Fluent Essays

4.1 Assignment: Devotional 1. Review the material in the Getting Started section, including the specific Bible passages. 2. Be sure to address to the following prompts in your paper: a. How does keeping your soul diligently and training for godliness compare to training used in the workplace? b. How might you apply the principles presented in these verses to prepare a security awareness program? 3. Your paper should be at least 250 words in length. 4.2 Discussion: Textbook Reading Resources · Textbook: Principles of Computer Security: CompTIA Security and Beyond 1. Read Chapters 14–17 in your textbook. 2. Using the discussion link below, respond to the following questions: a. What was the most useful takeaway for you from this workshop’s reading? b. What concept from the reading is the most applicable to you now in your profession, and how might you implement it? 4.3 Discussion: Security Threats and Vulnerabilities Resources · Textbook: Principles of Computer Security: CompTIA Security and Beyond 1. Read Chapters 14–17 in your textbook. 2. Using the discussion link below, respond to the following prompts and questions: a. What types of threats can impact operations of the infrastructure? What steps can be taken to protect systems in the infrastructure (server or desktop systems and beyond)? b. How can threats from Internet-based activities, such as the use of e-mail and web browsing, be mitigated? What is the responsibility of the user community in mitigating such threats? 3. Your initial post should be at least 300 words and supported with at least three references. 4.4 Assignment: Mitigation Strategy (Phase 2 of Final Project) 1. Phase 2 of Final Project: Provide a comprehensive mitigation strategy based on the threat analysis done in Assignment 2.4. 2. As mentioned in Assignment 2.4, you may use a fictitious company, one that you researched on the Internet, or your own workplace (with an alias used for the company name). 3. Conduct Internet research for formats that are used for developing and categorizing a security mitigation strategy. a. Include a short executive summary for this assignment, which you will revise later for use in the final paper. b. The mitigation strategy should be approximately 4 to 5 pages in length, in APA format, and double-spaced for the narrative. c. You may use tables or other graphic representations; however, these additions to the paper should not be included in the page count. d. The paper should include references to any material used in preparing the paper. You should use online resources to develop your plans; just make sure to cite these sources. All written work should be your own. 3.3 Discussion: Protecting System Infrastructure Read and respond in at least 150 words to at least two of your classmates’ postings Peer Review 1: The security of information system infrastructure comprises of CIA triad. When protection and security of data and information is discussed CIA triad is considered as it includes a model of three main components: confidentiality, integrity and availability. Each of these components represents a fundamental objective of information security.  The component of confidentiality is associated with secrecy and the use of encryption making the data only available for the authorized parties. The component of integrity deals with certainty that there has been no tampering or degradation of data done and that the data has not been subjected to any unauthorized modification. The component of availability deals with the availability of information to authorized users in times of need. (The Three-Pillar Approach to Cyber Security: Data and Information Protection, n.d.) Enabling a firewall, installation of antivirus and anti spyware software, password protections, cryptographic and using VPN are a few hardware components that can be installed. Authentication methods help in protecting unauthorized access to sensitive information. From a long time cybercriminals have increasing day by day and they have been gaining access to systems and steal information and without a secure authentication the organization is at a risk. Access control has guaranteed users who have authorized permission to have appropriate access to company’s data. An organization can adopt four models of access control discretionary access control, mandatory access control, role based access control and attribute based access control. Intrusion detection system helps organization monitor network traffic for malicious activities and altering on detection. Network intrusion detection system examines traffic from all devices on the network. An example of NIDS is installing the system on subnet where firewalls are located in order. Whereas, Host intrusion detection system run on independent hosts or devices on the network. An example of HIDS can be used on mission critical machine. (GeeksforGeeks, 2020) Peer Review 2: · Protection of information system and infrastructure from threats like hacking, destruction or unauthorized access and use has become a crucial practice taken up by organizations from various industries to protect their sensitive data, information, communication and messages. Information security helps the company in protecting its data from attacks such as malware or phishing. The CIA triad is a mainframe used for information security which consists of confidentiality, integrity and availability as the principles of security. Confidentiality refers to concealing the information only to authorized users. Integrity aims to keep the information unaltered and in its true form. Availability refers to providing access to information when it is needed by the authorized users accessing the data. (5 Components of Information Security, 2019) With digital security measures implemented for security of information infrastructure it is also essential that the information hardware is also protected from security threats by implementing firewalls or proxy serves to provide hardware security. · Authentication can be referred to as a process of providing a user permission to access a system or information after recognizing their user identity. When authorized credentials are provided which match the database, the user is provided the access. This process of authentication helps a company in protecting their system or sensitive data from being accessed in an unauthorized manner by a hacker or cyber criminal. It not only helps the data from unauthorized access but also helps in preventing theft or unwanted manipulation of information. The access control system includes three types/levels Discretionary access control (DAC), Non-discretionary access control (NDAC) and Role based access control (RBAC) · An intrusion detection system can be referred to as a software that protects the network or system by monitoring and identifying suspicious or malicious activities in the network traffic and enables in discovery in case of an attack. (What Is an Intrusion Detection System, 2021) Threat Analysis (Phase 1 of Final Project) Executive Summary Information security research aims to tackle technical issues with information systems and, more significantly, to increase the effectiveness of information security. There have been numerous trials to address individuals who utilize the organization's