Cyber Security And Information Systems: Course Overview Essay.

Upon successful completion of this course, each student should be able to:

1.Develop an information security program that aligns with organizational strategies by evaluating business requirements, applicable laws, regulations, standards, and best practices

2.Integrate confidentiality, integrity, and availability (CIA) concepts into the development of an information security program

3.Evaluate and recommend information and security technologies to support the information security program

4.Identify and discuss the fundamental reasons why information systems security is such a critical element in today's business, government, education, and home technology-based environments

5.Review and develop the key elements of an information systems security management program

6.Perform and document a risk-based analysis of information systems security for an organization, to include identification of threats, vulnerabilities, and countermeasures

7.Explain the various controls available for protection against internet attacks, including authentication, integrity check, firewalls, intruder detection systems.

Information Security Program Development

Cyber Security is a term that refers to the utilization of protocols, tools, and techniques to protect the data from cybercrimes and attacks. The course covers various aspects of cyber security and cyber defense and the same have been analysed to reflect upon and to assess the learnings, issues and areas of improvement.

Confidential, Integrity, and Availability (CIA) are the three primary information properties that are the most significant and are attacked by the malevolent entities. Authentication, Authorization, and Accounting (AAA) are the three primary measures for access control to the data sets (Nweke, 2017). Some of the most frequently occurring cyber security attacks include malware attacks, system failure, unauthorized access, and social engineering issues that may be prevented and detected by anti-malware software, authentication measures, data backup, encryption, and data removal. The course provided an insight in the various types of hacker, such as White hats, Black hats, Grey hats, Elite hats, and Blue hats out of which Black hats are the most common.

The various forms of malware, such as viruses, worms, logic bombs, ransomware, Trojan horses, etc. enter the systems and data through software, messaging, interception, and other channels (Chen et al., 2012). There are measures, such as anti-malware software, intrusion detection systems, and firewalls shall be used to detect and prevent the malware attacks. Authentication and data encryption are the two most popular measures for the protection of hardware and mobile devices.

Operating System hardening is the process of bringing down the attack surface by eliminating the unwanted services and functions. There shall also be frequent updates that must be installed as critical, windows, and driver updates. There are patches that are developed to fix specific software functionality. The rules and protocols shall be monitored through group policies and templates and the networking changes shall be managed through configuration baselines. New Technology File System (NTFS) is a file system that offers benefits over the age old FAT32 system in terms of security, backups, encryption, logging, and partitioning. The convert command is used to convert the file system from FAT32 to NTFS (Rusbarsky, 2012). These days multiple operating systems are virtually hosted by a single machine and the process is termed as virtualization.

Application security shall be ensured with the analysis and updates of the local computer policy of the web browser. Security protocols, such as Secure HTTP (HTTPS) must be used along with proxy servers. ActiveX controls, cookies, and security zones must be altered to secure settings through browser setting of Internet Explorer. Use of strong passwords, digital certificates and encryption, and read only permissions shall be set up for other applications. There are numerous testing processes that shall be carried out to ensure application security, such as black box testing, white box testing, validation of inputs, and likewise.

Confidentiality, Integrity, and Availability (CIA) Concepts

The use of Virtual Local Area Networks (VLANs) shall be promoted for enhanced network security as it offers advanced security features as VLAN hopping for avoiding spoofing and tagging attacks. The cloud security shall be ensured through string authentication, access control, and encryption measures (Yu, Rexford, Sun, Rao & Feamster, 2011). Server scans, monitoring, encryption, multi-fold authentication, access control, password security, and hardware-based firewalls are some of the measures for server defense.

Denial of Service (DoS) is the most frequently occurring network security attack that breaks down the service by launching unwanted traffic and may be launched in the form as SYN flood, Smurf attack, Ping flood, Ping of death and others (Kumar, 2016). Impersonation and masquerading attacks, such as phishing and spoofing, hijacking attacks, such as session hijacking, session theft, and man in the middle attack are some of the most popular network threats.  

