Computer Science

Write a four (4) page paper in which you: 1. For each malicious attack and threat identified in Assignment 1, choose a strategy for dealing with the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). 2. For each malicious attack and threat identified in Assignment 1, develop controls (i.e., administrative, preventative, detective, and corrective) that will be used to mitigate each risk. 3. For each vulnerability identified in Assignment 1, choose a strategy for dealing with the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). 4. For each vulnerability identified in Assignment 1, develop controls (i.e., administrative, preventative, detective, and corrective) that will be used to mitigate each risk. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the students name, the professors name, the course title, and the date. The cover page and the reference page are not included in the required page length. Attached is Assignment one.

Running Head: IDENTIFYING POTENTIAL MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

5

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

Melissa Ison

Strayer University

This paper is aimed to address concerns about malicious activity and the protection of the intellectual property and highly sensitive data maintained by an organization. As one of the first tasks with the organization, this paper identifies potential malicious attacks, threats, and vulnerabilities specific to an organization.

The security of a specific company depends not only on its internal (characteristic) vulnerabilities, but also on the vulnerabilities of the infrastructures it relates to (depending or dependent). Moreover, recognizing vulnerability as a weakness of the system makes the security of a given infrastructure being jeopardize in the same manner by unintentional events and the factors that may take advantage of a given vulnerability. Of particular relevance are the malicious acts that can use vulnerabilities for launching an aggression against the infrastructure (being terrorism, war, activists or antagonists of different kind).

All companies and organizations face a certain level of risk associated with various threats. These threats may be the result of natural events, accidents, or intentional acts to cause harm. Regardless of the nature of the threat, a systematic analysis is required, which should entail identifying relevant actions regarding the protection and prevention of the threats, and the detection, reaction and mitigation of the attacks. Threat assessments should consider the full spectrum of threats (i.e., natural, criminal, terrorist, accidental, etc.) for each installation. In the specific case of infrastructures, this assessment should also have to look at different locations and facilities. The assessment should consider supporting information in order to evaluate the likelihood of occurrence for each threat.

For natural threats, historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, or earthquakes can be used to determine the credibility of the given threat.Evaluating a terrorist threat is a much more difficult problem. The attractiveness of the facility as a target is a primary consideration. However, measuring‘attractiveness’ is most of the times a subjective process, which lacks of quantitative procedures. In addition, the type of terrorist act may vary based on the potential adversary and the method of attack most likely to be successful for a given scenario. For example, a terrorist wishing to strike against an energy infrastructure may be more likely to attack isolated installations than to attack a power station with permanent personnel and guarded fences.

As an organization’s dependency on computers and network communications increases, so does its vulnerability to information security compromises. Almost every week the media reports on new computer crimes, system break-ins, malicious code attacks, and the ever-growing threat of cyber terrorism. Current research on network security shows three realities that organizations must consider:

• Threats to computer systems and networks are increasing

• Damage caused by malicious attacks is rising

• Systems without appropriate security are easy hits for hackers

Many types of information must be protected by law. In the United States, the Gramm-Leach-Bliley Act requires companies to notify consumers of their privacy policies and to provide opt-out provisions for consumers who do not want their personal information distributed beyond the company. In addition, the Gramm-Leach-Bliley Act protects nonpublic financial data. Data stored on computers that have even a remote possibility of containing information such as social security numbers, credit card and financial account numbers, account balances, and investment portfolio information must be protected.

Given time, resources, and motivation, a cracker can break into nearly any system. At the end of the day, all of the security procedures and technologies currently available cannot guarantee that any systems are safe from intrusion. Routers help secure gateways to the Internet. Firewalls help secure the edge of the network. Virtual Private Networks safely pass data in an encrypted stream. Intrusion detection systems warn you of malicious activity. However, the success of each of these technologies is dependent upon a number of variables, including:

· The expertise of the staff is responsible for configuring, monitoring, and maintaining the technologies.

· The ability to patch and update services and kernels quickly and efficiently.

· The ability of those responsible to keep constant vigilance over the network.

Given the dynamic state of data systems and technologies, securing corporate resources can be quite complex. Due to this complexity, it is often difficult to find expert resources for all of your systems. While it is possible to have personnel knowledgeable in many areas of information security at a high level, it is difficult to retain staffs who are experts in more than a few subject areas. This is mainly because each subject area of information security requires constant attention and focus. Information security does not stand still.

Security has one purpose: to protect assets. For most of history, this meant building strong walls to stop the enemy and establishing small, well-guarded doors to provide secure access for friends. As e-business and Internet applications continue to grow, the key to network security lies in defining the balance between a closed and open network and differentiating the good guys from the bad guys.

With the increased number of LANs and personal computers, the Internet began to create untold numbers of security risks. Firewall devices, which are software or hardware that enforce an access control policy between two or more networks, were introduced. This technology gave businesses a balance between security and simple outbound access to the Internet, which was mostly used for e-mail and web surfing.
Most people expect security measures to ensure the following:

· Users can perform only authorized tasks.

· Users can obtain only authorized information.

· Users cannot cause damage to the data, applications, or operating environment of a system.

The word security means protection against malicious attack by outsiders (and by insiders). Statistically, there are more attacks from inside sources. Security also involves controlling theeffects of errors and equipment failures. Anything that can protect against an attack will probably prevent random misfortunes, too.

After you have identified the network components, you can assess their vulnerabilities. These vulnerabilities could be weaknesses in the technology, configuration, or security policy. Any vulnerability you discover must be addressed to mitigate any threat that could take advantage of the vulnerability. Vulnerabilities can be fixed by various methods, including applying software patches, reconfiguring devices, or deploying countermeasures, such as firewalls and antivirus software. Many websites list the vulnerabilities of network components, and the manufacturers of operating systems and components that list vulnerabilities of their products sponsor many websites.

The number of broadband connections to the Internet from homes is exceeding projections. Many businesses are finding that multiple connections to the Internet no longer suffice. Current software-based security approaches have problems. Many organizations provide useful information for security professionals. These organizations provide information on detecting and responding to both established and emerging information security threats. Information about operating system weaknesses, best practices for security, and security training and certification information is also available. Independent security evaluations have arisen to provide organizations with an unbiased and objective review of security products.

References:

Angela Russo, (2009). Risk Assessment of Malicious Attacks Against Power Systems

http://www.cds.caltech.edu/~utopcu/images/d/d5/Getachew1

Karen Scarfone, (2008). Technical Guide to Information Security Testing and Assessment

http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115

Sasha Maggio, (2011). The Security Vulnerability Assessment Tools

http://www.ehow.com/info_8574232_security-vulnerability-assessment-tools.html

Admin, (2010). Networking and Security

http://www.techsoupforlibraries.org/book/export/html/592