SlideShare une entreprise Scribd logo

Research Paper

B
Brian Kasha
TechnologieBusiness
1  sur  5
Kasha 1 Brian Kasha AP Literature Mrs. Corbett 10/14/11 Senior Project Paper Information Security is critical in the world of computing. Business must be able to trust system administrators with keeping their vital information stored on network servers. However, with the nature of the information that administrators are tasked with holding, comes many entities willing to obtain these secrets through illegal or even unmoral methods. This coupled with internal security issues creates a plethora of problems for security professionals. This paper will now proceed to analyze current threats that major companies face while attempting to offer solutions to these conundrums. Often issues arise from a lack of basic understanding of how to secure servers and systems. Without this basic skill set, many company security structures are doomed to be ineffective from their very inception. Physical security is of the utmost importance when attempting to secure a server and is often overlooked (Dhar 1). If potential threats are allowed direct access to a target system, only harm can ensue. For example one with direct access to a computer could boot the system into single user administrative mode or even boot an entirely different operating system in order to compromise the box. This catastrophe can be avoided if, “Only authorized users have physical access to the hardware. This can typically be ensured by the use of badges, cards, or other forms of ID” (Dhar 1). Systems that are improperly configured during installation of the OS are another basic target for cyber criminals. A system without proper hard drive partitioning, boot loader security, root password security, or one with unnecessary services running is often the target of malicious
Kasha 2 attacks (Dhar 4). Hard drive partitioning segments a system into different parts. This means that if someone gains unauthorized access to one partition, they wont necessarily be able to access other parts of the box. Boot loader security should be in place in order to prevent unintended changes to a system on boot. Passwords are also critical. Easy passwords with very few characters are easy pickings for hackers. Finally unnecessary services are never a good thing. They provide yet another means of entry into a improperly configured system. In many cases, the very system set up to provide security is the reason that security never improves. Big security companies are, by definition, reactive to their environment. This means that they rarely attempt to proactively protect against future threats and instead focus of reacting to threats that have already been identified (Utin 3). The time, energy, and resources spent protecting from already known threats detract from preparation for the future. A modest proposal would be to equally focus on both spectrum: the present and the future. If more resources were allotted for research into predicting future threats, the security world would be better prepared to meet this threat. In fact, the decreasing impact that future situations would have on companies would allow these companies to focus more on eradicating existing threats. With this mode of operation, already practiced by some, security would greatly improve in only a 5 year span (Utin 5). This is an ideal worth striving for. Another issue that needs discussing is that of business politics interfering in the information security world. Hiring of security professionals is an act controlled by a business. However, most of the decision makers have little to no knowledge of what characteristics to look for in an adequate information security employee. Utin describes it this way, “If you look at a typical job requirements list for a system administrator, you will see a laundry list of operating systems, hardware, software, and so forth. If you compare that to the job requirements of a
Kasha 3 security specialist, you’ll see a similar if not identical laundry list. This identikit quality comes from management’s lack of understanding of information security and its unique needs” (Utin 7). This is a significant issue and employers need to be better educated about the positions they are hiring. The very nature of big business also hinders security. An exuberant amount of legality and protocol often interfere with securities day to day job. For example, a U.S. security contractor found 60 systems with blank administrator passwords. This task should have taken approximately 2 days to complete. However, due to the need to inform his superiors, ask for permission, and provide a detailed explanation of the solution to this issue, these systems went unsecured for 60 days. If the public had found out about the incident during this time period, it could have been catastrophic to government sector he was tasked with protecting (Utin 5). If security professionals were allowed to do there jobs without repercussion from business, problems could be solved much more efficiently. The practice of chain of command however is not likely to dissipate any time in the foreseeable future. Businesses also have a problem with keeping employees invested in the success of the company. If a security breach takes place, how will it affect them? It will only harm the company. How then can individuals, the most important part of any security system, be expected to protect the company? One way is through the use of incentives. Pay people more to, in the long run, save the company money. By connecting a persons livelihood to a job, these incentives directly correlate with the loyalty one feels to a company and its success. A companies profit motive also directly affects their security decisions. The most numerous security breaches are going to cost very little in damages to the company, therefore they just are not going to pay for a fix that may cost more money. This practice is not damaging
Kasha 4 to a company in the short run yet small security breaches in the past can grow into big problems for the future. A correlation has also been shown between information security breaches and a companies market value. “While some studies have shown a statistically significant negative correlation between information security breaches and the stock market returns of firms, other studies have found no significant relation. In a similar vein, the empirical results of studies examining the relation between specific types of information security breaches (e.g., breaches of confidentiality) and the stock market returns of firms have also been mixed” (Gordon 2). This conflicting data has caused many businesses to not take this threat as a serious attack on their profits. They have in many cases just learned to deal with it and do not even try to prevent it. This backing off by business has in itself fueled the growth of cyber crime since it is, for the first time since the Internet’s inception, once again proving to be very profitable. This profitability of cyber crime is supplying a constant stream of new recruits to the underground world. Record levels of cyber crime, both large and small, is being committed. This increase in attacks has proved strenuous on the security community. For example, companies such as Sony, Pay pal, Visa, and Bank of America have been targeted for political, moral, and financial reasons. The threat of political and moral hackers, known as “Hacktavists”, has proved difficult for security professionals. This transformation from profit motivation to political motivation has in many cases strengthened the hacking movement. Hackers are no longer fighting uneven battles against super wealthy corporations. Hacktavists are gaining significant monetary support from supporters of their various causes. This has allowed them to grow in strength. The media attention that hackers have been receiving, though negative, is actually
Kasha 5 supporting the movement. Hacking groups such as the now infamous LulzSec or segments of the collective called Anonymous have been ingrained in television media due to their humorous, though illegal, exploits. The younger viewers of such TV see them as hero’s of a sort for taking on the all powerful corporate world. This media attention is unknowingly fueling there exploits. In conclusion, The security industry has a long way to go. The list of problems encountered seems to never end and is constantly growing. These problems, both internal and external, are just a few in a violent information war going on around the world everyday. Due to the nature of what information security experts must protect, this industry in quickly going to become one of the most important in the world.

