StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Computer Security and the Systems Vulnerabilities - Essay Example

Cite this document
Summary
This essay "Computer Security and the System’s Vulnerabilities" provides an example of how security lapses can occur and expose the system’s vulnerabilities. The essay looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.1% of users find it useful
Computer Security and the Systems Vulnerabilities
Read Text Preview

Extract of sample "Computer Security and the Systems Vulnerabilities"

?Assessment Computer Security Program Matriculation number Word Count: 1526 words Contents 3 Introduction 4 IdentifyingThreats and Vulnerabilities 4 Examination of the Security Principles Broken 4 Recommendations 5 References 7 Abstract Computer security refers to the minimization of vulnerabilities to assets and resources. There is no such thing has 100% security, although one can get close to it. The case study provides an example of how security lapses can occur and expose the system’s vulnerabilities. This paper looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken. It also provides recommendations for them. Threats to the system include the absence of multilayered protection. The ease with which the junior officer accessed the DRS is suggestive of implies threats too. The backup copies were not functional and the ease of access meant that the information is at a greater risk. There were also a number of security principles that were broken. These include the need for professionals to have knowledge about their profession, lack of responsibility by the duty manager etc. The recommendations encompass the development of multifactor authentication, a risk management system, introducing firewalls etc. Introduction One of the oldest definitions for security is that it is the process whereby steps are taken to minimize vulnerabilities of assets and resources. Security encompasses the elements of keeping information confidential and of upholding the integrity and availability of resources; these three elements are often used to describe computer security goals (Stallings 2009). It is often associated with the three As: authentication, authorization and accountability. Security does not entail the elimination of every threat or vulnerability to the system; rather security implies that there is no such thing has 100% security, although one can get close to it. Computer security gives rise to the notion of protecting systems from a technological point of view, as well as making systems more secure on the basis of human factor (Trcek 2006). When securing data, the link between security and accessibility comes into limelight. The more accessible data is made, the lower will its security be, making it more vulnerable to threats. On the other hand, security will be high if the data is secured tightly, causing obstacles in accessibility (Cross & Shinder 2008). Computer security is also regarded as a compromise; it is seen that the greater the security, the difficult it is for users to work with the system (Salomon 2006). The case study provides an example of how security lapses can occur and expose the system’s vulnerabilities. This paper looks into the threats and vulnerabilities that the event exposed and examines the security principles that were broken. It also provides recommendations for buttressing the security of the computer systems based on the identified threats and vulnerabilities. Identifying Threats and Vulnerabilities Threat to a computing device is referred to as any potential happening, either unintentional or malicious, that may cause undesirable effects on the asset (Newman 2009). One of the main security issues that the event brought into limelight was the ease with which a junior employee was able to change the keys for the encryption on the database. There was no layered security protocol and a simple password provided the user access to valuable information. Moreover when the junior officer had logged into the system using the password of the duty manager, a message came up asking the officer to change the crypto keys on the DRS. Giving away the password to a junior officer and allowing him access to company files and other information which constitute a large value of the company gives rise to threats to the security of the computer. The junior officer did not know much about the application that launched to change the keys. The application could have been a malicious software too and could have corrupted the entire system if the junior officer simply ‘pressed a few buttons’, causing the application to disappear. The junior officer did not know about the right tape to be used for backing up the information. He used the wrong tape, causing important information from the past two weeks to be rewritten and hence lost. This also entails that anyone who has the password could use the backup tapes to wipe out the information stored. There were not sufficient backup copies of the information, and there was also doubt regarding their reliability since it was the last backup tape that finally worked and reset the system. Examination of the Security Principles Broken One of the blunders that occurred was the changing of the keys before the database was backed up. This resulted in the backup to be accessible by the old key only. When need arose to reset the system by using a backup, the procedure failed to come through because the backup was protected by the old key. The event also showed that the there was little know-how regarding restoring the backing tapes. The backing tapes had to be restored three times before they finally worked and the process was a learning experience for everyone. The staff was not adequately trained enough to deal with such situations and to reset systems from backup copies. This shows that sufficient and comprehensive integration of the security program with system operations was not present. This principle states that the people who are in charge of the security program should be able to comprehend it, its mission, its technology and the environment in which it functions (Swanson & Guttman 1996). The event also highlights that there are little or no steps taken for risk management by Attica. Risk management is important in preventing the occurrence of adverse events and reducing the risk to a minimal level. Another