StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Types and Categories of Threats to IT Systems - Essay Example

Cite this document
Summary
The paper "Types and Categories of Threats to IT Systems" states that CISM is an internationally recognized certification. This certification was specifically designed for information security professionals who work is to oversee the day to day running of the system…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.3% of users find it useful
Types and Categories of Threats to IT Systems
Read Text Preview

Extract of sample "Types and Categories of Threats to IT Systems"

Security of Information Systems is a great concern for many people across the globe who fear that crucial information may fall into wrong hands leading to serious damages to both individuals and organizations. Initially, system executives were mostly worried about forced entry into the computer rooms and destruction caused by natural phenomena like earthquakes, fire and flood. Nowadays, attention has been shifted to hackers who intentionally access information they are not supposed to. Another problem for the MIS executives is the computer viruses. These viruses are not only able to destroy important files; they can also hamper the commands and programs of the systems completely destroying them. Types and Categories of Threats to IT Systems Threats come from many sources and are therefore many. The first type of threat is the Hardware theft. This is refers to theft of tangible computer parts. Servers and laptop are mostly targeted. The second threat is natural disasters like hurricanes, floods, fires and earthquakes. Another threat is manmade attacks. The systems may be at risk from individuals, militia groups and terrorists who are out to cause mayhem. The fourth type of threat is Malicious Software. Viruses replicate themselves from one system to another over a shared network leading to destruction of commands. Viruses are sometimes hidden in Trojan horses which becomes hard for the system execs to recognize them. Data theft by special programs is another threat. Crackers use special programs known as Spybots which they embed in free software. Spybots collect information that may be useful for the crackers. Rootkits is a program that allows crackers to access a system whenever they want to. These malicious softwares can be categorized as Malware, Spyware or Riskware. Mitigation of Threats Most unauthorized access is done through remote access software like GoToMyPc and Terminal Services. This makes it impossible to track or catch the users. In such a case, security should be tightened on system access. Passwords should include longer phrases, include a combination of both upper and lower cases and special characters like percentage sign on the keyboard. This makes it harder for unauthorized users to guess. User interface options like ‘Remember Password’ should be avoided at all costs. Storing of passwords should be done in an encrypted way to ensure their security. Once encryption has been done to passwords, Access Control Lists (ACL) is used to control unauthorized access. An insecure wireless network offers avenues for a system to be attacked easily. Wi-Fi networks and Bluetooth make it easy for a quick attack on a system. Wireless network can be secured using hotspots and passwords to reduce users. This can be done using Firewalls and VPN for connectivity. Legal Investigation and Forensic Investigation Methods Even though FBI and other organization involved in cyber crime are unwilling to disclose the type of methods they use to track down system attackers (they fear that the offenders may know their tactics), investigations involve locating the IP address used in the crime and the ISP address that hacker used. Internet Service Providers store all records and therefore locating the fraudulent act is not hard provided the ISP is known. However, ISPs differ in sizes, larger ones may information for as long as a month while the smaller ISPS dispose off their data very quickly in order to cut down costs. Therefore, an investigator ought to move fast. (Griffith, ‘How to investigate cyber crime’) Once the PCs of the suspect have been seized, forensic experts are called to work. Forensic experts come up with what is called a ‘true copy’ of the drives. This process helps to identify all deleted items that may not be present in the drives. There are also softwares used in the forensic exercise. For faster retrieval of information, the forensic experts narrow down to what they are looking for and not just the general information as this may take a whole lifetime to achieve. If the case involves money laundering, then the experts will concentrate on data involving money. (Griffith, ‘How to investigate cyber crime’) Legal Requirements for Reporting (what are Laws) Laws dealing with cyber crime are mainly divided into two: The National Stolen Property Act (from 1934) and The Economic Espionage (an act of 1996). The latter came as a result of the government’s inability to curb all cyber related crimes like trademark infringements. This act criminalized all forms of trade secret theft. The National Stolen Property Act is by no means related to cyber crime, but federal courts in the US have argued that it can be applied in these crimes. This act criminalizes any act of transmitting goods and services that have been taken fraudulently or stolen. Even though the clause clears talks about physical movement of stolen goods, the courts also claimed that electronic transmission also qualifies. Who is Responsible for Investigating Cyber Crimes? There are many agencies and organizations involved in investigation of cyber crimes. Federal Bureau of Investigation (FBI) which adopted the leading role in fighting this crime set up offices across the country to carry out thorough investigation on this practice. The Bureau also formed the National Infrastructure Protection Center which assesses all forms of computer threats. Apart from the FBI, there are other agencies involved: the Criminal Intelligence Agency (CIA), the Computer and Telecommunication Coordinator Program (CTC) which was formed in 1995 to control all forms of threats in the Justice Department. At least one CTC expert is linked to every attorney’s office. Security Measures for Databases Securing database systems can be achieved in two different ways: data loss recovery and inhibiting unauthorized access. Sometimes data loss may be inevitable like in the case of an earthquake. To be on the safe side, it is better for database management system to have facilities that back up both log files and the database transactions at regular intervals (Connolly and Begg 550). the backed up information should be stored in a secure location. Storage of information can be done using the RAID technology, which ensures that there is no data loss even when the disks are damaged (Silberschatz et al. 723). DBMS should be secure from unauthorized access. The most secure way is to use encryption in the system. This will hide information from crackers. Limits can also be place on the DBMS to allow only authorized to personnel to access them. Defining users to specific areas and assigning complex passwords can go a long way to control hackers. Specified personnel are only allowed to access specific databases and not all of them. (Coronel et al. 632) Security Measures for Networks An insecure network is prone to attacks by hackers. System executives