Cyber Security In Business Essay

1513 words - 7 pages

Cyber Security in Business Organizations
Robin P. McCollin
CIS 500 Information Systems – Decision Making
Constance Blanson
Fall 2014

The terms information security, computer security, and cyber security are all terms that are sometimes used interchangeably. To better understand the similarities and differences between the terms, one must first understand what exactly is being secured. For example, Information security is generally regarded as the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Computer security consists of measures ...view middle of the document...

Complexity is the enemy of security (Johansson, 2009).
Additionally, another area of complexity is the disconnect between security and the business. In his article The Challenge of Information Security Management, Part 1, Johansson provides an example.
We walk into a meeting with the business executives. The executives say "we need you to help secure our product." The security guys say "OK, tell me about the product." The business folks say "It's a widget"; at which point the security guys immediately start telling them how to secure widgets. What is missing here? Sure, the security guys tried to learn what the product was. But what is the business objective? What is the business trying to achieve with this widget? How valuable is it to the business? How strategic is it? How important is it? How much risk is the business willing to accept to get it done? Do the business folks even want to build it? The security group so rarely knows the business. […] It is not our job as InfoSec professionals to tell the rest of the organization how to run a business. It is merely our job to inform the business as to the correct set of lights to turn on, and which ones must stay off, in accordance with the business' tolerance for risk and its needs. We support and advise the business on how to achieve its objectives with an acceptable level of risk—but the objectives are still owned by the business, not by the InfoSec group (Johansson, 2009). Herein lies the problem.
In 2013, the retailer Target and its consumers were involved in one of the largest retail hacks in history. What is most interesting and perhaps appalling about this breach is the simplicity of the attack. Following is a brief synopsis of the events, the alerts that were missed or overlooked, and the reasons why.
Six months prior to the attack, Target spent $1.6 million on a malware detection tool created by FireEye. In an article written in Bloomberg Business, authors report the following:
Initially funded by the CIA and used by intelligence agencies around the world, FireEye works by creating a parallel computer network on virtual machines. Before data from the Internet reach Target, they pass through FireEye’s technology, where the hackers’ tools, fooled into thinking they’re in real computers, go to work. The technology spots the attack before it happens, then warns the customer. Unlike antivirus systems, which flag malware from past breaches, FireEye’s isn’t as easily tricked when hackers use novel tools or customize their attack (Riley, Elgin, Lawrence, & Matlack, 2014).
One of the largest security breaches in history began when intruders gained access to Target’s system by using stolen credentials from a third party vendor. Several days before Thanksgiving Target’s antivirus system indicated suspicious activity and later pointed to a server in question. This I believe was the first red flag missed or overlooked by network security. Had this initial vulnerability been...

Other assignments on Cyber Security In Business

Cyber Law Essay

3963 words - 16 pages rules prescribe the eligibility, appointment and working of Certifying Authorities (CA). These rules also lay down the technical standards, procedures and security methods to be used by a CA. These rules were amended in 2003, 2004 and 2006.Fundamentals of Cyber Law Information Technology (Certifying Authority) Regulations, 2001 came into force on 9 July 2001. They provide further technical standards and procedures to be used by a CA. Two important

Ethical Issues Arising From The Intersection Of Law, Compliance & Investigations

417 words - 2 pages There are several ethical issues that arise in information security. The security is one of most issue of concern for every business organization. Ethics is a term which is used to distinguish between right or wrong things. Ethical issues in computer security includes cybercrimes, computer hacking and information warfare. In an Internet world, many banking organizations are attacked by attackers and millions of credit card details stolen every

Cause And Effect

957 words - 4 pages more severe in cases of cyber-bulling because there is no escape for the victim. The internet and use of cell phones has enabled the harasser to intrude into the victim’s home and eliminate places of security. This has also allowed anonymity of the harasser which in turn, increases the likeliness that cyber-bullying will take place over the confrontational, school yard bullying scenarios. Although the acts of cyber-bullying may not always

Operation Receiver

607 words - 3 pages . The exercise took place in 1997 and the was a no-notice Joint Staff exercise designed to test DoD planning and crisis action capabilities when faced with attacks on DoD information infrastructures ("Interviews - John Hamre | Cyber War! | FRONTLINE | PBS", n.d.). The Red Team was played by the National Security Agency which used hacker techniques and software programs that were freely available on net ("Interviews - John Hamre | Cyber War

