StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Threats And Vulnerabilities Analysis - Coursework Example

Cite this document
Summary
The essay "Threats And Vulnerabilities Analysis" analyzes threats and vulnerabilities that the organization is likely to face. The top management is responsible for documenting and overseeing implementation of an Information Security plan. This would help in securing the system…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.2% of users find it useful
Threats And Vulnerabilities Analysis
Read Text Preview

Extract of sample "Threats And Vulnerabilities Analysis"

Threats And Vulnerabilities Analysis Figure showing Vulnerability Assessment Matrix   Object of Vulnerability   Physical Cyber Human / Social Enabling Infrastructure Attributes: Hardware (Data Storage, Input/Output, Clients, Servers), Network and Communications, Locality Software, Data, Information, Knowledge Staff, Command, Management, Policies, Procedures, Training, Authentication Ship, Building, Power, Water, Air, Environment Properties Leading to Vulnerabilities Design / Architecture Singularity         Uniqueness     inadequate security awareness   Centrality  Centralized network monitoring and control       Homogeneity standardized network architecture       Separability     mismanagement of subnets   Logic / Implementation Errors; Fallibility   insufficient testing     Design Sensitivity / Fragility / Limits / Finiteness       overloading of power Unrecoverability   Insufficient management of network and applications     Behavior Behavioral Sensitivity / Fragility   absence of audit trail     Malevolence     insider threats   Rigidity     lack of continuity   Malleability   unprotected passwords     Gullibility / Deceivability / Naiveté   insufficient trust models     Complacency unchecked user input   poor administrative procedures   Corruptibility / Controllability   Inadequate cryptographic controls     General Accessible / Detectable / Identifiable / Transparent / Interceptable     insufficient training   Hard to Manage or Control    Unauthorized software   overcrowded building Self Unawareness and Unpredictability       unpredictable power capacity Predictability common commercial hardware is well known common commercial software is widely known   Policy recommendation Introduction The Vulnerability Assessement Matrix, shown above, indicates the number of threats and vulnerabilities that the organization is likely to face. As the result, it is upon the institution to implement policies that would serve best in physical, technical and administrative safeguards of the system. The following section lists a number of policy statements that gives narration of the information security controls that could be used by the institution to implement recommendations for protection. The recommendations focus on major areas of the institutional operations including: Institutional Information, Information Systems, Computerized Devices, And Infrastructure Technology. The policy statements are applicable across all departments within the organization and they are categorized in terms of Information Security Plan, Physical Controls, Monitoring Controls, Technical Security and Access Controls, General Operational Controls, and Account and Identity Management Controls. Policy statements Information Security plan The top management is responsible for documenting and overseeing implementation of an Information Security plan. This would help in security the system and protection of data within the system, thereby thwarting intentions by any intruders. The Plan include the following: 1. The Security Plan shall delegate and plan responsibilities across the organization to the appropriate people. For instance, this shall cut across system owners and system operators. This way, there will be proper engineering of the system’s operation thereby avoiding vulnerabilities such as poor administrative procedures. 2. The top management shall integrate a plan that include timeline and landmarks for implementation. This will serve as a step for ensuring that every implemented strategy is carried out within the system engineering. 3. The organization’s approach meant for implementing the system security plan shall be described on the basis of department, functional and object type. This will be essential in assuring proper distribution of resources for managing the information system. Each critical object, for instance trust models, network architecture, passwords, shall be documented besides listing appropriate controls that would be implemented for each in the list. 4. To avoid the issue of hard to manage objects, the overseers of the Security Plan shall describe alternate or substituting controls that would be used in case the existing plan fails. The rationale for choosing each security control plan shall also be presented. General Operational Controls Apart from the information security controls, the team shall also implement general operational models that would integrate proper operational practice considered appropriate for the institution’s networks and information systems. The following are the policy statements that shall be considered: 5. The general operational plan shall integrate a fully equipped process for flaw remediation. This is essential in helping the company to adapt in case of the occurrence of any of the above mentioned vulnerabilities and threats. Further, the team shall develop countermeasure process for detection of malicious code or intrusion of unauthorized software that would otherwise paralyze the operation of the system. 