Verified Document

Released By The FBI And Research Proposal

Related Topics:

Such reports are either quantitative or qualitative ("What is Risk analysis"). Risk management - includes policies, procedures, and practices needed to identify, analyze, assess, control, and avoid, minimize, or eliminate of intolerable risks. An organization may use risk retention, risk assumption, risk avoidance, risk transfer, or any other strategy to efficiently manage events that might occur in the future ("Risk Management").

Summary

The correlation between software development, risk analysis, risk management and human behavior is a complex association. This multidimensional approach to addressing the issue of IT security requires the explanation of several complicated concepts. This chapter has established what the following research endeavors to uncover. Now that the premise of the research has been established let us review some of the literature devoted to the aforementioned topics.

Chapter II Literature Review

Introduction

Software Engineering, Risk analysis and management, and security threats are all issues that effect organizations. The purpose of this literature review is to explore these issues in greater detail. The literature review will provide some insight into the factors that effect IT security. Let us begin by discussion Practical Software engineering.

Practical Software Engineering

Petkovic, Thompson & Todtenhoefer (2006) explain that changes associated with the globalization of software development necessitate newer ways of teaching software engineering. SE is defined as "The application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software (Petkovic, Thompson & Todtenhoefer, 2006, 294) ." In addition according to a report entitled "Software Engineering 2004: Curriculum Guidelines for Undergraduate Degree Programs in Software Engineering," Software Engineering education should merge computer science elements with engineering, coordination, teamwork, communication and project management matters (Petkovic, Thompson & Todtenhoefer, 2006, 294; "Software Engineering…," 2004).

Additionally standards associated with the delivery of curriculum claim that there is a need for practical project and team-oriented exercises to be incorporated into a significant capstone project. The author insists further that many studies have found that the majority of failures associated with delivering Software "to specs, on time and budget, and to a user "satisfaction" were in misunderstanding user needs, poor design, planning and organization (Petkovic, Thompson & Todtenhoefer, 2006, 294)."

In addition to having the proper capabilities for businesses, software must also be engineered in a manner that ensure the security of the computer system/network on which it operates. In this way software engineering must be viewed in quite broad terms. Moreover the training of software engineers must reflect the needs and security concerns that organizations face within the context of globalization and the widespread use of information technology. Now that practical software engineering has been discussed let us focus the issue of people and security.

People and Security

Attacks on Computer Systems

The increase in the use of computer systems and networks in recent years, has resulted in an increase in attacks. These attacks are both internal and external. According to the National Institute of Standards and technology organizations of all sizes are vulnerable to security threats ("Small business Corner"). The institute even notes that the threat to small and medium sized businesses can be particularly problematic as they are the foundation of the nation's economy. The NIST reports that

"In the special arena of information security, vulnerable SMBs also run the risk of being compromised for use in crimes against governmental or large industrial systems upon which everyone relies. SMBs frequently cannot justify an extensive

security program or a full-time expert. Nonetheless, they confront serious security challenges and must address security requirements based on identified needs

("Small business Corner")."

Indeed no organizations are immune to attack, in fact even the organizations that are responsible for investigating computer crimes have experienced computer attacks. Currently, the FBI and the U.S. Marshalls are dealing with a computer virus that has attacked the organizations' system. According to Barrett (2009) "Law enforcement computers were struck by a mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution (Barrett, 2009)." The article explains that only the external networks of these organizations have been effected by this virus. These external networks do not contain sensitive data and the internal networks are still running smoothly. Although this security issue is still a serious problem, it is not as harmful as...

According to Young (2008) there are several major threats to computer security. These threats are as follows
Malware and Botnets- Botnets involve a number of computers that are connected to the internet and have been infiltrated to spread viruses and/or spam ("Botnet"). The owner of the computer is unaware that their system is being used to spread these harmful transmissions ("Botnet"). Botnets are also known as zombie armies because of the manner in which they are used by the creator of the spam or virus. The author explains that most botnet computers are home systems.

"According to a report from Russian-based Kaspersky Labs, botnets -- not spam, viruses, or worms -- currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion. Computers that are coopted to serve in a zombie army are often those whose owners fail to provide effective firewalls and other safeguards. An increasing number of home users have high speed connections for computers that may be inadequately protected. A zombie or bot is often created through an Internet port that has been left open and through which a small Trojan horse program can be left for future activation. At a certain time, the zombie army "controller" can unleash the effects of the army by sending a single command, possibly from an Internet Relay Channel (IRC) site ("Botnet")."