security principle that was not followed was that the duty manager did not inform the junior official about the application that caused the keys to be changed. The lack of knowledge of the junior officer regarding the tape set to be used is also representative of poor conformation to security principles. The backup tapes were not functional since it took three tries to reset the system. In the end, it was the final backup tape that worked and caused the system to be reset. This shows a breach of the security principle that computer security should be periodically reevaluated (Swanson & Guttman 1996). The designation of the junior officer to perform such important work as backing up the system was an expression of lack of responsibility by the duty manager. The duty manager was given higher status and entrusted with greater responsibility than the junior officer. One of the security principles is that the responsibility of the employees should be made explicit (Swanson & Guttman 1996). The event shows a breach of this principle with the attitude of the duty manager representing lack of responsibility. Moreover, a password to important and valuable information of the company needs to remain the knowledge of a selected group of authorized personnel. Giving away the password to a junior officer takes away the meaning and purpose of setting a password in the first place. Recommendations I propose the following recommendations to improve the security of the computer systems and to minimize the threats and vulnerabilities. One of the foremost recommendations is to install a multilayered security system. This would prevent any unauthorized person from gaining access to valuable information regarding the company if he or she has acquired a password. Multilayered security involves installing multifactor authentication. There are many proposals in the market that provide two or three factor authentication. Multifactor authentication requires that three aspects are addressed, i.e. something that you know (like a password), something that you possess (such as a USB flash) and something that you are (includes biometric qualities); passwords also need to be different as well as using the same password everywhere would be a potential mistake (Dekart 2011). This would not only ensure that there is a high degree of protection available for the information you have stored in the DRS but also requires that only certain authorized individuals can access the database. Multifactor authentication is believed to take security to a whole new level. Attica already uses encryption to store important information. However, keeping in mind the ideal security protocol, there is a need to regularly update the security measures. A lot of factors can have an influence on computer security such as technological advancements, linkages to external environments, modifications in the worth or utility of information and the occurrence of a new threat. This follows that the security system should be upgraded on a regular basis. The organization should take steps for the development of a risk management system. No organization is risk proof; however the adoption of certain protocol and development of risk management systems can help the organization to decrease the probability of occurrence of an adverse event. Risk assessment compromises determining the scope and procedure needed to carry out the assessment, assimilating and interpreting data and interpreting the results of the risk assessment. Interpretation of data requires asset valuation, consequence assessment, likelihood assessment, and safeguard and vulnerability assessment (Swanson & Guttman 1996). Risk mitigation is the process whereby steps are taken to reduce risk and to manage it effectively. Selection of protection methods, acceptance of residual risk and implementation of controls and monitoring effectiveness form the various stages of the risk mitigation process. Furthermore there is a need to explicitly differentiate the roles of the employees and to stress upon the importance of maintaining secrecy of protected information and carrying out their duty responsibly. The employees should be given adequate training of the events that are not very likely to occur and they should have in-depth academic knowledge of their tasks. In this case, Attica needs to spend time developing functional copies of the information. Computer security personnel and other professionals should be aware of the consequences of security breaches, which may result in huge financial losses for the organization. Introducing firewalls can also prove to be effective in regulating the information that users can access from other computers. Thus, following the guidelines for protecting computers such as installing security software, using software patches, using software from reliable sources and avoiding opening emails and websites that are not safe can prove to be effective in building baseline security (Parsons & Oja 2008). References Cross & Shinder 2008, Scene of the Cybercrime, 2nd edn, Syngress, Burlington, MA. Dekart 2011, Main principles of computer security – learn how to protect your PC, Dekart, retrieved 16 February 2011, Newman, RC 2009, Computer Security: Protecting Digital Resources, Jones & Bartlett Learning,Sudbury, MA. Parsons, JJ & Oja, D 2008, Computer Concepts Illustrated Introductory, Cengage Learning, Boston, MA. Salomon, D 2006, Foundations of computer security, Springer, Berlin. Stallings, W 2009, Operating Systems: Internals And Design Principles, 6/E, Pearson Education India, Delhi. Swanson, M & Guttman, B 1996, Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST, retrieved 16 February 2011, Trcek, D 2006, Managing information systems security and privacy, Springer, Berlin. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Computer security Essay Example | Topics and Well Written Essays - 1500 words”, n.d.)
Retrieved de https://studentshare.org/environmental-studies/1407349-computer-security
(Computer Security Essay Example | Topics and Well Written Essays - 1500 Words)
https://studentshare.org/environmental-studies/1407349-computer-security.
“Computer Security Essay Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/environmental-studies/1407349-computer-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Computer Security and the Systems Vulnerabilities

