Cyber Security and Information Security - Assignment Example

?Textbook: Management of Information Security by Whitman and Mattord Chapter 2 P. 70 Using a web search engine, find an article from a reputable source published within the past six months that reports on the relative risk that comes from inside the organization as opposed to risk that comes from external sources. If the article notes that this relative risk is changing and to what does the article attribute the change? Phneah (2013) reports on how organizational risk coming from inside sources is currently evolving and insiders that pose a risk are working in different and more complex ways. For example, Phneah (2013) suggests that previously, risks from inside the company were previously more about financial shifts, but now corporate espionage is becoming a bigger risk. This may be because the benefits that come from understanding the organizational structure and what the company is working on may be extremely beneficial to some individuals, and there are those that are willing to pay more to understand how the company works. The article does note that the relative risk is changing, because Phneah (2013) suggests that insider risk may actually become more important from the dangers from outside the organization. Another interesting thing to consider is that there may be a risk from collaboration between insiders and outsiders, which could pose a significant risk to information security. The risk is noted to be changing because organized crime groups understand that they can cause a lot of damage (for financial game or types of terrorism) by using insiders to promote the attacks. The change may also be due to the fact that many corporations are aware of the risk from outside the company, and thus information security has been tightened up in the last decade making it very difficult for outsiders to attack without relevant passwords or passkeys. The collaboration therefore combines someone who already has access with someone who wants to commit serious attacks. Phneah, E. (2013, August). Insider threats evolving, still main risk | ZDNet. ZDNet. Retrieved August 30, 2013, from http://www.zdnet.com/insider-threats-evolving-still-main-risk-7000003491/ 2. Search your institution’s published documents, including its Web pages. Locate its mission statement, vision statement, and strategic goals. Identify any references to information security. Also look for any planning documents related to information security. From the website, UMUC has the mission statement to provide good-quality, affordable and accessible education as part of the state of Maryland. The vision statement suggests that it aims to be a part of the greater movement to allow more people to get a college degree regardless of their circumstances, although this is not stated explicitly on the website. The strategic goals of the institution are to achieve the mission and vision by providing a lot of online courses and having campuses in many locations. This increases accessibility. Additionally, there are several references to financial aid which can be given as a way of helping more people attend UMUC. There are not that many references to information security, but the website does have a secure sign-in area for students and faculty designed to keep important information secure and personal to the individual. Chapter 3 P.114 4. Using the format provided in the text, design an incident response plan for your home computer. Include actions to be taken if each of the following events occur: Virus attack Power failure Fire Burst water pipe ISP failure What other scenarios do you think are important to plan for? Type of Event Virus Attack Potential Damage Files could be corrupted, private and personal information could be taken and used in malicious and criminal ways Precautions Install anti-virus software and keep it updated regularly to prevent against potential attacks Actions to Take Immediately use anti-virus software to identify the type of virus and the damage it could do. Use the software to remove the virus if possible, if not try to remove all personal information from the computer and save necessary files. Reinstall operating system as a last resort. Type of Event Power Failure Potential Damage Damage to the PC itself through electricity surges, may be unable to access information until power is restored Precautions Ensure laptop battery is charged and protect it from power surges Actions to Take Immediately remove PC from wall. If necessary, find a power outlet that works so that the laptop can continue to be used, e.g. coffee shop Type of Event Fire Potential Damage PC destroyed Precautions Keep fire alarms in working order, potentially installing fire doors and other safety precautions Actions to Take The most important thing here is personal safety. Remove yourself from the building and worry about PC damage later. If necessary the laptop can be taken with you when leaving the building to protect it from fire damage, but only if this does not harm the individual Type of Event Burst Water Pipe Potential Damage PC damage or destruction Precautions Keep PC away from water pipes and do not leave on the floor in case of flooding Actions to Take Take laptop away from the water pipe as soon as possible. Do not turn the PC on if it is wet, as this could cause a fire or more damage. The PC can then potentially be dried out at a later stage to remove the information needed, or it may still work. Type of Event ISP failure Potential Damage Unable to access internet Precautions Choose a reliable ISP, know locations where free wi-fi is available Actions to Take If ISP is down, find another area where wi-fi is available if the internet is needed. Use cell phone internet if necessary. It may also be important to plan for theft of my home computer in the event of a burglary. Additionally, there could be accidental damage to the PC which may make it difficult to retrieve information from it, such as screen breakage or power cable issues. 5. Look for information on incident response on your institution’s Web site. Does your institution have a published plan? Identify the areas in an academic institution’s contingency planning that might differ from those of a for-profit institution. UMUC has a very detailed emergency response plan, which is available to download from the homepage. It was quite difficult to find (I went through Google) but there are a number of links on this page that give a lot of information. It may be worthwhile bookmarking this for future reference. An academic institution may be more worried about the loss of research and the safety of staff than the for-profit institution. It will be important to protect books in the case of a fire or water damage, whereas for-profit institutions will be more likely to worry about protecting accounting documents and goods (if relevant). Read More