Although most of the computers used as botnets are home computers, the presence of botnets can be particularly devastating to companies, particularly those involved in ecommerce ("Botnet"). According to the article, the computers contained within the botnet can be programmed to redirect transmission to specific computers. This means that websites can actually be shutdown as a result of having too much traffic caused by the redirected transmissions ("Botnet"). This is known as a distributed denial-of-service attack ("Botnet"). Such attacks are designed to disable a competitors ability to make money ("Botnet"). At the same time such attacks may result in more money for the originator of the attack ("Botnet"). These types of attack are quite common amongst companies that operate solely on the internet.

In fact according to the Georgia Tech Information Security Center,

nearly 15% of online computers worldwide are part of botnets (Young, 2009). This percentage is actually 10% higher when compared to 2008 (Young, 2009). This type of malware is so detrimental and destructive because it is updated faster than the antivirus software that is designed to protect systems from such infiltration (Young, 2009). The article explains that "The bad guys can repack and rerelease their malicious code faster than the good guys can build and distribute antivirus signatures to Identify and block it (Young, 2009)" The abundance of Botnets and other forms of Malware are indeed a major security issue that must be addressed in risk analysis and risk management (Young, 2009).

Thieves. Theft is another major concern for computer systems. Young (2009) explains that there as been a marked increased in the number of thefts involving computers containing sensitive data over the last five years. This type of theft has effected every type of organization from colleges to government agencies. In fact in 2008 nearly thirty colleges reported the lost or theft of various computers containing sensitive data. The author explains that thefts are likely to increase as the size of laptops and flash drives continue to decrease in size. For this reason it recommended that organizations encrypt sensitive information so that thieves cannot access the data even if the flash drive or laptop is stolen.

Employees. can also pose a major security risk to computer systems. In some cases have used their ability to access computer networks legitimately to get customer information such as credit card numbers (Young, 2009). This information has been sold and aided others in identity theft. In other instances employees have been responsible for stealing or losing laptops containing sensitive information. This information has included everything from social security numbers to tope secret government files. In fact several reports have found that security breaches are more likely to come form inside of an organization than from hackers (Young, 2009).

Social Networks. Another major concern is social networking sites. These sites have become more popular in recent years and the risks that they pose has also become more evident. According to Young (2009) Social networking sites are vulnerable to security problems related to phishing. In fact a study conducted by Indiana University found that phishing schemes were more likely to occur through social networking sites, than through email. For this reason organizations must be aware of the types of sites that employees and…

Sources used in this document:
Works Cited

"10 Top IT Disasters." (2007) Retrieved June 5, 2009 from http://www.itepistemology.com/2007/11/10-top-it-disasters-by-zdnet-plus-one.html

Barrett Devlin (2009) Computer virus strikes U.S. Marshals, FBI affected. Associated Press. Retrieved June 1, 2009 fromhttp://www.boston.com/news/nation/washington/articles/2009/05/21/apnewbreak_virus_attacks_us_marshals_computers/

"Botnet." http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1030284,00.html

