Types and Categories of Threats to IT Systems - Essay Example

Security of Information Systems is a great concern for many people across the globe who fear that crucial information may fall into wrong hands leading to serious damages to both individuals and organizations. Initially, system executives were mostly worried about forced entry into the computer rooms and destruction caused by natural phenomena like earthquakes, fire and flood. Nowadays, attention has been shifted to hackers who intentionally access information they are not supposed to. Another problem for the MIS executives is the computer viruses. These viruses are not only able to destroy important files; they can also hamper the commands and programs of the systems completely destroying them. Types and Categories of Threats to IT Systems Threats come from many sources and are therefore many. The first type of threat is the Hardware theft. This is refers to theft of tangible computer parts. Servers and laptop are mostly targeted. The second threat is natural disasters like hurricanes, floods, fires and earthquakes. Another threat is manmade attacks. The systems may be at risk from individuals, militia groups and terrorists who are out to cause mayhem. The fourth type of threat is Malicious Software. Viruses replicate themselves from one system to another over a shared network leading to destruction of commands. Viruses are sometimes hidden in Trojan horses which becomes hard for the system execs to recognize them. Data theft by special programs is another threat. Crackers use special programs known as Spybots which they embed in free software. Spybots collect information that may be useful for the crackers. Rootkits is a program that allows crackers to access a system whenever they want to. These malicious softwares can be categorized as Malware, Spyware or Riskware. Mitigation of Threats Most unauthorized access is done through remote access software like GoToMyPc and Terminal Services. This makes it impossible to track or catch the users. In such a case, security should be tightened on system access. Passwords should include longer phrases, include a combination of both upper and lower cases and special characters like percentage sign on the keyboard. This makes it harder for unauthorized users to guess. User interface options like ‘Remember Password’ should be avoided at all costs. Storing of passwords should be done in an encrypted way to ensure their security. Once encryption has been done to passwords, Access Control Lists (ACL) is used to control unauthorized access. An insecure wireless network offers avenues for a system to be attacked easily. Wi-Fi networks and Bluetooth make it easy for a quick attack on a system. Wireless network can be secured using hotspots and passwords to reduce users. This can be done using Firewalls and VPN for connectivity. Legal Investigation and Forensic Investigation Methods Even though FBI and other organization involved in cyber crime are unwilling to disclose the type of methods they use to track down system attackers (they fear that the offenders may know their tactics), investigations involve locating the IP address used in the crime and the ISP address that hacker used. Internet Service Providers store all records and therefore locating the fraudulent act is not hard provided the ISP is known. However, ISPs differ in sizes, larger ones may information for as long as a month while the smaller ISPS dispose off their data very quickly in order to cut down costs. Therefore, an investigator ought to move fast. (Griffith, ‘How to investigate cyber crime’) Once the PCs of the suspect have been seized, forensic experts are called to work. Forensic experts come up with what is called a ‘true copy’ of the drives. This process helps to identify all deleted items that may not be present in the drives. There are also softwares used in the forensic exercise. For faster retrieval of information, the forensic experts narrow down to what they are looking for and not just the general information as this may take a whole lifetime to achieve. If the case involves money laundering, then the experts will concentrate on data involving money. (Griffith, ‘How to investigate cyber crime’) Legal Requirements for Reporting (what are Laws) Laws dealing with cyber crime are mainly divided into two: The National Stolen Property Act (from 1934) and The Economic Espionage (an act of 1996). The latter came as a result of the government’s inability to curb all cyber related crimes like trademark infringements. This act criminalized all forms of trade secret theft. The National Stolen Property Act is by no means related to cyber crime, but federal courts in the US have argued that it can be applied in these crimes. This act criminalizes any act of transmitting goods and services that have been taken fraudulently or stolen. Even though the clause clears talks about physical movement of stolen goods, the courts also claimed that electronic transmission also qualifies. Who is Responsible for Investigating Cyber Crimes? There are many agencies and organizations involved in investigation of cyber crimes. Federal Bureau of Investigation (FBI) which adopted the leading role in fighting this crime set up offices across the country to carry out thorough investigation on this practice. The Bureau also formed the National Infrastructure Protection Center which assesses all forms of computer threats. Apart from the FBI, there are other agencies involved: the Criminal Intelligence Agency (CIA), the Computer and Telecommunication Coordinator Program (CTC) which was formed in 1995 to control all forms of threats in the Justice Department. At least one CTC expert is linked to every attorney’s office. Security Measures for Databases Securing database systems can be achieved in two different ways: data loss recovery and inhibiting unauthorized access. Sometimes data loss may be inevitable like in the case of an earthquake. To be on the safe side, it is better for database management system to have facilities that back up both log files and the database transactions at regular intervals (Connolly and Begg 550). the backed up information should be stored in a secure location. Storage of information can be done using the RAID technology, which ensures that there is no data loss even when the disks are damaged (Silberschatz et al. 723). DBMS should be secure from unauthorized access. The most secure way is to use encryption in the system. This will hide information from crackers. Limits can also be place on the DBMS to allow only authorized to personnel to access them. Defining users to specific areas and assigning complex passwords can go a long way to control hackers. Specified personnel are only allowed to access specific databases and