6. A data protection shall be implemented together with a destruction process that would allow for practice of secure development. This shall serve as a step for ensuring integration of acceptable user standards. The team responsible for the process of shall also implement a business continuity to address case of inadequate continuity within the system. This will form a critical part in establishing a disaster recovery plan for the organization. Further, the organization shall strengthen this step by implementing secure development practices. 7. There shall be integration and implementation of secure development practices to help in fostering security within the system. This will act as a countermeasure for addressing instance of inadequate security awareness during occurrences of the threats. In addition, the secure development practices will be accompanied by a well-defined process for back-up and recovering of crucial data and software. The back-up system will help as a discourse for fighting the aftermath of any malware attack. 8. There shall be establishment of standards for the secure operation of the system. This shall include setting of maintenance and system build standards that would aid the organization in meeting the required threshold in relation to protecting the system. Further, the standards shall be set for technical architecture meant to support information security. Technical security and access controls This section of the policy statement shall deal with restricting access to important organization’s system and information in line with the company’s Privacy Policies and Standard. The controls are thereby defined by the following policy statements: 9. The management of the organization shall establish appropriate cryptographic controls required for offering protection. The protection of data, transmitted through the system, will be made possible since the use of encryption helps in fostering confidentiality. The cryptographic controls also help with authenticity and integrity of the data. Apart from the controls, the company shall also integrate the remote access process. 10. An authorization process for access shall be established for all the users. This will act as a step for protecting the institution’s system from unauthorized access. The authorization process shall also be activated for all the information systems. Besides the authorization, an authentication mechanism shall also be provided regulate access within the system. This will be provided for both the information systems and users. Protection measures for the network, system and application level shall also be ensured to help in proper application of the recommendations (Kane & Koppel, 2013). Monitoring controls This section will present policy statements that would help in defining event information that are to be logged and monitored (Warkentin & Vaughn, 2006). The policy statements will facilitate the determination of alert levels that are likely to be associated with incident response. The following are some of the policy statements: 11. A baseline measurement shall be established to help in evaluation of infrastructure protection performance. This shall be established for all the three aspects, that is Application, System and Network functionality (Warkentin & Vaughn, 2006). Through this, the organization will be in a better place for ensuring that all the milestones and limits set for successful operations are met. 12. A detection mechanism for intrusion shall be set to ensure that there is full protection against unauthorized access. The critical systems shall also be accessed on the basis for their monitoring capability. Processes for logging shall also be established for all the networks, applications and systems. This will provide a framework for avoiding cases of unchecked user input. Physical and identity management controls This section defines all the policy statements required for the security of data center, crucial information systems and institutional data (Warkentin & Vaughn, 2006). The policy statements defines and state way required to implement and maintain the physical controls as follows: 13. The organization shall preside over physical protection required for buildings that contain useful information and systems application. This will involve controlling access of the buildings by ensuring that only the authorized users can go in. a physical protection process shall also be established for crucial data systems and critical information used by the institution. 14. There shall be establishment of a verification and registration process to reside over confirmation of identity and eligibility of the users. This will be useful in facilitating procedures for background checking and hiring of new users. Control shall also be established for management of account life cycle meant for users and the systems. References In Kane, G., & In Koppel, L. (2013). Information protection playbook. Kidlingon, Oxford : Elsevier Warkentin, M., & Vaughn, R. (2006). Enterprise information systems assurance and system security: Managerial and technical issues. Hershey, PA: Idea Group Pub. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Threats And Vulnerabilities Analysis Coursework”, n.d.)
Threats And Vulnerabilities Analysis Coursework. Retrieved from https://studentshare.org/information-technology/1700517-threats-and-vulnerabilities-analysis
(Threats And Vulnerabilities Analysis Coursework)
Threats And Vulnerabilities Analysis Coursework. https://studentshare.org/information-technology/1700517-threats-and-vulnerabilities-analysis.
“Threats And Vulnerabilities Analysis Coursework”, n.d. https://studentshare.org/information-technology/1700517-threats-and-vulnerabilities-analysis.
  • Cited: 0 times

