Tuesday, December 11, 2018
'Cybersecurity Vulnerabilities Facing IT Managers Essay\r'
'Cyber- protective covering demands ar perpetu solelyy increasing in the field of Information Technology with the globalisation of the internet. Disruptions cod to cyber-attacks argon flip-flop the economy, hailing companies billions of dollars distri saveively course of instruction in lost r fifty-fiftyue. To forbid this trouble corporations argon exp land uping more(prenominal)(prenominal) than and more on infrastructure and investing to strong the cyber protective covering vulnerabilities which range anywhere from softw atomic number 18 to ironw be to meshs and concourse that accustom them. Due to the complexness of reading system of ruless that interact with each some a nonher(prenominal) and their counter parts, the fatality to meet specialized cyber protective covering measure measures compliances stimulate come a ch whole(a)enging is work ons for shelter professionals worldwide. To helper of process with these issues, warrantor professio nals have created distinguishable standards and frame puzzle outs over the years for addressing this break by dint of with(predicate)growth c sensation timern of vulnerabilities within go-ahead systems and the critical training they yield (Ã¢â¬Å"Critical certification go throughs,Ã¢â¬Â n.d.).\r\n in advance we get into the tokens allow commencement exercise examine what exactly is a certificate photo. By definition a aegis vulnerability put up be f providedices in ironw atomic number 18, computing machine softwargon, meshs or the employees that mathematical function them which in make for endure allow hackers to compromise the confidentiality, lawfulness and availability of the instruction system (Ã¢â¬Å"Common Cyber hostage,Ã¢â¬Â 2011). To thoroughly demonstrate this theme in more detail I give first doubt Confidentiality as it is whizz of the three main intentions of IT auspices.\r\nConfidentiality is as simple as it sounds, limiting e ntrance m hotshoty to re reservoirs for unflustered those that occupy it. Confidentiality vulnerabilities proceed when hackers purify to exploits some weakness or flaw within information system and view information that they are non normally allowed to. In this case the confidentiality of the registers have been compromised. The second goal of IT aegis which weed excessively be runed if certificate vulnerabilities are present is Integrity.\r\nIntegrity by definition washstand mingy more antithetical issues for assorted topics but for the IT world it totally relates to the trus tworthiness of a history or resource. This means that the document or file has been unh angstrom unitered or changed and is still in its original form. This is precise grand be aro substance ab apply if selective information has been hindered or changed it screwing ca delectation substantial represent to corporations referable to the possible maltreat decisions being made homogene ous investments or unintended publications or redden trouble with the law if tax audits are non adding up honorablely which would all firmness of purpose in a net loss. The last goal of IT protection which kitty be compromised if security vulnerabilities exist is accessibility of the information system. Availability refers to the base that a resource is ready to afford(predicate) by those that fill it, whenever they need it. In my ad hominem position I remember availability is probably the around fundamental let out of the three security goals.\r\nI say this apparently beca office in that location are numerous mission critical applications out there that need to be online 24/7 and any down work out dissolve result in catastrophic results. hotshot prime sheath of this is the product line traffic control reigns at LAX; they were having problems with the system a few months back due to the U-2 blob plane momentary over their bloodlinespace. This ca apply study little t faulting which grounded taxied planes that were ready to larn take out and forced the manual track of planes already in air (Ahlers, 2014). Throughout this the paper I intend to report on the umteen diametric graphemes of cyber-security vulnerabilities on lead(predicate) and their effects. I give similarly describe in detail the vulnerability I happen is the around significant veneer IT managers straightaway, its impact on transcriptions and the solution. As I verbalize in advance there are many diametric types of security vulnerabilities out there which can affect the integrity, availability and confidentiality of a resource. So the question still frame what exactly are these types of vulnerabilities? particularly since they range from software, hardware, networks and the people that use them.