Cyber Threat Analysis - Term Paper Example

? Cyber Threat Analysis The increasingly growing technology has been stamped with similar rise in technological crimes. The rise of computers and internet that led to development of global world witnessed similar rise in cyber crimes that also conducted through internet and by the use of computers. Cyber crimes have had very serious implications on the economic and data security of various organizations and world in general. In attempts to reduce cyber mayhem, the following paper will discuss the concepts of cyber threat analysis and technologies involved in accomplishing the task. The paper will also mention companies that provide cyber threat analysis services. In addition, the paper will continue to by discussing future speculations about the fate and integration of cyber threat analysis. Cyber Threat Analysis Introduction Computer and internet users have been met with dire and consequences that have sought to deny them their freedom and sense of enjoyment when using various software and computer hardware that link to the internet. The World Wide Web has become a risk ground where individuals can be attacked by malicious programs that may work to ruin important information stored and retained in individual computer system. The issues of cyber threats have been very serious and grievous as the risks involved have exposed secrete information of particular organizations to unauthenticated individuals. Attackers of information systems of particular organizations have used the vantage to fell particular organizations or scuttle their normal operations. Government agencies have also faced the forsaken effects of cyber threats as witnessed with exposure of critical government information to unwarranted individuals. The graveness of cyber threats in the contemporary global world necessitated technologists and scientists to research ways of by which information systems can be secured from the detrimental attackers. Cyber threat analysis is thus one of the techniques investigated to assist in detection, prevention, studying and destruction of internet threats. As postulated by Janczewski and Colarik (2005), cyber threat analysis basically involves examination, determination and identification of the possible loopholes in the information system of an organization that can expose the particular organization to threats of information distortion. Cyber threat analysis involves numerous steps projected to ensuring attaining of the best ways of protecting organization’s information system. Cyber threat analysis begins with determination of an organizations total expenditure on particular assets whose information is stored in the computer systems. The analysis also takes into consideration the organizational values including tangible and intangible costs required in obtaining, creating and maintaining the needed security in the information system. Cyber threat analysis will also consider individual organization’s image and reputation in the public domain. In addition, cyber threat analysts also scrutinize the historical information threats witnessed in the organization and their likelihood to occur in the future. Furthermore, the analysis of the cyber threats takes into consideration any probable threats and dangers that are likely to attack the information domain system of an organization. After determining the most probable threats, cyber threat analysts are required to move further and identify the possible ways and avenues by an organizations’ information system may get attacked. As depicted by Janczewski and Colarik (2005), cyber threat analysts also need to speculate possible qualitative and quantitative amount(s) of damages that an attack may cause to an organization. Janczewski and Colarik (2005) further propose that cyber threat analysts should define possible strategies that may help in minimizing information damages in case a serious and highly protracted attack. The Technologies Involved With Cyber Threat Analysis The effectiveness of cyber threat analysis requires technical and highly thought technologies to help achieve the real protection of information systems. The most recent and highly voted technology in the cyber threat analysis is the Hidden Markov Model (HMM). As outline by Kim et al, HMM technology has the capability of detecting cyber threats identifying hidden state of information and the observable state. In the process of risk identification by HMM, the hidden state of threat is analyzed by the observable state. HMM then does correlation probabilities between the hidden states and the observation states of the threat Scientists have been reported to develop a technology of facial recognition intended to replace the use of passwords and pins in computer systems. The facial recognition technology is capable of tracking number of information exchanges and the actual computers involved in those particular exchanges. This technology makes it particularly easy to spot a malicious web user and even track the individual in case of any damage in ones information system. Cyber threat analysts have also introduced the concept of channel consolidation (Knapp, 2009). Channel consolidation ensures concentration of emails, search engines, messages, data and voice calls to offer easier method by which threats can be detected and malicious offenders prosecuted. Information safety and protection have also involved the use of firewalls that have ensured filtering of information thus blocking packets that are considered malicious. Firewall works effectively as it is able to encode and decode data only through the sending address, recipient address, sending port and destination port. Firewalls ensure that information in transit is not accessed by any address that is not specified in the connection (Barnes, 2002). Encryption has also been in great use by most of the cyber threat analysts in ensuring safety of information in transit. Encryption works by transforming another format unique to unspecified receiver. Once the data arrives at the intended recipient, then it gets translated into a readable format. Encryption has been very effective in ensuring information security especially where participants keep the codes secrete to themselves (Barnes, 2002). Tunnelling has also provided another reliable technique of ensuring protection and safety of information systems. Tunnelling involves the use of firewalls by both end parties engaged in exchange of data. Data