CHECK THESE SAMPLES OF Threats And Vulnerabilities Analysis

Practical Windows Security - The Identification of Vulnerabilities

This report is designed to provide a deep and comprehensive analysis of some of the main issues and areas of Practical Windows Security.... This paper "Practical Windows Security - The Identification of vulnerabilities" focuses on the fact that Common vulnerabilities and Exposures or simply CVE is a record of information security vulnerabilities and experiences that intend to offer frequent names for publicly recognized problems....
11 Pages (2750 words) Case Study

Rogue Access Point Network Security Paper

hellip; As such, it is essential to note that a control system's security analysis requires the sealing of all possible means by which vulnerable activities of hackers and hacking may be expounded (Chen, Ji & Zhang,2013).... nbsp; This implies that it is essential to determine the vulnerabilities that are associated with an organization's control system networks through the seeking of understanding into operations and communication types that could be concomitant to the system....
6 Pages (1500 words) Term Paper

Operational Security

Operations security program ensures law enforcement officers are taught to analyze threats and come up with valid conclusions (Baker, 2005).... Second, an analysis of all the threats should be performed.... Threat analysis entails research and comprehensive of intelligence, open source information and counterintelligence (Andress, 2011).... The third step in the operation security process is the analysis of vulnerabilities.... Information on the capability of the enemy's intelligence was determined during threat analysis....
2 Pages (500 words) Assignment

Threats, Vulnerabilities, and Consequences in School

 This study analyses the following threats, vulnerabilities, and consequences listed below as the ones most likely to affect the school's operations, strategy and mission, information systems, financial stability, reputation, and legal position....  … The school is located in Baltimore County, MD, and offers grades 9-12....
12 Pages (3000 words) Case Study

WEP KEY and Its Vulnerabilities

hellip; analysis of these security vulnerabilities calls for the need to safeguard the network against unauthorized access and cyber attacks proactively.... This paper ''WEP KEY and Its vulnerabilities'' tells that in the recent past, wide usage of wireless networks has been evident.... The vulnerabilities of these wireless networks have also been established.... The paper as well aims to come up with proactive measures that can be incorporated to ensure the wireless networks stay safe and be attack-proof in this age of increased cases of cyber threats (Geier, 2002) How Wired Equivalent Privacy works The Wired Equivalent Privacy was developed by the IEEE, a group that consists of volunteer users....
5 Pages (1250 words) Essay

Security, Crimes, Compliance and Continuity of IT in Enterprises

om with particular reference given to the firm's data protection policy, information security vulnerabilities, risk management, network security, internal control and compliance.... nbsp;The company already performs outstandingly in this regard despite some information security vulnerabilities identified recently.... om with particular reference given to the firm's data protection policy, information security vulnerabilities, risk management, network security, internal control and compliance....
9 Pages (2250 words) Case Study

Risk Analysis Methods

The factors that are used to differentiate in between the risk assessment methods are MSRAM model or Maritime Security Risk analysis Model is a model that has been designed by the US coast guard for the purpose of mitigating the risk of terrorist attacks on US ports and waterways MSRAM was developed as a captain of the port level risk analysis tool soon after the incident of 9/11 occurred.... The common elements that are present are identification of classification of threats, identification of the vulnerabilities that are present and evaluating the impact of the threats (Giannopoulos, Filippini and Schimmer, 2012)....
9 Pages (2250 words) Research Paper

Information Security and Privacy in Healthcare

Some recent research has provided evidence that lack of adequate security measures has resulted in numerous breaches if data and has consequently left patients vulnerable to economic threats, mental anguish, and a possible occurrence of social stigma.... The paper " Information Security and Privacy in Healthcare" discuss technological advancements and adoption of digital patient records, increased regulation, provider consolidation, and the increasing need for information dissemination between the health providers, patients, and all stakeholders....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us