Firewalls and Proxy Servers filter the network access requests and allow only the ones that are secure to pass through. Honeypots and Honeynets also perform access control by filtering the network access. Content inspection is carried out through network/endpoint/storage based Data Loss Prevention (DLP). Network-based Intrusion Detection (NIDS) detects the network attacks and Network-based Intrusion Prevention System (NIDS) inspects the network elements for prevention. All of these measures are combined to form Unified Threat Management (UTM).

There are network-related vulnerabilities exist that are utilized by the malevolent entities to give shape to the networking attacks. These may exist in network devices, cable media, access points and wireless transmission media.

The use of multiple authentication measures combined as one, and Single Sign on (SSO) shall be used as authentication models. Lightweight Directory Access Protocol (LDAP), mutual authentication, remote desktop access shall also be used for enhanced authentication. Web-based authentication makes use of captive portals. Virtual Private Network (VPN) is a connection between two or more system that may be one different private networks and it is one of the widely used remote authentication technology (Kim & Yang, 2010).

The users and groups must be provided with controlled permissions and access shall be controlled through Access Control Lists (ACLs), strong user credentials and use of measures as role-based access control, attribute-based access control, and likewise.

Risk and vulnerability management involves steps as identification, analysis, evaluation, treatment, monitoring, and closure. Active, passive or fingerprinting are the security analysis techniques that may be used to apply security controls, as management, operational, preventive, detective, corrective, or technical (Nirupama, 2012). Simulation of multiple attacks is carried out to execute penetration testing. Malicious entities carry out password analysis through guessing, dictionary attacks, Brute Force attacks, and cryptanalysis attacks.

Information and Security Technologies Evaluation

Networking monitoring and evaluation must be carried out for preventing and controlling network attacks. Protocol analysers as Wireshark and Network Monitor and analytical tools shall be used for advanced network analysis.

Cryptography and encryption are the measures that must be used for data protection and disaster recovery. There may be symmetric key algorithms, as Data Encryption Standard (DES), 3-DES, Advanced Encryption Standard (AES), and Rivest Cipher (RC) that may be applied or asymmetric algorithms as RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC) that may be applied. Hash functions covert the variable sized data in smaller blocks and are used for enhanced security. These may be applied as Secure Hashing Algorithms (SHA), Message-Digest Algorithms (MDA), and many others (Singh & Supriya, 2013).

Public Key Infrastructure (PKI) is set of processes, policies, and methods to distribution, storage, use, management, and revoking of digital certificates and public key encryption (Albarqi, Alzaid, Ghamdi, Asiri & Kar, 2015). There are Certificate Authorities that have been set-up for the management and handling of certification. These include Registration Authorities (RA), Certificate Revocation List (CRL), Online Certificate Status Protocol (OCSP, etc. Internet Protocol Security (IPsec) is used for secure communications, and authentication and encryption of IP packets (Cisco, 2018). There are three protocols under it as Secure Association (SA), Authentication Header (AH), and Encapsulating Security Payload (ESP).

The primary issues and concerns are in the area of cyber defense measures and controls that must be applied in the changing threat landscape. With the advancement in technology and the increase in the number of users, the attacks surface, and attack method is also changing. It therefore becomes difficult to identify the controls that may be applicable in such dynamic environment.

Another issue is the absence of an integrated security control and framework that may be applied for the security of devices, networks, resources, and all other entities that may be involved.

In spite of the security defence and prevention measures, there are repeating occurrences of security attacks that are witnessed. For instance, WannaCry ransomware attacks took place in May, 2017 that impacted the systems in over 150 countries (Hern & Gibbs, 2017). The need to think one step ahead of the malevolent entities is also one of the major concerns.

There are certain technologies that have been developed that may be applied in the area of Cyber Security and Cyber Defense as well for enhanced security and protection.