Jimmer Paper

624 words - 3 pages what we cannot ourselves, consistant base of security, and knowledge of solutions in the case of a cyber attack. Symantec Partners offers a flexible business model that appeals to each business individually, and offers solutions unique to each industry, and in my case, the dining business. 2. My first argument against oursource computer security is the lack of transperncy between myself, the management, and the entity managing the security. I

Security Breach

558 words - 3 pages Cyber Attacks and Security: The Problem and The Solution Shamika A. Woumnm BIS/221 February 16, 2015 Gregorio Chavarria Cyber Attacks and Security: The Problem and The Solution In December of 2013, Target reported that up to 70 million customers worldwide were affected by a major security breach. It was reported that thieves stole massive amounts of credit and debit card information during the holiday season which also swept

Modern Day Attacks Against Firewalls And Vpns

2441 words - 10 pages the adoption and increase of IPv6 Denial of service attacks, which Akamai in a 2015 State of the Internet Security report noted as a new security risk (para 20, 2015). Finally, we have been fighting terrorism for over 10 years now and terrorist are utilizing these resources more and more daily. There are other countries with the knowledge and capabilities to conduct cyber attacks against the U.S. and with the increase of the availability of

Database Security

281 words - 2 pages * Security in Database System * GROUP 5: * Chandra Muthineni Marat Talantov Bharath Rao Sinan Albayrak * Agenda * Introduction * Threats Of DataBase Security * Classification of Database Security * Process of Creating Database Architecture * Advantages * Conclusion * Q & A * References * Introduction * Database security is a crucial area that a firm should enhance in order to


1066 words - 5 pages the governing regulations and preventing cases of cyber-crime is a challenge. To quantify the risk of data theft, confidentiality breaches tend to cause major disruption to organizations over a long period of time. Remediation and investigation involved significant staff time. These breaches also resulted in the largest direct cash expenditure of any security incidents (McCoy & Fowler, 2004). The primary target of a

Assignment 2: Critical Infrastructure Protection

1124 words - 5 pages , resilience, and customs and exchange (DHS, 2015). These key concepts drive wide-ranging areas of action that the Quadrennial Homeland Security Review process describes as homeland security missions. These missions are not restricted to the Department of Homeland Security. These objectives and goals says what it means to prevent, to protect, to respond, and to recover. They also shows how build in security, to ensure resilience, and to facilitate


684 words - 3 pages computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems. Information assurance The

Similar Documents

Private And Public Sector Cyber Security Needs

2198 words - 9 pages worldwide. Clearly, how to improve cybersecurity or, then again, how to keep frameworks from being broken are key inquiries for any agency or organization to think about. Attention to the criticalness of cybersecurity is evidenced by the exponential rise in information security investments. For many years now representatives in Congress, business executives and the like have been proposing and debating proposed initiatives to combat rising cyber

Cyber Security Essay

317 words - 2 pages Why Hire Me? _____________________________________________________________ I am a highly motivated and professional Security Engineer with (Linux Professional Institute (LPI 102) certification and willing to pass CEH Certified Ethical Hacking). Capable of delivering at the highest level. With excellent interpersonal skills, I am confident in my ability to become the most valuable member of your company. I have developed expertise in networks

Cyber Crimes Essay

1600 words - 7 pages malware spies on victims by hijacking webcams, microphones, researchers say. Retrieved from Computer World: Dzielinski, P. (2014). Cyber Crimes. Insurance Advocate, 16-18. Intel v. Hamidi: Spam as a Trespass to Chattels-Deconstruction of a Private Right of Action in California , 22 J.Marshall

Cyber Crime Essay

262 words - 2 pages Cyber crime: The internet has become a part of our everyday lifestyle and made it easier for us in many ways. Although like many things in life, it also has its disadvantages as well. One of the major disadvantages with the internet is cybercrime. Cyber crime is the latest and perhaps the most complicated problem in the cyber world. The term “Cyber Crime” has nowhere been defined in any statute or Act passed or enacted by the Indian