Login Signup
Verified Document

Cyber, Physical, And Social Vulnerabilities In IT Security Term Paper

Related Topics:
Office Space Firewalls Physical Science Computer Viruses
Open Document Cite Document

¶ … worst that could happen to an information system was a natural disaster destroying all information, nowadays, the category of risks has become thoroughly diversified and, because an increasing use of informational systems as data storage and processing tools, it has become more and more important to provide suitable solutions in each situations. In the paragraphs here below, we present a series of problems one may face in ensuring IT security in an organization, together with a set of solutions that may be applied. We have referred to external and internal vulnerabilities, as well as cyber, physical and social ones. External/Internal Vulnerabilities

According to an excellent study by Gerhard Eschelbeck

, there are several generations of external threats and vulnerabilities worth discussing:

First Generation threats comprise external virus attacks, generally by email or forms of file sharing. The main characteristic of these attacks is that human action is needed in order for the virus to be replicated and spread to other computers. Examples from this category include the Melissa Macro virus, the LoveLetter VBScript worm or the SoBig virus.

Second Generation threats refer to "active worms leveraging system and application vulnerabilities"

. Viruses and Trojans are major representatives of this category, characterized by automatic replication and spreading. Common recent examples are the Slapper worm, the SQL Slammer worm and the Blaster worm.

Third Generation external threats are much tougher to handle, as the viruses and worms in this category are much more insidious, targeting viable potential victims in advance and, as such, having a faster propagation. These targets include Instant Messaging and Voice-over-IP systems. Even more worrying, traditional defenses are not always fully effective against these threats.

In terms of internal vulnerabilities, many of them seem to come from Microsoft. Indeed, according to Gerhard Eschelbeck, the top 10 internal vulnerabilities are...

These include keeping anti-viruses up-to-date, "regular security audits of networks and systems"
, patch management and a continuous evaluation and constant feedback on the security policy that an organization has in place. Let's see briefly what each refers to.

The first solution is clearly closely related to the continuous evolution of viruses and worms, direct threats to the information systems. Many anti-viruses have themselves regular updates for new viruses, however, it may be often the case that the program itself needs to be updated or even changed with a more performing one. It is obvious that a Norton Antivirus created ten years ago will no longer be suitable, in spite of updates in its virus database.

The second action is referring to "network audit solutions and systems"

. These are complex management systems that are implemented in order to be able to spot in time possible vulnerabilities, update and install patches where needed and inform upon the need for any update in the security system.

Patch management is related to identifying possible software breaches and crashes and intervening in time to solve these by providing a "timely and consistent remediation process"

Finally, the ongoing evaluation and constant feedback for the security policy is an overall concept and mechanism comprising all three ideas I have already mentioned in the paragraphs here above.

Problem: Physical, Cyber and Human/Social Vulnerabilities

Physical vulnerabilities include hardware, network and communications vulnerabilities. These range from outside attacks on the system (hacker, etc.) to actual breaking and entering the server room, the office space where the systems are located, etc.

Cyber vulnerabilities include breaches in the operating systems and in the software applications that an organization uses. Common examples in this…

Continue Reading...
Sources used in this document:
Bibliography

1. Eschelbeck, Gerhard. Worm and Virus Defense: How can we protect the Nation's Computers from these Threats? Presentation before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Census. September 2003. On the Internet at http://www.qualys.com/research/rnd/vulnlaws

2. Toft, Dorte. Dictionary defines cyber-threats. October 1999. From IDG, on the Internet at http://edition.cnn.com/TECH/computing/9910/04/mitre.dictionary.idg/index.html

3. Tyson, Jeff. How Firewalls work. On the Internet at http://computer.howstuffworks.com/firewall1.htm

4. IT Physical Security. NCI Information Systems release. On the Internet at www.nciinc.com/solutions/nci_itphyssecurity_final.pdf
5. Anton, Philip; Anderson, Robert; Mesic Richard. The Vulnerability Assessment and Mitigation Methodology. National Defense Research Institute. September On the Internet at http://www.rand.org/publications/MR/MR1601/MR1601.pdf
Eschelbeck, Gerhard. Worm and Virus Defense: How can we protect the Nation's Computers from these Threats? Presentation before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Census. September 2003. On the Internet at http://www.qualys.com/research/rnd/vulnlaws
Anton, Philip; Anderson, Robert; Mesic Richard. The Vulnerability Assessment and Mitigation Methodology. National Defense Research Institute. September On the Internet at http://www.rand.org/publications/MR/MR1601/MR1601.pdf
Toft, Dorte. Dictionary defines cyber-threats. October 1999. From IDG, on the Internet at http://edition.cnn.com/TECH/computing/9910/04/mitre.dictionary.idg/index.html
Anton, Philip; Anderson, Robert; Mesic Richard. The Vulnerability Assessment and Mitigation Methodology. National Defense Research Institute. September On the Internet at http://www.rand.org/publications/MR/MR1601/MR1601.pdf
Tyson, Jeff. How Firewalls work. On the Internet at http://computer.howstuffworks.com/firewall1.htm
Toft, Dorte. Dictionary defines cyber-threats. October 1999. From IDG, on the Internet at http://edition.cnn.com/TECH/computing/9910/04/mitre.dictionary.idg/index.html
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Cybersecurity Vulnerability Issues
Words: 2738 Length: 10 Document Type: Research Paper

Cybersecurity Vulnerability What are Vulnerabilities? Hardware attacks because of Vulnerabilities Hardware Data modification / injection The Scientist Argument Secure Coprocessing How organizations can best address its potential impacts Cybersecurity Vulnerability: Hardware Weakness This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware

Read More
Essay
Cyber Firewalls Online Activities Have
Words: 2623 Length: 8 Document Type: Term Paper

This is problematic, as these kinds of issues could lead to wide spread disruptions with no one knowing or understanding where it came from. For example, if a terrorist group was able to master this tool, they could utilize it to attack Western power grids. (Magnuson, 2013) This would create significant amounts of disruptions without having anyone being able to trace what is happening directly. When this occurs, there is

Read More
Essay
Security Issues of Online Communities
Words: 15576 Length: 60 Document Type: Term Paper

This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are:

Read More
Essay
General Aspects on Social Engineering
Words: 5828 Length: 18 Document Type: Research Paper

Social Engineering as it Applies to Information Systems Security The research takes into account several aspects that better create an overview of the term and the impact it has on security systems. In this sense, the first part of the analysis reviews the concept of social engineering and the aspects it entails. Secondly, it provides a series of cases that were influenced by social engineering and the effects each had on

Read More
Essay
Metrics Implementation and Enforcement Security Governance
Words: 2896 Length: 10 Document Type: Research Paper

Metrics, Implementation, and Enforcement (Security Governance) How can you determine whether there has been a malware outbreak? The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior

Read More
Essay
Dod and Cyber Attacks
Words: 1099 Length: 3 Document Type: Term Paper

gathered on the DOD The tools and a description of the how they are used What sort of attacks would work in this case? Give some examples and how you would carry them out What social engineering and physical security aspects were discovered / devised? Give a detailed explanation What methods could you employ to help secure these vulnerabilities? What suggestions would you make to the organization if you were a penetration tester? Attack

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now