computer systems because they are the ones who cause the information system's various vulnerabilities. The threats that end-users bring to the security of American International Group's plans are examined and addressed in this study. Human factors have been discovered to be the most significant threat to security, despite the introduction of technology solutions to address system weaknesses. Introduction Information security can be defined as safeguarding an organization's information and data in terms of confidentiality, integrity, and access. It's worth noting that, no matter how many technical safeguards are in place, organizations will continue to have security breaches. This is because information security is both a technological and a human issue. Employees have been the primary source of these insecurities since they fail to follow the information security policies in place. Individual hackers aiming to create a name for themselves by employing visible and visible exploits that are impossible to miss have given way to the structured and financially motivated attacker who employs stealthy ways to avoid discovery while slowly taking data from organizations for profit. Information warfare, cyber terrorism, organized crime, and sophisticated insider attacks are just a few of the risks that are becoming more prevalent (Johnson, & Easttom, 2020). Information technology threats include natural calamities, infrastructure failures, internal abuse, accidents, external targeted attacks, and external mass attacks. Although it is normal for a security professional to assume that threats would come from malicious attackers, organizations must also consider the possibility of human mistake or accidents leading to security breaches. As dangerous as a well-organized hacking gang can be, most security teams spend significantly more time dealing with manual errors that occur in routine operations or other staff mishaps that can inflict just as much damage to the company by accident (Conklin et al., 2018). In general, each danger type will have a different chance of occuring. Many businesses, for example, are grappling with more regular and well-publicized mass attacks such as generic infections and phishing scams. For many years, information security specialists and those from other media outlets have tried to understand the trends in data breaches. The trends in data breaches have been tracked and displayed, according to Statista (Morana & UcedaVelez, 2021). The records indicate the branches since 2005, with an upward trend in branches (Benson, McAlaney & Frumkin, 2019). For example, 157 data breaches were reported in 2005, exposing 66.9 million people. Seven hundred eighty-three breaches were reported in 2014, resulting in the exposure of 85.61 million records. As the years pass, the number of breaches appears to be increasing. As of 2020, the number of breaches has been 1001 million, with 15.8 million people exposed. Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 2020 (in millions: Source: https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/ It is clear from above figure that trend is not continuing to rise. However, the number of breaches documented in 2009 was 498, a decrease from the total records of 656 in 2008. Following that, the number of breaches increased dramatically, from 35.7 million in 2008 to 225.5 million in 2009. Such numbers indicate that, despite a few breaches, individual breaches have been on the rise, resulting in a higher number of file exposures per single breach documented. However, the number declined in 2017 rose again from 2018 to 2019. The numbers recorded since 2019 to 202o reduced significantly from 1257 million breaches to 1001 in 2020. Notably, between 2010 and 2011, there was a significant decrease in the number of data breaches. Six hundred and sixty-two data breaches were recorded in 2010, and four hundred and nineteen in 2011. The frequency of breaches reported has been steadily increasing since 2011. Six hundred and fourteen violations were reported in 2013, and seven hundred and eighty-three in 2014. In 2016, there were 1,093 breaches, and in 2017, there were 1,579. Information System Vulnerabilities Human factors are significant information system vulnerabilities, which include both purposeful and inadvertent acts that might lead to a security breach. Clicking on links from unknown senders, for example, provides a security risk to systems because such links typically contain malware and spyware that will take control of the system once accessed (Johnson & Easttom, 2020). It is important to remember that these unverified links compromise security since phishing attackers use social engineers to persuade individuals to disclose their information and that of others. The security risk of information systems is further increased by the lack of strong passwords, or rather the usage of incorrect passwords that are too obvious. It may be deduced that actions that could jeopardize passwords include using passwords that are easily guessed by attackers, which poses a significant threat to information system security (Johnson & Easttom, 2020). To ensure that passwords are effective, best practices include choosing unique and long passwords that are difficult for attackers and cybercriminals to guess. Another information system flaw is leaving computers turned on and unattended. Unauthorized personnel may take advantage of this and move sensitive data to their storage devices for their own nefarious purposes (Johnson & Easttom, 2020). To avoid this, people should make sure that their computers are constantly turned off when not in use to prevent unwanted access. There should also be systems is designed to guarantee that any attempted logins that exceed three are locked until the security administrator determines whether unauthorized persons attempted to access data. Conclusion To summarize, critical information system vulnerabilities can be described as human factors, which include both purposeful and unintentional acts that lead to a security compromise. The security risk of information systems is further increased by the lack of strong passwords, or rather the usage of incorrect passwords that are too obvious. It may be deduced that actions that could compromise passwords include using passwords that are easily guessed by attackers, which poses a significant threat to information system security. Another weakness in the information system is leaving computers on and unattended. Unauthorized individuals may take advantage of this chance to move sensitive data to their storage devices for their nefarious purposes. References Benson, V., McAlaney, J., & Frumkin, L. A. (2019). Emerging threats for the human element and countermeasures in the current cyber security landscape. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications (pp. 1264-1269). IGI Global. Conklin, W. A., White, G., Cothren, C., Davis, R. L., & Williams, D. (2018). Principles of computer security: CompTIA Security+ and beyond (5th ed.). McGraw Hill Professional. Johnson, R., & Easttom, C. (2020). Security policies and implementation issues. Jones & Bartlett Learning. Morana, M. M., & UcedaVelez, T. (2015). Risk centric threat modeling: Process for attack simulation and threat analysis. John Wiley & Sons.