Charette, R.N.2005. Why Software Fail, IEEE Spectrum, 42
http://www.its.bldrdoc.gov/fs-1037/dir-008/_1198.htm
Douglas, J.Y. "Nature" versus "Nurture": The Three Paradoxes of Hypertext. Retrieved June 2, 2009, from http://web.nwe.ufl.edu/~jdouglas/readerly.pdf
Retrieved June 5, 2009, from http://www.merriam-webster.com/dictionary/hack
http://jacobian.org/writing/syntactic-sugar/
Human Behavior. http://en.wikipedia.org/wiki/Human_behavior
Human Development. Retrieved June 2, 2009, from http://medical-dictionary.thefreedictionary.com/Human+development+(psychology)
"Linguistic Relativity." Retrieved June 2, 2009, from http://en.wikipedia.org/wiki/Sapir-Whorf_hypothesis
Climate Failure. NASA. Retrieved June 2, 2009, from "http://marsprogram.jpl.nasa.gov/msp98/news/mco991110.html
Neumann, P.G. (2006) System and Network Trustworthiness in Perspective. Retrieved June 2, 2009, from http://delivery.acm.org/10.1145/1190000/1180406/p1-neumann.pdf?key1=1180406&key2=3110034421&coll=GUIDE&dl=GUIDE&CFID=39339693&CFTOKEN=94956378
"Neuroplasticity." Retrieved June 2, 2009, from: http://www.medterms.com/script/main/art.asp?articlekey=40362
"PC Basics." Retrieved June 2, 2009, from: http://www.adminxp.com/begin/index.php?aid=230
Petkovic D., Thompson G., Todtenhoefer, R. (2006). Teaching Practical Software Engineering and Global Software Engineering: Evaluation and Comparison. Retrieved June 2, 2009, from http://delivery.acm.org/10.1145/1150000/1140202/p294-petkovic.pdf?key1=1140202&key2=8594224421&coll=GUIDE&dl=GUIDE&CFID=39221703&CFTOKEN=47198951
Risk management. Retrieved June 2, 2009, from http://www.businessdictionary.com/definition/risk-management.html
Small business Corner." Retrieved June 2, 2009, from http://csrc.nist.gov/groups/SMA/sbc/index.html
National Institute for Standards and Technology. Retrieved June 2, 2009, from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
United States General Accounting Office (USGAO). Information security risk assessment, Retrieved June 2, 2009, from; http://www.gao.gov/cgi-bin / getrpt-GAO/AIMD-00-33O; 1999.
"What is Risk analysis." Retrieved June 2, 2009, from http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci1182538,00.html
Cite this Document:
Copy Bibliography Citation

Related Documents

FBI and Witness Protection the
Words: 4925 Length: 15 Document Type: Term Paper

Even thenm once in a while the heads of the more powerful families would meet to work out differences (Meltzer, 1990, pp. 40-41). Still, striking at the mob could not be effected easily by the use of normal investigative methods alone. Indeed, the failure of the FBI to use even those methods in a concerted manner is noted by Kessler (2002), who reports that Hoover usually claimed that the FBI

Release of Information Properly the
Words: 1450 Length: 5 Document Type: Research Proposal

For the patient, there are equally negative consequences, such as medical identity theft, financial loss and potential damage to their health. Medical identity theft can result in erroneous entries to the patient's health care records, which can affect the patient's medical and financial records for a long time (Federal Trade Commission, 2003 & 2007). In each medical facility, there is a need for trained professionals who can properly process

Zalmai Azmi, the FBI's Chief Information Officer
Words: 3349 Length: 11 Document Type: Case Study

Zalmai Azmi, the FBI's chief information officer for the last year realized the need for change, even if it would garner political heat, and decided to implement changes to the organization known as the FBI. The change was related to the growing innovation behind technology and the September 11th attacks. The FBI's technological upgrade has been seen by some as lacking efficacy and reliability. Software dilemmas appear to be piling

DRNC Event: Biological Agent Release
Words: 1405 Length: 4 Document Type: Research Paper

DRNC Scenario Overview of Subject Matter: Biological warfare has got to do with the utilization of a wide range of microorganisms such as fungi, viruses, or bacteria to harm a human target (or in rare cases, to harm plants and animals). Essentially, "biothreat agents have the potential to produce a life-threatening illness" (The U.S. Department of Homeland Security, 2012). Situation: a Democratic-Republican National Convention (DNRC) event has been convened in Miami, Florida. Threat:

The FBI, Counterproliferation, and Weapons of Mass Destruction
Words: 1839 Length: 6 Document Type: Research Paper

The FBI, Counterproliferation, and Weapons of Mass Destruction The United States government significantly increased activities in programs involved in the protection of the nation and the world against weapons of mass destruction (WMD) in 2009 and 2010. The Obama Administration, in December 2009, gave a presidential policy directive aimed at countering biological threats with a focus on infectious illnesses whether such threats were manmade or natural. It was the second such

Is It Time for a Domestic Intelligence Agency in the United States ...
Words: 3243 Length: 10 Document Type: Research Paper

Domestic Intelligence Agency The Necessity of Establishing a New Domestic Intelligence Agency In response to a call for a new Domestic Intelligence Agency, the FBI National Press Office released a statement in 2006 that indicated the strides the Bureau had made in "becoming" an "intelligence-driven organization" since 9/11. The letter's intent was to show the illogicality of those wishing to "tear apart the Bureau" in order to "start a new agency." As Assistant

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now