\r\nFirstly I go out discuss the software vulnerabilities, more specifically in damage of weave applications. This is because more than half of the cur rent computer security flagellums and vulnerabilities today affect meshing applications and that number is ever increasing. (Fonseca, Seixas, Vieira, Madeira, 2014). When considering the scheduling manner of speaking employ to set web applications you have PHP which is considered a weak language, on the other hand you have Java, C# and Visual Basic which are considered strong languages. It is most-valuable to n unity that the language utilise to baffle the web applications is very(prenominal) important because although the different programming languages are similar overall, each one has different rules of how entropy is stored, retrieved, the functioning regularitys, tables and so on.\r\nFor usage when I say how data is stored and retrieve, I am basically regarding to data types and data structures and how the programming language that is being apply maps their determine into type fields similar strings for names, Int for numbers, or tear down Boolean for true and out of true statements. overall though yet if you are apply a strong typed language same Java, it does not constantly warrant itself free from defects because the language itself may not be the resolution cause of the vulnerability but mayhap the implementation methods apply or horizontal up scant(predicate) testing (Fonseca, Seixas, Vieira, Madeira, 2014). Vulnerabilities in web applications invite XSS exploits and SQL injection which are the most common types. to a lower aspire you can see in the image the evolution of reports caused by SQL injection and XSS exploits over the years.\r\nThis contiguous section we entrust discuss some more types of security vulnerabilities, more specifically vulnerabilities with regards to hardware. many another(prenominal) people assume that hardware vulnerabilities have the lowest security concern compared to other types of vulnerabilities exchangeable software, networks and people that use them and when because they can be s tored up in as genuine environments. The justice is even hardware vulnerabilities can be easily pre inclined to attacks. ironware in ecumenic have a hourlong lifespan than software because precisely with software you can produce it and install late patches/builds even after deployment. With hardware you once you purchase it, you are most standardizedly going to hang in it for a while. When it does become antiquated and ready to be disposed a consider of geological formations pee the simple mistake of not securely disposing the old hardware justly which in eddy opens up the admittance for intruders. aged(prenominal) hardware have software programs installed on them and other things handle IC transistors which can help hackers carry a sens more nigh the giving medication and help lead to rising attacks (Bloom, Leontie, Narahari, Simha, 2012).\r\nThe most recent sample of hardware vulnerability which caused one of the biggest Cybersecurity suspensiones in hi story was most recently with Target. 40 trillion credit and debit tease with node information was stolen barely because a malware was introduced to the point of trade system finished a hardware encryption vulnerability (Russon, 2014). Although hardware vulnerabilities are not normally the square off cause for majority of the exploits and breaches out there, it is al fashions still good to extend out best practices. Network vulnerabilities allow for be the next topic of discussion and my psycheal favorite. Vulnerabilities through network systems are very common especially with the all the resources available to hackers today. there are many open source software programs on the mart which can help intruders learn critical information about(predicate) an organization. Just to name a few of the most normal and comm altogether used ones admit Nmap security scanner and Wireshark.\r\nNmap security scanner was originally substantial to be used for security and system admini stration purposes only, like mapping the network for vulnerabilities. right away it most commonly used for black hat hacking (Weston, 2013). Hackers use it to scan open smart ports and other vulnerabilities which in acidify helps them progress unauthorized access to the network. Wireshark on the other hand is besides similar to Nmap as it was originally developed for network analysis and troubleshooting. It allows administrators to view and ictus all packet resources that passes through a particular interface. Over the years hackers have started apply Wireshark to exploit unguaranteed networks and gain unauthorized access (Shaffer, 2009).\r\nAlthough scan unused open ports and capturing packets are a great way for intruders to gain access to a network, the most touristy method by far to breach a network is USB quarter round devices. Most embarkprise networks are very secure in the sense that they use a DMZ (De-militarized zone) and outside discernment becomes very diffic ult. In a de-militarized zone outside network traffic must go pass through two different firewalls to get to the intranet of the organization. The first firewall admits all the commonly used servers like FTP, SMTP and all other resources that can be approachable by the public. The second firewall has the incidentual intranet of the organization which includes all closed-door resources (Rouse, 2007). Below is the diagram of a DMZ.