Importance of Information Systems Security

One such technology is Artificial Intelligence that is being extensively researched for understanding its application and scope in the field of information and cyber security (Dilek, Cak?r & Ayd?n, 2015). The information regarding the same integrated with Internet of Things (IoT) for improved and integrated security tools shall be identified.

Patching and application testing are not carried out as mandatory activities which must be ensured. The information on the automated tools for such purposes must be researched and analysed. There are various categories of information that demand different protection and security measures. The selection of the defensive and preventive measures must be based upon the same. There must be increase in the utilization of pro-active measures.

Conclusion

Cyber defense has become essential due to the increase in the number and frequency of security attacks. These attacks make use of attacking surface as networks, devices, access points, communication media, and many more. The course provides a detailed analysis on the various aspects of cyber security and cyber defense, such as network security, information properties, cloud security, virtualization, encryption and hashing, and many more. It is necessary to utilize the information and apply the same in the real-world for avoiding the security risks and attacks. The end-users must be aware about the security policies and practices that they must use for enhanced security and protection. There must be sessions and trainings that shall be launched for this purpose.

References

Albarqi, A., Alzaid, E., Ghamdi, F., Asiri, S., & Kar, J. (2015). Public Key Infrastructure: A Survey. Journal Of Information Security, 06(01), 31-37. https://dx.doi.org/10.4236/jis.2015.61004

Chen, Z., Roussopoulos, M., Liang, Z., Zhang, Y., Chen, Z., & Delis, A. (2012). Malware characteristics and threats on the internet ecosystem. Journal Of Systems And Software, 85(7), 1650-1672. https://dx.doi.org/10.1016/j.jss.2012.02.015

Cisco. (2018). Introduction to IP Security (IPSec). Cisco.com. Retrieved 9 March 2018, from https://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/20/IPSec/b_20_IPSec/b_20_IPSec_chapter_01.pdf

Dilek, S., Cakır, H., & Aydın, M. (2015). Applications of Artificial Intelligence Techniques to Combating Cyber Crimes: A Review. International Journal Of Artificial Intelligence & Applications, 6(1), 21-39. https://dx.doi.org/10.5121/ijaia.2015.6102

Hern, A., & Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global computers?. the Guardian. Retrieved 9 March 2018, from https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20

Kim, K., & Yang, H. (2010). VPN (Virtual Private Network) SW's examination example analysis. Journal Of The Korea Academia-Industrial Cooperation Society, 11(8), 3012-3020. https://dx.doi.org/10.5762/kais.2010.11.8.3012

Kumar, G. (2016). Denial of service attacks – an updated perspective. Systems Science & Control Engineering, 4(1), 285-294. https://dx.doi.org/10.1080/21642583.2016.1241193

Nirupama, N. (2012). Risk and vulnerability assessment: a comprehensive approach. International Journal Of Disaster Resilience In The Built Environment, 3(2), 103-114. https://dx.doi.org/10.1108/17595901211245189

Nweke, L. (2017). Using the CIA and AAA Models to Explain Cybersecurity Activities. Pmworldlibrary.net. Retrieved 9 March 2018, from https://pmworldlibrary.net/wp-content/uploads/2017/05/171126-Nweke-Using-CIA-and-AAA-Models-to-explain-Cybersecurity.pdf

Rusbarsky, K. (2012). A Forensic Comparison of NTFS and FAT32 File Systems. Marshall.edu. Retrieved 9 March 2018, from https://www.marshall.edu/forensics/files/RusbarskyKelsey_Research-Paper-Summer-2012.pdf

Singh, G., & Supriya, S. (2013). A Study of Encryption Algorithms (RSA, DES, 3DES and AES) for Information Security. International Journal Of Computer Applications, 67(19), 33-38. https://dx.doi.org/10.5120/11507-7224

Yu, M., Rexford, J., Sun, X., Rao, S., & Feamster, N. (2011). A survey of virtual LAN usage in campus networks. IEEE Communications Magazine, 49(7), 98-103. https://dx.doi.org/10.1109/mcom.2011.5936161