Abstract
Security is beneficial to every company, spending nothing on security may save your business money in the short term but you only have to look back at the consequences Epsilon suffered due to lack of a quality security configuration making an estimated $4 billion loss due to negligence in their own network security system.
Contents
Abstract 1
Introduction 1
DBA 1
Security threats 2
Security breach examples 3
Security software 3
Security planning 3
Implementation 5
Authentication 5
Legislation 5
References 6
Bibliography 6
Introduction
Security is a major factor in computing today with so many companies if not all nowadays with a computer system of some sort from a basic customer database to a say confidential hospital
…show more content…
(Cwjobs.co.uk, 2016)
Security threats
The top 3 security risks as of 2015 were as follows: -
Excessive and unused privileges
When an employee is granted database privileges that surpass the requirements of their position, these excessive privileges could be abused. In example, a bank employee whose job requires the ability to change only basic account holder contact info could take advantage of excessive database privileges and add funds to their account balances or of a colleague’s savings account. Further, when someone changes position within a business or leaves it, usually his or her access rights to sensitive data do not change. In the latter case, if these employees depart on bad terms, they can use their old access privileges to commandeer high value data or inflict damage in a revenge attack. This tends to happen because privilege control mechanisms for job roles were not well defined or maintained. Therefore, employees may be granted generic or default access privileges that surpass their actual job requirements, or even when they just accumulate such privileges over time changing positions within the business.
(Anon, 2016)
Privilege
The problem experienced by the Wayward Pines Public Library of having one of their public access computers (PAC) becoming a zombie member of a Botnet army is not an isolated one.
Technology has facilitated the use of transiting data. With that in mind, sensitive information must be kept within close safe guards. Failure to protect vital information may facilitate its retrieval by criminals or those with malicious intents to use that data unethically. Individuals with access to material non-public information may sell that information to an outside party for profit. Likewise, these individuals may harvest this data within their perimeters to use as ammunition to defraud or blackmail an organization. Employers need to be wary of the threat of insiders exposing sensitive information to outside parties. “An insider is anyone who has intimate knowledge of internal operations and processes, or trusted access to
Any enterprise has to pay special attention to computer security. Computer security is a field that is concerned with the control of risks related to computer use. A primary focus should be on the external threats to the computing environment. In enterprise with branches cross country, it is important to allow information from "trusted" external sources, and disallow intrusion from anonymous or non-trusted sources. In a secure system, the authorized users of that system are still
Organizations often revoke the privileges of employees once they decide to move on to other employment opportunities. This is a step taken to try to maintain a secure environment and protect data from outsiders, such as competitors. The difference in this article is the theft of data was connected to an current employee as well as former employees. An incident like this proves that security is the responsibility of all employees.
Members of the Emergency Management Team or Team Coordinators will instruct all individuals to evacuate at Rally Point “X” located behind the church through word of mouth.
The data collected and distributed in every organization is a very important resource; therefore, all personnel in the organization must be aware of the security threats present and the measure to take to prevent data breach or leak. Data leak can occur unintentionally or intentionally. For example, if the employee is being careless with sensitive data and leaving it in the open for others to access it this would be an unintentional data leak. An intentional leak would be when a disgruntled employee gives sensitive information to other competitors. The responsibility for database protection goes to the database administration. It’s their task to develop the procedures and policies to avert data breach. The database
I am currently on an Information Security Project. I was not allow to make ref to it until permission is grant by VP. The ABC hospital is a local hospital situated in Texas State. ABC hospital patient currently accesses their heath records over public network. However, ABC hospital believed network application should be strongly encrypted with guaranteed confidentiality, authentication and integrity. The ABC hospital plan is to have a networked application built securely and provide high availability as well as protecting information. If the network application is securely build as plan, the hospital will be able identify the authoritative source of data indicating where the data is coming from and knowing to what extent the hospital can
Speaking of life’s experiences, there was one night on Security 8 that became something that would haunt me the rest of my life. Security 8 was an entry control point to the Elephant Cage area. The Elephant Cage measured about 850 feet wide by 100 feet high and contained a circular arrangement of antennas. The antennas could locate signals thousands of miles away with an accuracy of three degrees or better. The 6922 Electronic Security Squadron operated the elephant cage, which was used to gather intelligence during the Cold War. Just in case you wondered, there were no elephants housed there while I was at Clark.
The Department of Homeland Security realized its in-ability to protect key assets and critical infrastructure if it perused a government alone approach and has focused on partnerships. A government alone approach, as Michael Chertoff, Secretary of the US Homeland Security, noted is not sustainable "It is beyond Washington's means to assume the burden of micromanaging every critical business activity in the United States or supplying sufficient personnel to guarantee a reduction in the vulnerabilities of these activities." (Chertoff, 2008-09). To effectively protect key assets and critical infrastructure DHS focus on equal public-private partnerships.
The Oxford American Dictionary of Current English defines admonition as “to reprove. Urge. Give earnest advice to. Warn”. Understanding this how do we employ admonitions systems to information technology to make it more useful in-regards to Network and system security? Using admonition software we are attempting to create an environment that will either prevent data from being in-advertently distributed across networks. Act as a deterrent to those trying to access the network illegally. Or warning users of the potential harm their actions may cause. In developing an IT security strategy,
A firewall is a mechanism that keeps certain kinds of network traffic out of a private network.
Another risk of IT security is because of hackers and their malicious nature, massive loss
The concerns about security are a major deterrent to companies considering the use of technology (Kearney, Chapman, Edwards, Gifford, & He, 2004). The security threats are caused by angry or disgruntled employees, dishonest employees, criminals, governments, terrorists, the News and press, competitors of other businesses, hackers, crackers, and natural disasters or unforeseen events that may occur. The vulnerabilities are the areas that have yet to be found, updated, or patched. The vulnerabilities are caused by software bugs, broken processes, ineffective controls, hardware flaws, business changes, old or legacy systems, inadequate business continuity plan, and of-course human error.
Many violations and unsecured activities has been going on for too long without resolutions. These violations and unsecured activities include leaving websites open for long periods, sending personal identification information (PII) in emails, leaving the work station logged in unattended, and not logging out at the end of the work day. In addition, sending classified information through unclassified channels. By conducting these types of activities can be a hackers dream come true. “America must also face the rapidly growing threat from cyber-attacks. Now, we know hackers steal people 's identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control
Customer expectations- People expect the security systems to be advanced, easy to handle and are affordable for themselves.