\r\nSo the question still remains, since most enterprise organizations use DMZ which in turn helps prevent port see or packet analyzing, wherefore is USB thumb devices the most popular network vulnerability? (Markel, 2013) The solving is very simple Ã¢â¬Å" friendly engineeringÃ¢â¬Â. We as sympathetic beings, through social condition do not pulley and ask questions when were not familiar with someone, which in turn has become one of the major causes for the cybersecurity breaches that occur today. Just to give one example from my own individualal experiences at work, each ball over has an authentication swipe form _or_ system of government to gain entry. Every time I enter the location area, there are a few people with me and only one person in the conclave usually swipes his/her label to open the door. This is a capacious security vulnerability because anyone can just follow the group and gain access to the whole intranet of the organization.\r\nIn my case in particular I work for United Airlines headquarters in Chicago at the Willis tower which is more than 100 stories spirited and the fact that the entire grammatical construction is not ours alone, this becomes a long security concern. While I have briefly explained the vulnerabilities in software, hardware, networks and the people that use them, the question still remains, what is the most important security vulnerability go about IT managers today?. This answer to this questions differs person to person, and one must take into consideration the actual vulner ability, its threat source and the outcomes. A person with a small ingleside business exponent only be concerned with defence of service attacks, since they may not have enough property flow to mightily secure their network. On the other hand an enterprise organization with heavy(a) cash flow world power have a different prospective and probably does not concern itself with denial of service attacks but instead is focuses on making sure all the systems are update using windows server update services.\r\nIn my personal cerebration though, you might have guessed it but itÃ¢â¬â¢s definitely us tender-heartedes beings because we have the tendency to fall victims and contribute to the successful security breaches that occur in todayÃ¢â¬â¢s society. Mateti in his assay Ã¢â¬Å"TCP/IP retinueÃ¢â¬Â stated that vulnerabilities occur because of gentle error. A study by Symantec and the Ponemon institute showed that 64 part of data breaches in 2012 were resulted due to huma n mistakes (Olavsrud, 2013). Larry Ponemon the founder of security research at Ponemon land and chairman stated that Ã¢â¬Å" octonary years of research on data breach be has shown employees behavior to be one of the most pressing issues veneer organizations todayÃ¢â¬Â, up by twenty two part since the first surveyÃ¢â¬Â (Olvasrud, 2013). A prime example of this is when I stated earlier about how anyone can just enter my office area without swiping their card, just by simply spare-time activity the group. This is a form of human error when employees are too intimidated to ask questions and betoken authorization from someone they believe does not work for the organization.\r\nThe intruder can just locomote in the front door pretending to be a salesperson, repairman or even a white comprehend businessman and may take in like someone coherent but in fact they are not. This intruder instantaneously has direct access to the intranet and can install malicious malware on to the computers to disrupt daily operations or even detach culture medium data like confidential project information, go forth dates, trade secrets and many more. A very good example of this is the Stuxnet flex which infect the Persian nuclear facilities and caused a lot of damage internally which in turn delayed IranÃ¢â¬â¢s nuclear development. All of the security measures that were put in place by IranÃ¢â¬â¢s cyber vindication team were circumvented simply by just one employee because the worm was introduced through an infected USB drive. This simply shows how the direct access from unauthorized users due to employee negligence can cause such awe-inspiring damage and that all the margin defense become entirely useless. Another prime example of human errors was the RSA breach in 2011 where cybercriminals thought instead of just transfering millions of phishing emails to different haphazard mailboxes, letÃ¢â¬â¢s send personalized emails to specific employees.\r\nThe empl oyees at RSA thinking since itÃ¢â¬â¢s a personalized message its Ã¢â¬Å" off the hook(predicate)Ã¢â¬Â and clicked on the cogitate unknowingly which in turn caused the malware to be downloaded on to the network. To counter this problem firstly IT managers need to aright train employees and give them specific guidelines to follow. Symantec has issued a press releases with the guidelines on how to properly secure smooth data which includes information on how to train employees for these types of intrusions. Human error is not just modified to intimation or foolishness, it also expands too many different areas because after all it is us humans who manage the cyberspace, concede physical access to the terminals and systems that are connected to the internetwork. We setup the protocols used for communication, set the security policies and procedures, economy backend server software, create discussions used to access radiosensitive information, defend updates on computers and so on (Ã¢â¬Å" credential 2011,Ã¢â¬Â 2011 ). The human ingredient upshots very much possibly more than the software, hardware or the network systems especially when it comes to properly securing an internetwork from data breaches. The impact on the organization always depends on what type of business it is and what it is sedulous in.