under transmission is usually broken into packets sent to recipient where the information gets decrypted and translated into original form. Companies Offering Cyber Threat Analysis Services One of the known companies offering cyber threat analysis services is the Accenture. The company works to ensure data security for government agencies, private companies and all citizens in general. Another company offering cyber threat analysis services is the ESET, which is located in San Diego, California. ESET offers a range of protective mechanisms including ESET Smart Security and ESET Cyber security for Mac. ESET Smart Security provides antivirus, antispam and antispyware that ensure safety and efficient scanning of client’s information system. Future Forecasts in Cyber Threat Analysis The future focus of cyber threat analysis leads to the introduction and development of cloud computing technology. Efforts by scientists are underway to integrate cloud computing into an opportunity for ensuring secure cyber system. In attaining this, scientist focus of incorporating the use of quantum mechanism that can allow reception of encrypted data by computer systems, which are the processed and results conveyed without actual decryption. There are also substantive efforts by technologists to create converge and create a common world network through world wide data and voice calls are exchanged. This strategy is to ensure a common network that will make it easy to track and prosecute malicious cyber users. Regulation of Cyber threat analysis There are various legal regulations governing the scope of cyber threat analysis at both the corporate and the US Federal level. The Federal Information Security Act (Cap2002) directs agencies to formulate appropriate mechanisms for protecting their individual information systems. In addition, the Federal Information Security Act (FISMA) obliges NIST to structure adaptable security standards for protecting federal computers and information systems from attacks (Moteff, 2004). FISMA laws also direct for periodical security assessments of the information systems of various agencies to determine the effectiveness of their plans and make adjustments where necessary. To ensure thorough Federal participation in the implementation process of cyber security, FISMA offers the Director of Office of Management Budget the responsibilities of monitoring various agencies to ensure compliance to the policies, principles and guidelines of cyber security (Moteff, 2004). Global implication of cyber threat Analysis Cyber attacks have had negative impacts on the global operations ranging from security of various countries and economies. According to Cashell et al (2004) cyber attacks have resulted to closure of businesses due to blockage of websites of particular organizations. Cyber threats and attacks have also led to destabilization of stock prices in various countries. Cyber threats and attacks are also disastrous to global peace and stabilization as particular anonymous combatant may use internet to demean the sovereignty of certain nations. Such occurrences were ones witnessed in America and South Korea (Lewis, 2009). Internet has also been used by terrorists to conduct cyber attacks on nations like America where they harvest critical information about the government. It is from the information that terrorists hack in the internet that they use to plan actual terrorist activities. Conclusion The continued technological advancement has been coupled with longitudinal rise in cyber crimes. Cyber or internet has become the safe zones for technical thieves who are capable of hacking financial information of various organizations and individuals. Such practices and other malicious activities involve great threats to the global security and economic stabilities. Cyber threat analysis is probably the best remedy of reducing or bringing to halt such antisocial practices. Cyber threat analysis involves technical and sophisticated mechanism and ideologies of studying, detecting, analyzing and preventing cyber threats and attacks on information systems of particular organizations. Cyber threat analysis involves the use of technological software like firewalls and antivirus, tunnelling of information, encryption of information and latest mechanism such integration of HMM and cloud computing. References Accenture opens cyber security "threat analysis centre" in San Antonio. (2010). Business Wire, pp. n/a. Barnes, V., et al. (2002). Protecting Information Systems and Data of Companies. Retrieved March 29, 2012 from: http://www.unf.edu/~gfane/docs/sample_paper.pdf Cashell, B. Et al. (2004). The Economic Impact of Cyber-Attacks. Retrieved March 29, 2012 from: http://www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf Cordesman, A. H., Cordesman, J. G., & Center for Strategic and International Studies (Washington, D.C.). (2002). Cyber-threats, information warfare, and critical infrastructure protection: Defending the U.S. homeland. Westport, Conn: Praeger. ESET announces research expansion with cyber threat analysis centre. (2010). Business Wire, pp. n/a. Howard, R. (2010).Cyber Security Essentials. New York: CRC Press. International Conference on Global Security, Safety, and Sustainability, Magalha?es, S. T., Jahankhani, H., & Hessami, A. G. (2010). Global Security, Safety, and Sustainability: 6th International Conference, ICGS3 2010, Braga, Portugal, September 1-3, 2010, proceedings. Berlin: Springer-Verlag. Janczewski, L., & Colarik, A. M. (2005). Managerial guide for handling cyber-terrorism and information warfare. Hershey PA: Idea Group Pub. Knapp, K. J. (2009). Cyber-security and global information assurance: Threat analysis and response solutions. Hershey, Pa: Information Science Reference. United States. (2004). Technology assessment: Cybersecurity for critical infrastructure protection. Washington, D.C: U.S. General Accounting Office (441 G St. NW, Room LM, 20548. Verton, D. (2003). Black ice: The invisible threat of cyber-terrorism. New York [u.a.: McGraw-Hill/Osborne. Moteff, J. (2004). Computer Security: A Summary of Selected Federal Law, Executive Orders, and Presidential Directives. Retrieved march 29, 2012 from: http://www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf Kim, D. Et al. Cyber Threat Trend Analysis Model Using HMM. Retrieved March 29, 2012 from: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-symc_cyber_threat_analysis_program_WP_250478.en-us.pdf Read More