Recommandé

ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Tuan Phan
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 

Recommandé

ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Tuan Phan
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Universidad Cenfotec
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & ProtectMike McMillan
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?touchdown777a
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Bichih 3
Bichih 3Bichih 3
Bichih 3Degi Ham
 
Speech
SpeechSpeech
SpeechBrian Kasha
 

Contenu connexe

Tendances

Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Universidad Cenfotec
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 

Tendances (20)

Websense
WebsenseWebsense
Websense
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 

En vedette

Mastering social media for PR campaigns
Mastering social media for PR campaignsMastering social media for PR campaigns
Mastering social media for PR campaignsTeri Cooper
 
Final Presentation
Final PresentationFinal Presentation
Final PresentationBrian Kasha
 
Projeto ic
Projeto icProjeto ic
Projeto icfelipenw
 
Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1nistryan
 
3 angi hicheel
3 angi hicheel3 angi hicheel
3 angi hicheelDegi Ham
 
3 r doloo honog
3 r doloo honog3 r doloo honog
3 r doloo honogDegi Ham
 
Sote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenneSote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenneOssi Stenholm
 
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versioLiiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versioOssi Stenholm
 
Verotuskoulutus 20091103
Verotuskoulutus 20091103Verotuskoulutus 20091103
Verotuskoulutus 20091103Ossi Stenholm
 

En vedette (16)

Bichih 3
Bichih 3Bichih 3
Bichih 3
 
Speech
SpeechSpeech
Speech
 
Ayalal 1
Ayalal 1Ayalal 1
Ayalal 1
 
Mastering social media for PR campaigns
Mastering social media for PR campaignsMastering social media for PR campaigns
Mastering social media for PR campaigns
 
1,2주
1,2주1,2주
1,2주
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
Projeto ic
Projeto icProjeto ic
Projeto ic
 
Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1
 
3 angi hicheel
3 angi hicheel3 angi hicheel
3 angi hicheel
 
3 r doloo honog
3 r doloo honog3 r doloo honog
3 r doloo honog
 
Ayalal 5
Ayalal 5Ayalal 5
Ayalal 5
 
Cera sldshare part 1
Cera sldshare part 1Cera sldshare part 1
Cera sldshare part 1
 
Sote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenneSote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenne
 
Adm procesos
Adm procesosAdm procesos
Adm procesos
 
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versioLiiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versio
 
Verotuskoulutus 20091103
Verotuskoulutus 20091103Verotuskoulutus 20091103
Verotuskoulutus 20091103
 

Similaire à Research Paper

Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfrohit219406
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 

Similaire à Research Paper (20)

Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdf
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_Hill
 
Retail
Retail Retail
Retail
 

Dernier

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Dernier (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Research Paper