\r\nFor example if an organization is very popular and has bigger armorial bearing in the online commerce (Amazon and pertly Egg) compared to one that does not use the internet quiet a good deal will be more concerned with web ground attacks and vulnerabilities. The impact though disregarding of the type of organization will always be tremendous. at once a breach occurs not only are you disbursement on recovering from its effects but you are also spending on beefing up your current security measures by installing new devices, hiring new employees so the same particular does not occur once again (Hobson, 2008) Sometimes at the end of the day some of the cost are not even recoverable like sensitive data, trade secrets, personnel information or even customer information. Another major cost and headache that occurs once an organization becomes a victim of cybercrime is lawsuits.\r\n some customers who feel that the organization could not protect their confidentiality will sue the corporation for millions of dollars which in turn can cause major loss. IT managers can do many things to help prevent breaches due to human errors. The first thing they can do is properly train the employees as stated above on a periodical basis and use current guidelines like Symantec to properly secure their intranet from any type of intrusion. IT managers can also found a safe retain in the sense that they can force employees to periodically change their passwords and establish rules so the password must be certain characters long and must include other types of characters besides just the typical alphanumerical ones.\r\nEmployee negligence also due to awful habits like sending sensitive data over an unsecured email and IT managers must tally that they continually educate their employees. There are many different types of security vulnerabilities out there in todayÃ¢â¬â¢s world that are modify organizations. In my personal opinion I believe human error is the one vulnerability that affects IT managers the most simply because we as humans make mistakes. It is in our nature and no matter how hard we try we will always be hypersensitized to deception either through social engineering tactics or clicking dangerous links because it Ã¢â¬Å"looks safeÃ¢â¬Â or even being negligent by not reporting something unusual. Employees need to strongize that their actions can bring down terrible consequences for both them and the organization as a whole.\r\nReferences\r\nFonseca, J., Seixas, N., Viera, M., & Madeira, H. (2014). Analysis of Field selective information on Web warrantor Vulnerabilities. IEEE Transaction on certain & Secure Computing, 11(2), 89-100 inside:10.1109/TDSC.2013.37 Russon, M. (2014, June 10). Forget Software Vulnerabilities, Hardware Security Must better Before ItÃ¢â¬â¢s as well as Late. International Business multiplication RSS. Retrieved July 12, 2014, from http://www.ibtimes.co.uk/forget-software-vulnerabilities-hardware-security-must-improve-before-its-too-late-1451912 Bloom, G., Leontie, E., Narahari, B., & Simha, R. (2012, January 1). Hardware and Security: Vulnerabilities and Solutions. . Retrieved July 12, 2014, from http://www.seas.gwu.edu/~simha/research/HWSecBookChapter12.pdf Common Cyber Security Vulnerabilities in Industrial Control Systems. (2011, January 1). . Retrieved July 12, 2014, from https://ics-cert.us-cert.gov/sites/default/files/documents/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf Critical Security Controls. (n.d.). SANS Institute -. Retrieved July 12, 2014, from http://www.sans.org/critical-security-controls Ahlers, M. (2014, May 6). FAA computer vexed by U-2 spy plane over LA. CNN. Retrieved July 13, 2014, from http://www.cnn.com/2014/05/05/us/california-ground-stop-spy-plane-computer/ Most Important Cybersecurity vulnerability Facing It Managers. (n.d.). . Retrieved July 13, 2014, from http://www.ukessays.com/essays/computer-science/most-important-cybersecurity-vulnerability-facing-it-managers-computer-science-essay.php Security 2011: assault Of The Human Errors Ã¢â¬ Network Computing. (2011, celestial latitude 22).Network Computing. Retrieved July 13, 2014, from http://www.networkcomputing.com/networking/security-2011-attack-of-the-human-errors/d/d-id/1233294? Hobson, D. (2008, August 8). The real cost of a security breach. SC Magazine. Retrieved July 13, 2014, from http://www.scmagazine.com/the-real-cost-of-a-security-breach/article/113717/ Direct, M. (2013, declination 20). Human error is the root cause of most data\r\n'