Network Vulnerabilities:

This research will summarize 10 common network vulnerabilities into a table.... Most of people make use of them to copy their sensitive information from one system to another and use it NETWORK vulnerabilities Network vulnerabilities Affiliation Introduction This paper presents an overview of some of the common network vulnerabilities.... This research will summarize 10 common network vulnerabilities into a table....
2 Pages (500 words) Essay

Information Systems Security

The information systems are exposed to widespread risks, threats, and vulnerabilities that can adversely impact the IT work processes.... The report provides an overview of risks and vulnerabilities of the information system (IS) in the pharmacy.... Potential physical vulnerabilities and threatsThe information systems comprise of computer hardware, peripherals and networking systems.... The paper "Information systems Security" concerns such security systems as PIN numbers, key card accesses, and passwords that could be easily stolen and hacked....
8 Pages (2000 words) Essay

Voice over Internet Protocol: Security, Vulnerabilities and Recommendations

Important VoIP communications should be encrypted Besides software, social control measures have also been discussed, which are just as important as deploying software controls due to human vulnerabilities.... All potential vulnerabilities must be identified.... nbsp; Software controls try to prevent the exploitation of vulnerabilities but not all attacks can be contained by technical measures.... Many vulnerabilities are due to “poorly designed implementations that can provide inroads to data networks....
8 Pages (2000 words) Research Paper

Identifying Threats and Vulnerabilities to Computer

When securing data, the link between security and accessibility comes into limelight.... The study "computer security" concerns an example of how security lapses can occur and expose the system's vulnerabilities.... Security encompasses the elements of keeping information confidential and of upholding the integrity and availability of resources; these three elements are often used to describe computer security goals (Stallings 2009).... computer security gives rise to the notion of protecting systems from a technological point of view, as well as making systems more secure on the basis of the human factors (Trček 2006)....
6 Pages (1500 words) Report

Amazons Elastic Compute Cloud Service

hellip; High security and privacy are necessary to earn customers' trust for the online products offered, especially with increased incidences of cybercrimes and related consequences.... To achieve this, the paper will describe the EC2 service and issues related to innovations and design such as software vulnerabilities, privacy risks, and security threats.... This paper outlines systems, designs, innovations, the reason for choosing Amazon EC2 Services, the evaluation of innovation, and design issues of Amazon EC2 Service....
8 Pages (2000 words) Case Study

The Strategies Applied in Computer Security

Some of the main objectives for the application of computer security in any Information Technology based environment include safeguarding information and the available properties free from theft cases, natural disasters corruption.... The strategies or methodologies applied in computer security usually differ from the rest of computer technologies since it involves the prevention of unethical computer behavior, rather than just enabling the required computer behaviors (Layton 119)....
8 Pages (2000 words) Assignment

Security of Information in Commercial or Business Organisations

efinitionsAccording to Onwubiko and Lenaghan (2007), computer security refers to the protection accorded to computer systems to achieve the basic goals of upholding integrity, confidentiality, availability, non-repudiation, and authenticity of information network resources, including software, hardware, firmware, data or information, and telecommunications.... dditionally, computer security is indispensable in handling threats to computer systems.... nwubiko and Lenaghan (2007) contend that computer security is also necessary in maintaining the authenticity of computer networks....
15 Pages (3750 words) Literature review

Current Trends in Information Security

The paper "Current Trends in Information Security" examines the significant current threats to information security and the most important controls that WebCenter should be considered as a priority to mitigate the risks of these threats being realized.... hellip; The primary objectives of information security are; integrity, confidentiality, and availability.... Current threats to information security ... he two major threats to information security include; phishing and hackingPhishingPhishing, also known as “carding” or “brand spoofing,” refers to a form of social engineering where an attacker, known as a phisher, deceptively retrieves data of a legitimate user's confidential information by copying electronic communications from an organization in an automated manner (Shi and Saleem 2012)....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us