should strive to adopt the following security measures to ensure that the network is secure from attacks. Activation of firewalls is the only way of preventing Trojans, Worms and Viruses from attacking the system. Terminal settings which gives the administrator ultimate power to alter the system and not any other person will ensure that the system is only vulnerable to one person, administrator. Security settings should be altered by the administrator. IP and port blocking software should be installed to prevent malicious software from penetrating through the antivirus. Personal emailing should be discouraged within the company’s premises. Wi-Fi network should be protected using a password. And lastly, physical security should be upheld to reduce PC and Laptop thefts. Insider Threat An insider threat is defined as a threat perpetrated by a person who has full or partial access to a system. Not only does the insider have authorized access to the system, he or she is also familiar with procedures and guidelines that govern a system. Most organizations are always concerned about external threats that they neglect internal attacks which are far much severe. Recent studies have shown that insider attacks account for a minor percentage of all attacks but they are more disastrous than the external threats. Organizations can be protected from this type of threat using the Internal Intrusion Detection Systems (IDS). This program checks all data movements and access. A good example of an insider attack occurred in 2008 at the San Francisco Department of Telecommunications and Information Services. The perpetrator was Terry Childs who was an engineer at the company. He changed all passwords, shutting the FiberWan for twelve days and costing the city $900,000 in damages. Infrastructural Attacks This can be defined as an attack on an organization’s computer system with the intention of destroying it completely. Flame, Red October, Shamoon and Stuxnet are few examples of cyber threats that attack an organization’s infrastructure and completely destroy it. They target nuclear, oil and gas companies with the intention of squandering money and information from them. The main reason why companies are under infrastructural attacks is because their systems were not built with security in mind. Operational Technology systems like Industrial Control Systems and SCADA were designed using the old traditional systems that lacked ways to control external attacks. Most infrastructural attacks come as a result of what is known ‘spear-phising attack’. This refers to the act of opening a malicious email containing a malware, allowing the attackers to access the network. Top Three Malware Attacks Currently Occurring According to Global Corporate IT Security Risks 2013 survey carried out by Kaspersky Lab and B”B International, Malware attacks increased in 2013 compared to 2012 (Kaspersky, ‘Malware, spam and phising: the threats most commonly encountered by companies’). Most companies named viruses, spyware and worms as the usual suspects. The figure stands at 66% in 2013 while in 2012, the figure was 58%. In South America, viruses ranked as the number one threat while spyware came second. In North America and Russia however, spam ranks as the number one threat. The worst hit countries by Malware attacks include: South American countries, Russia and North America. (Kaspersky, ‘Malware, spam and phising: the threats most commonly encountered by companies’) Security Certifications, What are they, discuss three and what it takes to get one, and which are best There has been a tremendous increase in the information security profession. This may be due to increase in system attacks that lead to billions of dollars each year. A profession in this field is supposed to control system access, carry out investigations of possible attacks, and back up information. Security Certification refers to training of individuals in the field of information security to enable them fight off Malware attacks. The best information security certification include: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Security Software Lifecycle Professional (CSSLP). CISSP offer the general standard of security certifications and is accepted by the National Security Agency and the Department of Defense. All Department of Defense employees must go through this module. Some of the requirements of this certification include: work experience of five years in the information security field, accepting CISSP code of ethics, no criminal history or background, pass CISSP exam with 700 points or more (there are 250 questions that should be answered in a duration of 6 hours) and an endorsement by a qualified CISSP professional that everything you claim is true. CISM is an internationally recognized certification. This certification was specifically designed for information security professionals who work is to oversee the day to day running of the system. Qualifications for this certificate include: passing the CISM examination, experience in the field information security, accepting the code of ethics and complying with the continued study program after attaining the certificate. CSSLP is the newest type of certification that ensures security is maintained throughout the software lifecycle. It has seven domains that ensure security is highly maintained. The requirements are like those of CISM; only difference is that you have to go through CSSLP exam and pass and also accept the code of ethics. References 1. Benjamin, Plackett. How to catch a cyber criminal. The Connectivist, n.d. web. June 26, 2013.a 2. Deflem, Mathieu, and J. Eagle Shutt. Law Enforcement and Computer Security Threats and Measures, 2006. 3. Connolly, T. M. & Begg, C. E. Database Systems: A Practical Approach to Design, Implementation and Management, Harlow, Essex, England, Pearson Education Limited, 2005. 4. Coronel, C., Morris, S., Rob, P. (2009). Database Systems: Design, Implementation and Management. Boston, MA, USA, Cengage Learning, 2009. 5. Defense Information Systems Agency. Database Security Requirements Guide Version 1, 2012. Web, 25 Feb. 2014. 6. Elmasri, R. & Navathe, S.B. Fundamentals of Database Systems, USA, Addison-Wesley, 2010. 7. ‘Malware, spam and phising: the threats most commonly encountered by companies.’ Kaspersky. n.p. web. 2014. 8. David, Griffith. How to investigate cyber crime, Nov 1, 2003. 9. Ulanoff, Lance. Computer Trouble Isn`t Always What You Think It Is, Nov. 2010. 10. Upasan G. Top 5 Certifications for 2012: Ethical Training, Security Incidents Push Demand, Dec 2, 2011. 11. Vernon, Mark. Top Five Threats, 2014. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Types and Categories of Threats to IT Systems Essay Example | Topics and Well Written Essays - 1750 words, n.d.)
Types and Categories of Threats to IT Systems Essay Example | Topics and Well Written Essays - 1750 words. https://studentshare.org/information-technology/1810944-mis-and-security
(Types and Categories of Threats to IT Systems Essay Example | Topics and Well Written Essays - 1750 Words)
Types and Categories of Threats to IT Systems Essay Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/1810944-mis-and-security.
“Types and Categories of Threats to IT Systems Essay Example | Topics and Well Written Essays - 1750 Words”. https://studentshare.org/information-technology/1810944-mis-and-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Types and Categories of Threats to IT Systems