  • 1. Kasha 1 Brian Kasha AP Literature Mrs. Corbett 10/14/11 Senior Project Paper Information Security is critical in the world of computing. Business must be able to trust system administrators with keeping their vital information stored on network servers. However, with the nature of the information that administrators are tasked with holding, comes many entities willing to obtain these secrets through illegal or even unmoral methods. This coupled with internal security issues creates a plethora of problems for security professionals. This paper will now proceed to analyze current threats that major companies face while attempting to offer solutions to these conundrums. Often issues arise from a lack of basic understanding of how to secure servers and systems. Without this basic skill set, many company security structures are doomed to be ineffective from their very inception. Physical security is of the utmost importance when attempting to secure a server and is often overlooked (Dhar 1). If potential threats are allowed direct access to a target system, only harm can ensue. For example one with direct access to a computer could boot the system into single user administrative mode or even boot an entirely different operating system in order to compromise the box. This catastrophe can be avoided if, “Only authorized users have physical access to the hardware. This can typically be ensured by the use of badges, cards, or other forms of ID” (Dhar 1). Systems that are improperly configured during installation of the OS are another basic target for cyber criminals. A system without proper hard drive partitioning, boot loader security, root password security, or one with unnecessary services running is often the target of malicious
  • 2. Kasha 2 attacks (Dhar 4). Hard drive partitioning segments a system into different parts. This means that if someone gains unauthorized access to one partition, they wont necessarily be able to access other parts of the box. Boot loader security should be in place in order to prevent unintended changes to a system on boot. Passwords are also critical. Easy passwords with very few characters are easy pickings for hackers. Finally unnecessary services are never a good thing. They provide yet another means of entry into a improperly configured system. In many cases, the very system set up to provide security is the reason that security never improves. Big security companies are, by definition, reactive to their environment. This means that they rarely attempt to proactively protect against future threats and instead focus of reacting to threats that have already been identified (Utin 3). The time, energy, and resources spent protecting from already known threats detract from preparation for the future. A modest proposal would be to equally focus on both spectrum: the present and the future. If more resources were allotted for research into predicting future threats, the security world would be better prepared to meet this threat. In fact, the decreasing impact that future situations would have on companies would allow these companies to focus more on eradicating existing threats. With this mode of operation, already practiced by some, security would greatly improve in only a 5 year span (Utin 5). This is an ideal worth striving for. Another issue that needs discussing is that of business politics interfering in the information security world. Hiring of security professionals is an act controlled by a business. However, most of the decision makers have little to no knowledge of what characteristics to look for in an adequate information security employee. Utin describes it this way, “If you look at a typical job requirements list for a system administrator, you will see a laundry list of operating systems, hardware, software, and so forth. If you compare that to the job requirements of a
  • 3. Kasha 3 security specialist, you’ll see a similar if not identical laundry list. This identikit quality comes from management’s lack of understanding of information security and its unique needs” (Utin 7). This is a significant issue and employers need to be better educated about the positions they are hiring. The very nature of big business also hinders security. An exuberant amount of legality and protocol often interfere with securities day to day job. For example, a U.S. security contractor found 60 systems with blank administrator passwords. This task should have taken approximately 2 days to complete. However, due to the need to inform his superiors, ask for permission, and provide a detailed explanation of the solution to this issue, these systems went unsecured for 60 days. If the public had found out about the incident during this time period, it could have been catastrophic to government sector he was tasked with protecting (Utin 5). If security professionals were allowed to do there jobs without repercussion from business, problems could be solved much more efficiently. The practice of chain of command however is not likely to dissipate any time in the foreseeable future. Businesses also have a problem with keeping employees invested in the success of the company. If a security breach takes place, how will it affect them? It will only harm the company. How then can individuals, the most important part of any security system, be expected to protect the company? One way is through the use of incentives. Pay people more to, in the long run, save the company money. By connecting a persons livelihood to a job, these incentives directly correlate with the loyalty one feels to a company and its success. A companies profit motive also directly affects their security decisions. The most numerous security breaches are going to cost very little in damages to the company, therefore they just are not going to pay for a fix that may cost more money. This practice is not damaging
  • 4. Kasha 4 to a company in the short run yet small security breaches in the past can grow into big problems for the future. A correlation has also been shown between information security breaches and a companies market value. “While some studies have shown a statistically significant negative correlation between information security breaches and the stock market returns of firms, other studies have found no significant relation. In a similar vein, the empirical results of studies examining the relation between specific types of information security breaches (e.g., breaches of confidentiality) and the stock market returns of firms have also been mixed” (Gordon 2). This conflicting data has caused many businesses to not take this threat as a serious attack on their profits. They have in many cases just learned to deal with it and do not even try to prevent it. This backing off by business has in itself fueled the growth of cyber crime since it is, for the first time since the Internet’s inception, once again proving to be very profitable. This profitability of cyber crime is supplying a constant stream of new recruits to the underground world. Record levels of cyber crime, both large and small, is being committed. This increase in attacks has proved strenuous on the security community. For example, companies such as Sony, Pay pal, Visa, and Bank of America have been targeted for political, moral, and financial reasons. The threat of political and moral hackers, known as “Hacktavists”, has proved difficult for security professionals. This transformation from profit motivation to political motivation has in many cases strengthened the hacking movement. Hackers are no longer fighting uneven battles against super wealthy corporations. Hacktavists are gaining significant monetary support from supporters of their various causes. This has allowed them to grow in strength. The media attention that hackers have been receiving, though negative, is actually
  • 5. Kasha 5 supporting the movement. Hacking groups such as the now infamous LulzSec or segments of the collective called Anonymous have been ingrained in television media due to their humorous, though illegal, exploits. The younger viewers of such TV see them as hero’s of a sort for taking on the all powerful corporate world. This media attention is unknowingly fueling there exploits. In conclusion, The security industry has a long way to go. The list of problems encountered seems to never end and is constantly growing. These problems, both internal and external, are just a few in a violent information war going on around the world everyday. Due to the nature of what information security experts must protect, this industry in quickly going to become one of the most important in the world.