services such as broadcast delivery (Veiga and Eloff 2007). However, it does not contain the optional checksum capability for detecting errors in transmission or delivery of a message to a wrong destination, and it lacks ICMP reporting (Veiga and Eloff 2007). For instance, if one sends a UDP file that contains a port destination which the destination device does not recognize, the protocol would not send a notification informing of the unreachable file destination to the original source. Nonetheless, its simplicity minimizes the overhead from utilizing it. The protocol lies in the transport layer, which enhances control of flow and error for the internet (Veiga and Eloff 2007). Change Management Procedures Information and assets must be in scope for successful change management. Robust change management procedures ensure an organization remains secure from potential breaches and increased risk (Peltier 2016). Alignment of the following processes may ensure proper authorization of changes, maintenance of the overall security profile, and effectiveness of the information security program: Such effectiveness involves the following processes: • Change request submission (Peltier 2016). It includes establishing the guidelines for submitting change request in security policy. • Change request review (Peltier 2016). It includes establishing persons to engage in review, level of approval prior to consideration of a change request, and committee members for a 11 SECURITY BASICS formal review. This process should involve both technical and administrative representatives, and management should also participate in the review committee. • Change request approval (Peltier 2016). It involves identifying the necessities for final approval. A majority vote from committee members may have decision-making influence. A representative of management should also have influence in the final recommendations. • Change request implementation (Peltier 2016). After committee approval of a change request, information security team should ensure its proper implementation. The committee should also follow up with the security team to verify whether change has taken place and whether there are any unintended consequences. • Change request feedback (Peltier 2016). After implementation, information security manager should review the change request to determine the security policy aspect that made it necessary to address policy aspects that do not meet security needs. Incident Response Workflow Managing information security incidents is a vital component of incidence response (Tipton and Nozaki 2012). It involves monitoring and detecting security events and executing proper responses to such events. Security team needs to collect all vital information for assessing the severity of an incident, notify relevant persons, and mitigate risks immediately. Cooperating with local or federal regulators or law enforcement is important to ensure an organization completes background investigations (Tipton and Nozaki 2012). Regulators and law enforcement are responsible for such investigations as they provide basis for security clearance or suitability determinations of the information security program. Security team should provide notifications that describe when an incident occurred, the affected information, and actions taken to respond to the risk. For example, the team would need to identify the entry and exit points in case of a 12 SECURITY BASICS Distributed Denial of Service attack. Where the case is a system intrusion, the team would need to identify the entry point and systems affected. Conclusion The information security program is a fundamental security concept. Key elements of the program are confidentiality, integrity, and availability. The elements help define roles within an organization that contributes to the information security program. The role of the information security manager is based on planning, directing and coordinating the information security program and its policies, and ensuring technical and administrative support for the same. Correspondingly, the concept of security layers is vital for the effectiveness of the information security program. It describes a defense strategy consisting of multiple defensive layers that would cause delays for attackers and malware, and detect them before they cause any significant damage. Further, proper integration of the OSI model and network protocols would ensure secure networking between servers and clients. What’s more, robust change management procedures ensure an organization remains secure from potential information security risks. Incidence response may require coordination with local or federal regulators or law enforcement for completion of background investigations regarding security incidents. 13 SECURITY BASICS References Johnson, M. E., and E. Goetz. "Embedding Information Security into the Organization." IEEE Security & Privacy 5, no. 3 (2007): 112-119. Peltier, T. R. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. CRC Press, 2016. Tipton, H. F., and M. K. Nozaki. Information Security Management Handbook. Vol. 6. Auerbach Publications, 2012. Veiga, A. D., and J. H. Eloff. "An Information Security Governance Framework." Information Systems Management 24, no. 4 (2007): 351-372. Whitman, M. E., and H. J. Mattord. Principles of Information Security. Cengage Learning, 2011.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello! Here is the answer to this question. Please have a look at it and get back to me in case of anything.

1
Running head: SECURITY THREATS AND VULNERABILITIES

Security Threats and Vulnerabilities
Name
Institution
Date

2
SECURITY THREATS AND VULNERABILITIES
Security Threat and Vulnerability Assessment
Security threat and vulnerability assessment involve investigation and identification of
security risks to enable modification of information security framework (Whitman & Mattord
2011). The process generally enhances the commitment of management and other stakeholders in
the allocation of limited resources to provide greater levels of threat and vulnerability reduction
for an effective disaster-recovery process. The benefits include:


Establishing whether an attack or malware has already compromised information security
(Whitman & Mattord 2011). For instance, malware may hide in common services and
employ new forms of communication such as peer to peer. Thus, an assessment helps
monitor such trends while also enabling one to be aware of new security threats.



Increasing awareness and understanding of information security matters throughout an
organization (Whitman & Mattord 2011). This is important in disaster-recovery
management because a process such as a weak program may affect individual systems, but
can also pose a significant overall risk to an organization.



Making effective security investments by prioritizing and focusing on important items and
processes (Whitman & Mattord 2011). The assessment ensures security team members
identify organization functions that have a higher risk of disruption. To further indicate
technological and infrastructural needs for securing such items and processes.



Demonstrating the importance of information security to clients (Whitman & Mattord
2011). Conducting an assessment creates the perception that an organization cares about
its clients and their data.



Determining the value of types of data that an organization generates and stores across its
departments (Whitman & Mattord 2011). Without placing value to different kinds of data

3
SECURITY THREATS AND VULNERABILITIES
in an organization, it may be challenging to prioritize and allocate resources to processes
and items that need them the most.
Challenges of BYOD and Use of Mobile Devices
BYOD and use of mobile devices may provide an organization with reduced costs and
increased productivity from the workforce (Morrow, 2012). However, they also pose significant
challenges to information security management, which may lead to uncertainty among security
team members in the event of a disaster. The challenges include the following:


Mobile devices are small and portable, and this makes them easy to steal or accidentally
leave behind in a public spot (Morrow, 2012). Thus, physical access to a mobile device by
an adversary may lead unauthorized access to and use of information.



Use of mobile devices may expose one to socially engineered malware threats (Morrow,
2012). Common ones include spam and malicious applications and links. For instance, one
may click a link to a website while totally unaware that he/she is downloading a virus or
one may download illegal files using a torrent program.



Mobile devices are prone to browser-based attacks and exploitation due to buffer overflow,
among other targeted attacks (Morrow, 2012). Such attacks typically involve gaining
control of a device and accessing information or attempting a distributed denial of service.



Mobile devices using wireless fidelity are susceptible to attacks due to the availability of
technology that can readily hack into wireless networks (Morrow, 2012). This includes
interception and decryption of cellular data transmission. Likewise, people logging on to
organization systems may be providing an avenue for hacker...


Anonymous
Just what I needed. Studypool is a lifesaver!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags