country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Cyber Threat Vulnerabilitie Place Federal

tag 0 Download14 Pages 3,356 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT

Question:

Discuss About The Cyber Threat Vulnerabilitie Place Federal?

 

Answer:

Introduction

Information System has become a very important infrastructure in any company across the world. The survival of most companies today is based on the security of their information system. However, there has never been an integrated model that has the capacity to access the possible security risks and effectively protect the information as well as the assets. Information systems such as emails, messengers, e-commerce, chatting, and m-commerce via the internet, are increasingly exposed to cyber security accidents (Bagchi, 2017). In order to ensure effective performance of any information System, a company must invest in securing the system. In addition, a proper risk management system must be put in place. This can only be done through the employment of several distinct measures. It is indisputable that there is a continued need to secure information systems (IS) (Anton, Anderson, Mesic, & Scheier, 2004).

There have been increased incidences of IS security and risks (Kaschek, Kop, & Claudia, 2008). Information system security and risk management require continuous assessment of any risk that may be exposed to the system. Discovery of any risk should be prevented within the shortest time possible. The major component of Information system security is risk management process (Pfleeger & Pfleeger, 2012). The process should be incorporated alongside risk assessment. The process of risk management should be done through the installation of preventive measures of future security problems to the system. SI risk assessment practice is in compliance with the security standards that have been set by HIPAA as well as CEISP. Risk assessment enables organizations to determine risk levels that are acceptable to them. They are then able to set appropriate security requirements.

 

Investigation, tools, and techniques

According to Information System (IS) security experts, one of the main techniques of risk management process is a risk assessment. The assessment should be done by professionals who are well trained and can easily identify risks in the information system before the system becomes vulnerable. Risk management refers to continuous a process that involves analysis, planning, monitoring and implementation of security measures of an information system (Kovacich, 2003). The process has since become a policy in most organizations across the world. Risk assessment which is a type of risk management process is executed in an interval of time. It can be done on yearly basis or on demand, based on the security requirement of the given Information System. It is important to note that risk management is a process that entails a sequence of events and activities.

 There are structuring and re-configuration processes that are involved in risk management. Organizations often tend to generate instantiations that are favorable to them. It is necessary to conduct an assessment of an organization’s IS the security controls from time to time. However, the continuous assessment cannot fully secure an information system (Tipton & Nozaki, 2012). A fully secure system demands for continuous monitoring of the system. A development life cycle of the system should also be put in place to monitor the effectiveness of the system over time. One technique that Hewlett-Packard Company uses for securing the system is through continued monitoring of the systems security details. In addition, all the changes that are made to the system are documented so that there is a reference whenever there is a security threat to the system. Reference can also be made when a risk is discovered in the information system (Jones & Ashenden, 2005).

Based on the result of security assessment report, remediation actions would be conducted at a later stage. The final security status is reported to the officials who are in charge of the system. HP company management has made effort and ensured that there is periodic review of the information system’s security status. The security techniques are based on the guidance of NIST SP800-37. The company has come up with their own approaches that they  use in managing their information systems and the possible changes that may be associated with them. Responsibilities of an owner of the information system would be greatly reduced if configuration management is done so that there is only one common security control. However, HP is a multinational company and has the financial capacity to employ enough personnel who can effectively manage their systems. In addition, Hewlett-Packard’s information system administrators have accorded priority to volatile security controls in the system since they have a greater impact in any organization (Alberts & Dorofee, 2002).

 

Risk analysis matrix and control

It is almost impossible to develop an integrated security model that can be used to address all the risks associated with an information system (Bidgoli, 2016). The proposed risk analysis matrix is through adaptation of software risk management. One of the attributes of software quality is the software itself. The security risk should, therefore, be investigated in terms of the software risk. Security risk refers to the damage or attacks that are made towards an information system. According to the risk analysis matrix, damages that are made on the assets of any organization as a result of cybersecurity can be categorized according to the vulnerability and threats to the assets.

The security analysis matrix shows four steps involved in the security risk analysis. In the first step, assets, vulnerabilities, and threats of a given organization are identified. They are then evaluated.

The resultant outputs are finally used to carry out security risk analysis. Finally, risk mitigation measures are put in place to reduce, and where possible eliminate threats that the assets may be exposed to. The mitigation measures, therefore, play a very crucial role in minimizing security risks. Domain analysis which is the first step of customizing security risk analysis is meant to improve the accuracy of the model. The threats, assets, and vulnerabilities are therefore analyzed based on their domains (Kramer, 2013). For example, information systems of a financial institution are completely different from those of a financial institution or a learning institution. The analysis that follows is that of classification of the assets, vulnerability and the threats. Assets can be classified as data, documents, software, hardware, and circumstances. Threats may be classified as human or non-human, network or physical, accidental or deliberate and technical or environmental (Dacey, 2010). The vulnerability may also be classified based on administration, personnel, physical circumstances, technical hardware, and software. Based on these arguments, the product of loss or damage and the probability is equal to security risk (Dacey, 2010).

Loss x probability = Risk

The risk in this scenario is the reduction in value of an asset when the asset becomes vulnerable. Probability refers to the chance of occurrence of a threat.

Security risk matrix

 

 

Likelihood of risk

 

 

Extremely high

Medium

Generally low

 

Risk impact

High

Failure to secure the password to the company’s server

Failure to audit the company’s information system

Missing security indicators on the server

Moderate

Failure to secure the company’s wireless internet from unauthorized use

Usage of un-updated antivirus and firewalls

Failure to back up the company’s external servers

Low

Failure to frequently change the password to the server

Failure to secure the server’s backup

Provision of weak passwords to third parties

Analysis of relevant threats and vulnerabilities

The first step of any analysis of threats and vulnerabilities is the identification of threats that could expose vulnerabilities of an information system. The identification can be done through consideration of the connections and dependencies of the system. In addition, inherited risks, software faults, controls, incorrect file permissions and personal changes must also be closely monitored. Possible vulnerabilities that are associated with every threat are then considered.  There is the possibility of a vulnerability being associated with a series of threats if not just one threat. Inputs are then collected from past risk assessments, security advisories, security test results, audits among many others.

Disaster Recovery (DR) plan

The success of any disaster recovery plan is determined by how well the design is. It is, therefore, necessary to ensure efficient operations during disaster recovery (Kim & Solomon, 2016). The recovery should start with a strong defense that provides border protection. The defense should be provided by an external firewall that borders the services of VPN and the router (Velliquette, 2004). Hewlett-Packard has installed an external firewall to their VPN and all their routers. All the three have configurations that have the capacity to transverse all the boundaries of the organization or company (Swanson, 2011). Firewall is the main component of the security infrastructure of any information system. Computer security network should incorporate firewall that incorporates hardware specifications as well as software specifications. Issues of redundancy and physical security should also be taken into account. There should then be an approach plan for fulfilling the primary needs of the organization or company in the course of disaster recovery (Velliquette, 2004). Meanwhile, the management of the company should certain their prioritized services so as to secure their systems further.

In addition, companies should sign against the limited functionalities during disaster recovery (Velliquette, 2004). The management of HP has equally made that as a rule to be followed by its staff in charge of information system management. Any recovery approach that has been agreed upon should be configured with the perimeter defense such that the perimeter defense would automatically shift to the state of pre-disaster just before any normal operation. The current policy of the company should be considered during the development of the firewall contingency plan. Security modules such as A CERT can be used to test the disaster policy of many firewalls. A method should be implemented to monitor traffic that moves from pre-disaster state to post-disaster state. The method can be tested with the use of relevant data from the very company. A border router that has packet filtering can be used in non-application type of vulnerabilities.

 

Proposal for a contingency plan

Information System plays a very important role in the world today. It should, therefore, be in a position to operate without any disruption (Khosrowpour, 1996). A contingency plan is intended to set back the system back into operation whenever there is a disruption. Most of the disruptions are as a result of security risks. The plan simply revolves the acronym of the system and then sets the information system back into operation. A robust contingency plan should incorporate ISCOs and other disaster recovery plans (Kovacich, 2003). Hewlett-Packard company has recovery disaster plans which is in accordance with International security management Acts. The company has incorporated a disaster recovery that can be used to retrieve its information system’s acronym in the event of any disruption

An established plan that consists of the recovery phase, activation phase, and reconstitution phase should be maximized (Kovacich, 2003). Thereafter, resources and procedures should be identified. They would assist in maximizing the effectiveness of the operation. Responsibilities should be assigned to facility personnel. They would provide further advice that would be of great benefit in the recovery process. Finally, there should be cooperation among all the persons who are involved in the Contingency planning (Swanson, 2011). There should also be a coordination of external points and associated vendors. Furthermore, the owners of an Information system must support the development of a proper ISCPs. The developed ISCOs would be meant for those Information Systems that are ranked much higher. Hewlett-Packard, being a renowned world leading electronics company, the company management has taken all these measures in securing and managing their information systems.

Analysis and report on Controls

How tools are used in the organization with reference to OSI layers

The very first step that should be considered when securing information is the elimination of any information leakage. The information resources should never be compromised at any cost. The physical layer of OSI model explains that obvious things should never be considered as being obvious. In many occasions, technologists have failed to realize that simple measures are equally very important in life (Pace, 2004). Hewlett-Packard Company for an instant has put in place stringent measures to secure leakage of information from the company. Simply obtaining a clue of a resource is enough to declare it as one that has been compromised. There should a proper plan for recovering information in the event that the information data is compromised. A good recovery plan is judged based on its success in the event that information resource has been compromised. There are some harmful tools towards OSI model. However, the problem can be eliminated through an analysis. The network layer of an OSI model is where routers and firewalls operate. The layer provides the best path that links a destination to the source.

 It is also within the layer that IP addresses are provided so that variables or systems can be uniquely identified. A system that is connected to the internet has an IP address. The address provides a way such that there is contact between the outside world and the system. In order to find a system on the internet, it is a requirement that one has to know the specific public IP address of the system. The same applies to applications. Security of the system is therefore increased through the configuration of the IP addresses such that one cannot easily compromise. Just like other world leading companies, Hewlett-Packard Company has configured their IP address. In addition, they have encrypted all their services to further enhance the security of their information system. The encryption service symbolizes the presentation layer of OSI layer. The technique scrambles all the available content. Encryption provides a sophisticated special code. One must, therefore, reveal the code before he or she can access the system. The application layer of OSI points towards applications that are based on end-user products. The layer supports authentication and use of other applications (Pace, 2004). The commonly used authentication at the level is a password which is assigned to a unique ID.

An individual must key in the unique ID alongside a password in order to access information data. Failure to present the unique ID and a correct password mean that the individual would not have access to the system. It, therefore, reinforces the security of the system since it eliminates people who are not supposed to access the system. An account can be redesigned so that it adheres to a policy. For example, it can specify the length of the password, a combination of letters, digits and or even special characters. The duration over which one can use a password can equally be altered. Such move would simply increase the security level of the system network (Pace, 2004).

Organizational units covered by the security policy

The information system has security policies that must be observed in every company. At Hewlett-Packard Company, there are users who have been assigned appropriate policy rights. The users are the only ones who are able to modify the security policy of the company. If a new computer if brought into the company domain, then the security policy of the domain would apply to the new computer (Brotby, 2009). The policy of the domain overrides any change that an individual may make to the system at the level of computer desktop (Syngress, 2003). Security policy is a preserve of computers. There are also security groups which are in use in the company by many employees.

Security policy enables an individual to apply a given security profile to several computers that are meant to be secured. On the other hand, security group provides standardized rights that are to be adhered to by all the members of a given group. Organizational units can be regrouped to form logical units that are to be used by the users, resource objects and groups as well. The adjustment is always done through a hierarchy which is nested within a domain (Johnson, 2014). Organizational units that are based on a given domain operate independently. Every domain, therefore, has the capacity to fulfill the demands of its own hierarchy. Similarly, domains that are coordinated from one central authority can employ common organizational unit hierarchies.

Business Contingency Plan (BCP) based on the risk plan

It is sound superfluous for a company to plan for disaster when all its systems are smoothly functioning. Despite that, some degree of care must be undertaken. Hewlett-Packard Company uses logic manage and cloud based tools as its business continuity tools. The tools are able to retrofit all the company’s data in case of disaster and then load it back to the system. All gaps would hence be eliminated. The business continuity plan hence foster confidence among the managers of the company’s information system. In addition it increases their efficiency and encourages them to embrace innovation.

Best practices in security risk management

Best practices are necessary for ensuring that the information system of a company is completely secured. Some of the best practices include;

  • Expertise should be considered when choosing the individuals in charge of managing the company’s information system. The chosen personnel should avoid access to the company’s security controls. The individuals should also have been certified by international associations in charge of privacy such as CIPM or CIPP among others (Brotby, 2009).
  • Business associates of the company must adhere to security and privacy requirements of the same level. They must also comply with HIPAA
  • The management of information system of the company must regularly provide an audit report of the system and recommendations. The report should be detailed detailing all possible vulnerabilities.
 

Conclusion

Effectiveness in the performance of a given information system is based on its management. There are several security risks that Information systems are exposed to. Managers of organizations and companies must, therefore, invest in securing the information systems. A completely secure system is free from threats and vulnerabilities. There is no process that has the capacity to shield an information system from all possible security risks. As such, every organization must employ a contingency plan. In addition, there must be a recovery plan that can be used in case the information system is attacked.

 

References

Alberts, C. J., & Dorofee, A. J. (2002). Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Professional.

Anton, P. S., Anderson, R. H., Mesic, R., & Scheier, M. (2004). Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology. Rand Corporation.

Bagchi, N. (2017). Management Information Systems. Vikas Publishing House,

Bidgoli, H. (2016). Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management. John Wiley & Sons.

Brotby, K. (2009). Information Security Governance: A Practical Development and Implementation Approach. John Wiley & Sons.

Dacey, R. F. (2010). Federal Information System Controls Audit Manual (FISCAM). DIANE Publishing.

Johnson, R. (2014). Security Policies and Implementation Issues. Jones & Bartlett Publishers.

Jones, A., & Ashenden, D. (2005). Risk Management for Computer Security: Protecting Your Network and Information Assets. London, UK: Butterworth-Heinemann.

Kaschek, R., Kop, C., & Claudia, S. (2008). Information Systems and e-Business Technologies: 2nd International United Information Systems Conference, UNISCON 2008, Klagenfurt, Austria, April 22-25, 2008, Proceedings. New York: Springer Science & Business Media.

Khosrowpour, M. (1996). Information Technology Management and Organizational Innovations: Proceedings of the 1996 Information Resources Management Association International Conference, Washington. Idea Group Inc (IGI),.

Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Publishers.

Kovacich, G. L. (2003). The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program. Butterworth-Heinemann.

Kramer, J. (2013). The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam. John Wiley & Sons.

Pace, K. A. (2004). Global Information Assurance Certification Paper. SANS Institute.

Pfleeger, C. P., & Pfleeger, S. L. (2012). Analyzing Computer Security: A Threat/vulnerability/countermeasure Approach. Chicago: Prentice Hall Professional.

Swanson. (2011). Contingency Planning Guide for Federal Information Systems. DIANE Publishing.

Syngress. (2003). MCSA/MCSE Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-291): Study Guide and DVD Training System. Syngress.

Tipton, H. F., & Nozaki, M. K. (2012). Information Security Management Handbook, Sixth Edition, Volume 6. CRC Press.

Velliquette, D. (2004). Computer Security Considerations in Disaster Recovery Planning.Retrieved from https://www.sans.org/reading-room/whitepapers/recovery/computer-security-considerations-disaster-recovery-planning-1512. GIAC Security Essentials Certification.

Wilshusen, G. C. (2009). Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk: Congressional Testimony. DIANE Publishing.

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2018). Cyber Threat Vulnerabilitie Place Federal . Retrieved from https://myassignmenthelp.com/free-samples/cyber-threat-vulnerabilitie-place-federal.

"Cyber Threat Vulnerabilitie Place Federal ." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/cyber-threat-vulnerabilitie-place-federal.

My Assignment Help (2018) Cyber Threat Vulnerabilitie Place Federal [Online]. Available from: https://myassignmenthelp.com/free-samples/cyber-threat-vulnerabilitie-place-federal
[Accessed 27 February 2020].

My Assignment Help. 'Cyber Threat Vulnerabilitie Place Federal ' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/cyber-threat-vulnerabilitie-place-federal> accessed 27 February 2020.

My Assignment Help. Cyber Threat Vulnerabilitie Place Federal [Internet]. My Assignment Help. 2018 [cited 27 February 2020]. Available from: https://myassignmenthelp.com/free-samples/cyber-threat-vulnerabilitie-place-federal.


MyAssignmenthelp.com is one of the noted service providers that deliver essay help. We provide tailored essay assistance to make sure that student gets online essay help exactly in the way they want it to be written. We at MyAssigemnthelp.com have built teams of consultants, who readily attend every query related to help me writing my essay. We provide essay writing help in forms of tips and steps in order o assist students with tough essay assignments.

Latest Management Samples

ACC03043 Corporate Governance And Ethics For Financial Stakeholders

Download : 0 | Pages : 10

Answer: Introduction  In the case of Salomon v A Salomon & Co Ltd [1897] AC 22 it had been clarified by the judicial system that a company is to be regarded as a separate legal entity and its existence has nothing to do with its owners.  There are various stakeholders of a company including its owners referred to as shareholders. These stakeholders include suppliers, customers, employees, investors, creditors and the c...

Read More arrow

MGT 712 Corporate Governance, Ethics And CSR For Sustainable Development Goals

Download : 0 | Pages : 14

Answer: Introduction Our world is facing a large number of problems such as poverty, hunger, gender discrimination, health-related issues, inequalities etc. Then, SDG (Sustainable Development Goals) was created by UN, which comprises 17 such type of problems, in order to achieve global sustainable development. Poverty is one of those problems consider in SDG goals. Poverty is the cause of many problems. Even though it has been decreasing from...

Read More arrow Tags: Australia Reservoir Management University of New South Wales 

MGT 712 United Nations For Lack Of Education, Overpopulation And Diseases

Download : 0 | Pages : 12

Answer: Introduction: Poverty is an extremely pertinent issue in today’s world. Poverty can be described as a social condition wherein people do not have the money to avail basic needs such as food, medicines, clothes and shelter and tend to be marginalized in society. Poverty is a burning issue that needs to be acknowledged, accepted and alleviated. There has been a decrease in global poverty with global poverty being halved since 2000...

Read More arrow

GEND 3031 Gender Sex And Society

Download : 0 | Pages : 17

Answer: Introduction The topic of the study is the analysis of the organizational requirements for formulating an effective growth path for Lesbian, Gay, Bisexual, Transgender agenda. The study is focused towards understanding the essential limitations that affect the rights and representation of the LGBT community. Subsequently, the study will also discuss the effectiveness of strategies that can help the LGBT community towards finding solut...

Read More arrow

GSBS6484 Corporate Governance And Social Responsibility For Volkswagen

Download : 0 | Pages : 8

Answer: Introduction There are number of media reports being published regarding the corporate social responsibilities of Volkswagen and most of these reports pointed about the negative and issues with their approach. This is due to the reason that emission scandal in 2013 for Volkswagen caused huge dent in their goodwill along with having other major impacts on different stakeholders. According to the report published by Siano, Vollero, Cont...

Read More arrow
Next
watch

Save Time & improve Grades

Just share your requirements and get customized solutions on time.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,206,971

Orders

4.9/5

Overall Rating

5,062

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

416 Order Completed

95% Response Time

Tyler Moore

MBA in Accounting

Washington, United States

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

755 Order Completed

95% Response Time

Douglas Cowley

Masters in Finance with Specialization in Audit

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

3076 Order Completed

99% Response Time

Emily Wei

Doctor of Philosophy (Ph.D) in Civil Engineering

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

184 Order Completed

96% Response Time

Arapera Billing

Masters in Management, MMgt

Wellington, New Zealand

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

All things were good, the experts know what they do. I completely recommend students to visit this site.

flag

User Id: 360584 - 27 Feb 2020

Australia

student rating student rating student rating student rating student rating

GOOD JOB, IT WAS GOOD EXPERIENCE TO GET YOU GUYS TO ASSIST AT A TIME THAT I WAS HIGHLY IN NEED.

flag

User Id: 372605 - 27 Feb 2020

Australia

student rating student rating student rating student rating student rating

Achieved the goal and the writer follow instruction. I received the homework before the due date.

flag

User Id: 370099 - 27 Feb 2020

Australia

student rating student rating student rating student rating student rating

It is an excellent work done and your help is highly appreciated. I got it even before the deadline and this gives me time to reflect on it.

flag

User Id: 353962 - 27 Feb 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?