Security Models
Project 1: Security Models
Cybersecurity Summary
We’ve all been affected or know someone that has been affected in some aspect by personal information being compromised. When we leave our homes, we set alarms and make sure our personal belongings are protected. We lock our cellphones with passcodes as well as other safeguards that are in place to protect ourselves as well as our businesses. However, as the digital age of technology becomes more sophisticated, it makes safeguarding information more difficult. Specifically, with cyber-attacks on the rise it is imperative to have a cybersecurity plan in place to minimize the chance of an attack occurring.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes (Cisco, para. 1). The attacks depending on the level of severity can cost millions of dollars for a business to be able to recover. For example, in 2014 Home Depot estimated the investigation, credit monitoring service, call center staffing and other steps would cost $62 million, offset by $27 million it expects to be reimbursed by its insurance (Sidel, 2014). Thus, cybersecurity is needed to prevent attacks and minimize cost that could be incurred due to infiltration. One approach of protecting a system is penetration testing. According to British Standards Institution, penetration testing is the practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit, simulating an attack against an organization's IT assets. Penetration testing can prepare an organization against future attacks by identifying vulnerabilities. Organizations can use penetration testing as an opportunity to strengthen their security against common attacks.
Common cybersecurity attacks are (a) malware which includes a variety of cyber attacks such as viruses, trojans and worms, (b) phishing attacks sent by email to attempt to get personal data, (c) password attacks by a third party to gain access to a system, and (d) denial of service (DOS) attacks which interrupt or suspend services. Thus, penetration testing can be implemented to prevent future common attacks. Additionally, as a part of penetration testing an organization can use a data flow map to assist with getting a visual perspective to what the network looks like to better assist in the testing and what measures should be implemented to secure the network. Knowing how data flows across networks provides useful information to determine which plan to implement.
Similarly, network forensic analysis tools (NFAT) can assist with monitoring and network traffic which can be used to gather information for the purpose of information gathering that at times can replace penetration testing. NFAT can also be used before or after an attack. Administrators can implement NFAT to assist with investigations and gathering information to determine what went wrong. Organizations should choose a commercial option to assure that that they receive the most beneficial assessments. In addition to NFAT, organizations have to be proactive in exposing vulnerabilities and flaws that exist in software to ensure that their systems are safe. This can be difficult to do within organizations. Namely, “challenges range from difficulty in keeping up with vulnerabilities and quickly applying patching - if and when flaws are identified by vendors - to the complexity of applying patches on clinical systems that cannot easily be taken offline because of patient care demands or their interconnectivity with other critical systems and devices” (Bank Info Security, 2018, para. 3). Thus, keeping up with vulnerabilities and finding a remedy can be difficult when technology and attacks continue to grow. While cybersecurity is able to protect from digital attacks, computer security protects computer systems and information from harm, theft and unauthorized use. Yet, they are similar by being a measure of protection for systems and hardware. They both have the ability to alleviate harm and danger from occurring on a computer system.
Another focus in cybersecurity is that of the enterprise. Enterprise cybersecurity is a company’s strategy in reducing or eliminating the risk of access to their systems or data. An Enterprise wants to make sure that their information and essentially their business is protected. A modern enterprise may face many threats and one being an insider threat. An employee with access to the system can cause damage to an enterprise and it is a challenge identifying insider threats. Specifically, “traditional defense mechanisms fail against insiders. Perimeter firewalls, intrusion detection systems, and multifactor authentication standards are meaningless against an adversary who has active and legitimate access to systems and information. They are already “inside” the cyber boundaries laid by conventional security software, which makes them even more likely to slip through the cracks and cause considerable harm” (Tripwire). Additionally, modern enterprise still face malware attacks which can steal data which can end up being very costly to a business. To combat threats, an enterprise should implement a cybersecurity policy to implement to assist with eliminating attacks. An enterprise would first need to develop a policy framework that consist of standards, guidelines and best practices to manage risks. Once the framework is developed, an enterprise can move forward with training, testing and implementing their new policy. An Enterprise will need to take in account their employees, budget and technology in order to construct an effective plan before implementation. The implementation plan also will take in account the consequences that may arise from the new policy. After all, policies that are implemented aren’t always flawless. Thus, there still may need to be some tweaking that may occur after a policy is in place.