not all of them. (Coronel et al. 632) Security Measures for Networks An insecure network is prone to attacks by hackers. System executives should strive to adopt the following security measures to ensure that the network is secure from attacks. Activation of firewalls is the only way of preventing Trojans, Worms and Viruses from attacking the system. Terminal settings which gives the administrator ultimate power to alter the system and not any other person will ensure that the system is only vulnerable to one person, administrator. Security settings should be altered by the administrator. IP and port blocking software should be installed to prevent malicious software from penetrating through the antivirus. Personal emailing should be discouraged within the company’s premises. Wi-Fi network should be protected using a password. And lastly, physical security should be upheld to reduce PC and Laptop thefts. Insider Threat An insider threat is defined as a threat perpetrated by a person who has full or partial access to a system. Not only does the insider have authorized access to the system, he or she is also familiar with procedures and guidelines that govern a system. Most organizations are always concerned about external threats that they neglect internal attacks which are far much severe. Recent studies have shown that insider attacks account for a minor percentage of all attacks but they are more disastrous than the external threats. Organizations can be protected from this type of threat using the Internal Intrusion Detection Systems (IDS). This program checks all data movements and access. A good example of an insider attack occurred in 2008 at the San Francisco Department of Telecommunications and Information Services. The perpetrator was Terry Childs who was an engineer at the company. He changed all passwords, shutting the FiberWan for twelve days and costing the city $900,000 in damages. Infrastructural Attacks This can be defined as an attack on an organization’s computer system with the intention of destroying it completely. Flame, Red October, Shamoon and Stuxnet are few examples of cyber threats that attack an organization’s infrastructure and completely destroy it. They target nuclear, oil and gas companies with the intention of squandering money and information from them. The main reason why companies are under infrastructural attacks is because their systems were not built with security in mind. Operational Technology systems like Industrial Control Systems and SCADA were designed using the old traditional systems that lacked ways to control external attacks. Most infrastructural attacks come as a result of what is known ‘spear-phising attack’. This refers to the act of opening a malicious email containing a malware, allowing the attackers to access the network. Top Three Malware Attacks Currently Occurring According to Global Corporate IT Security Risks 2013 survey carried out by Kaspersky Lab and B”B International, Malware attacks increased in 2013 compared to 2012 (Kaspersky, ‘Malware, spam and phising: the threats most commonly encountered by companies’). Most companies named viruses, spyware and worms as the usual suspects. The figure stands at 66% in 2013 while in 2012, the figure was 58%. In South America, viruses ranked as the number one threat while spyware came second. In North America and Russia however, spam ranks as the number one threat. The worst hit countries by Malware attacks include: South American countries, Russia and North America. (Kaspersky, ‘Malware, spam and phising: the threats most commonly encountered by companies’) Security Certifications, What are they, discuss three and what it takes to get one, and which are best There has been a tremendous increase in the information security profession. This may be due to increase in system attacks that lead to billions of dollars each year. A profession in this field is supposed to control system access, carry out investigations of possible attacks, and back up information. Security Certification refers to training of individuals in the field of information security to enable them fight off Malware attacks. The best information security certification include: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Security Software Lifecycle Professional (CSSLP). CISSP offer the general standard of security certifications and is accepted by the National Security Agency and the Department of Defense. All Department of Defense employees must go through this module. Some of the requirements of this certification include: work experience of five years in the information security field, accepting CISSP code of ethics, no criminal history or background, pass CISSP exam with 700 points or more (there are 250 questions that should be answered in a duration of 6 hours) and an endorsement by a qualified CISSP professional that everything you claim is true. CISM is an internationally recognized certification. This certification was specifically designed for information security professionals who work is to oversee the day to day running of the system. Qualifications for this certificate include: passing the CISM examination, experience in the field information security, accepting the code of ethics and complying with the continued study program after attaining the certificate. CSSLP is the newest type of certification that ensures security is maintained throughout the software lifecycle. It has seven domains that ensure security is highly maintained. The requirements are like those of CISM; only difference is that you have to go through CSSLP exam and pass and also accept the code of ethics. References 1. Benjamin, Plackett. How to catch a cyber criminal. The Connectivist, n.d. web. June 26, 2013.a 2. Deflem, Mathieu, and J. Eagle Shutt. Law Enforcement and Computer Security Threats and Measures, 2006. 3. Connolly, T. M. & Begg, C. E. Database Systems: A Practical Approach to Design, Implementation and Management, Harlow, Essex, England, Pearson Education Limited, 2005. 4. Coronel, C., Morris, S., Rob, P. (2009). Database Systems: Design, Implementation and Management. Boston, MA, USA, Cengage Learning, 2009. 5. Defense Information Systems Agency. Database Security Requirements Guide Version 1, 2012. Web, 25 Feb. 2014. 6. Elmasri, R. & Navathe, S.B. Fundamentals of Database Systems, USA, Addison-Wesley, 2010. 7. ‘Malware, spam and phising: the threats most commonly encountered by companies.’ Kaspersky. n.p. web. 2014. 8. David, Griffith. How to investigate cyber crime, Nov 1, 2003. 9. Ulanoff, Lance. Computer Trouble Isn`t Always What You Think It Is, Nov. 2010. 10. Upasan G. Top 5 Certifications for 2012: Ethical Training, Security Incidents Push Demand, Dec 2, 2011. 11. Vernon, Mark. Top Five Threats, 2014. Read More