Enterprise Networking and Security

Organizations normally install a firewall and even intrusion detection systems that trigger alerts of any suspicious activity, as these two components only cover the technical domain and not the human and physical domain.... Moreover, there are no advanced security appliances such as Intrusion detection systems for analyzing and monitoring any suspicious activity that may possibly become a threat to the University's computer network.... Secondly, internal and physical security will discuss human threats, physical access to server rooms and servers, sensors and sprinklers, etc....
12 Pages (3000 words) Report

Network Security

Organizations normally install a firewall and even intrusion detection systems that triggers alerts of any suspicious activity, as these two components only covers the technical domain and not the human and physical domain.... Moreover, there are no advanced security appliances such as Intrusion detection systems for analyzing and monitoring any suspicious activity that may possibly become a threat to the University's computer network.... Secondly, internal and physical security will discuss human threats, physical access to server rooms and servers, sensors and sprinklers etc....
16 Pages (4000 words) Research Paper

Combining Anomaly and Signature based Intrusion Detection Systems

In order to enable advanced security measures, Intrusion Detections systems are recommended for corporate networks.... hellip; To sum up, many studies and researches have been conducted to overcome issues related to the detection techniques, still, there were loopholes for threats and vulnerabilities to sneak in.... On the other hand, threats and vulnerabilities related to data communication networks are significantly increasing.... The word 'known' is important because threats that are detecting so far are categorized as known threats and are called signatures....
8 Pages (2000 words) Essay

Personality Type Theory's Implications for Health Care

The theory was also further developed to establish the categories of Personality Type C and Personality type D.... Blood Clots and High Cholesterol: Other less researched threats are the formation of blood clots in major blood supply systems and the presence of high cholesterol.... A personality type theory that helps categorize people into behavioral categories (that have certain overriding styles that affect health) is the one developed by the two cardiologists, Meyer Friedman and Mike Jordan in the 1950's....
4 Pages (1000 words) Essay

Traditional and Wireless IDS/IPS Techniques

IDS are of many types and organizations choose the best possible type that suits their prioritized mission-critical systems.... The types include network-based IDS, host-based IDS, and software-based IDS.... These types are further categorized into signature-based IDS which is also referred as misuse detection, and Anomaly Detection.... Before demonstrating steps for capturing and eliminating the attack, we will compare the two types of IDS/IPS i....
5 Pages (1250 words) Research Paper

Technology Evaluation and Recommendation

The risk assessment gives a ground on which to implement security plans in order to protect assets of an organization from possible and impending threats.... hellip; In order to improve the security of assets against threats, it is important to find out.... The risk assessment gives a ground on which to implement security plans in order to protect assets of an organization from possible and impending threats.... In order to improve the security of assets against threats, it is important to find out....
3 Pages (750 words) Research Paper

The Process of the Passenger Profiling

Through, the development of airports, economies of different countries have… Airports operation can be disrupted in the following ways, these include, terrorism threat, presence of an infectious disease or even catastrophes All these are may stop the operation of an airport and in order to avoid such occurrences strict measures should be put in place to combat these threats before they take place.... Some of the mechanism to combat these threats include; development of passengers and goods screening....
6 Pages (1500 words) Essay

Security of Information in Commercial or Business Organisations

Therefore, this paper intends to explore some significant security concepts, as well as the existing categories of threats to commercial assets.... The management of vulnerabilities and threats to assets is a major challenge for business organizations.... The management of vulnerabilities and threats to assets is a major challenge for business organizations.... As threats to and vulnerabilities in assets may not be fully avoided, it is crucial that both should be suitably mitigated....
15 Pages (3750 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us