The Critical Need for Information Security

The Critical Need for Information Security

  • Type of paperEssay (Any Type)
  • SubjectOther
  • Number of pages4
  • Format of citationAPA
  • Number of cited resources3
  • Type of serviceWriting from scratch

Access the ACM Digital Library by following the steps below: Students: 1.Login to iCampus. 2.From iCampus, click STUDENT SERVICES˃˃ Learning Resources Center ˃˃ Databases. 3.Scroll down to ″Information Systems/Computing″. 4.Select “ACM Digital Library” below the heading. 5.Enter your library username and password. Faculty: 1.Login to Blackboard. 2.Click the ″Resource Center″ tab at top right of page. 3.From the list on the left, click ″Databases″. 4.Scroll down to ″Information Systems/Computing″. 5.Select “ACM Digital Library” below the heading. 6.Enter your library username and password. Download and read the following articles available in the ACM Digital Library: Bernier, M., Chapman, I., Leblanc, S. P., & Partington, A. (2011). An overview of cyber-attack and computer network operations simulation. Proceedings from MMS ’11: Military Modeling & Simulation Symposium. Boston, MA. Maughan, D. (2010, February). The need for a national cybersecurity research and development agenda. Communications of the ACM, 53(2), 29-31. Write a four to five (4-5) page paper in which you: 1.Identify at least three (3) benefits or key knowledge points that could be derived from using cyber-attack simulator systems and research, and suggest how this insight could assist in defining the needs for security within an organization. 2.Analyze and determine which sector, public or private, has greater insight on the potential of cyberattacks. Justify your answer by citing at least three (3) examples. 3.Suggest at least four (4) best practices that should be implemented when developing a cybersecurity strategy within a security enterprise. Then, evaluate the required roles and functions of Information Technology (IT) personnel that would be required to sustain these best practices. 4.Describe the role of planning when developing a cybersecurity strategy and what key deliverables would ensure an effective implementation and transition. 5.Suggest how public-private partnerships can strengthen cybersecurity efforts and effectiveness in a: a. Corporate environment b. Regional level c. National level 6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: •Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. •Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: •Evaluate the ethical concerns inherent in cybersecurity and how these concerns affect organizational policies. •Describe the corollary roles of security in an enterprise. •Describe best practices in cybersecurity. •Use technology and information resources to research issues in cybersecurity. •Write clearly and concisely about topics associated with cybersecurity using proper writing mechanics and technical style conventions.

Answer

Information security involves the safeguarding of organizational assets from the alteration of sensitive data, interference of business operations, or disclosure of proprietary information. This data safeguard is normally defined as preserving the confidentiality, integrity, and availability (CIA) of the organizational assets, operations, and information (Krutz & Vines, 2010).

  1. Benefits or key knowledge points that could be derived from using cyber-attack simulator systems and research.

Undoubtedly, the information security community validates an urge for a simulator system and research capabilities. According to Fred Cohen (1999), he stated that “The high cost of running real-world attacks, the limited extent to which they exercise the space of actual attacks, and the high potential for harm from a successful attack conspire to make some other means of analyzing an imperative.” There exist various benefits that accrue from simulation in the security enterprise. Some of these benefits include:

  • It enhances the compression of long-term activity into short periods,
  • It allows an easier access to re-configuration,
  • It may represent certain degree of abstraction like the OSI model,
  • It also allows an easier access to scalability,
  • It is also considered cheaper than using real computers, software, networks and protocols and,
  • It instantly reset both networks and computers to initial conditions.

Cyber-attack simulator systems and research is an effective technique to utilize during such periods when information security threats are at acute. The use of such systems and research can provide both the information security and lay IT managers a better understanding of their information environment on both a tangible and abstract level.

  1. The sector, public or private, with greater insight on the potential of cyber attacks.

Most information and ideas are drastically migrating into digital form on an open and worldwide interrelated technology stands. As the migration and technology inclines, the threats from cyber attacks also increasingly daunts the public with whom receives the information and ideas (Von & Van, 2013). Therefore, the public sector has developed the greatest insight on the potential of cyber attacks from the hacktivists who tend grab such advantage to pursue their personal gain.

For example:

  1. The surfacing of a secretive hacking group in August 2016 called the Shadow Brokers that claimed to have penetrated the spy implements of the elite NSA-related operation called the Equation Group. The group presented a section of supposed stolen data from NSA and tried to auction off a bigger trove.
  2. The surfacing of a strain of ransomware known as WannaCry in May 2017 that spread around the globe, whopping numerous targets especially in large corporations and public utilities. The ransomware indefinitely left National Health Service hospitals and facilities in the UK paralyzed.
  3. A month after the surfacing of WannaCry, another ransomware infection called Petya or NotPetya surfaced, exploiting hit targets worldwide. The infection was believed to have been the advanced version of the WannaCry in various ways but still had an unsuccessful payment system.
  4. A data trove of around 8761 documents published by WikiLeaks purportedly had been stolen from the CIA that had broad documentation of apparent spying operations and hacking tools.
  5. Best practices to be implemented when developing a cybersecurity strategy within a security enterprise, and the required roles and functions of Information Technology (IT) personnel in sustaining these practices.

The best practices for protecting a security enterprise with which an information security manager must keep in mind include the following:

  • Information Assurance

Information assurance is attained when information and information systems are safeguarded against attacks through the application of various security services – integrity, availability, confidentiality, authentication, and non-repudiation. Applying these services should depend upon the essence of detecting, protecting and paradigm reaction (Krutz & Vines, 2010). A security enterprise should, therefore, need to expect attacks and involve attack detection procedures and tools to allow them to react to and recover from the unexpected attacks.

  • Defense in Depth

The opinion of defense in depth is based on the fact layered security strategy can increase the security of a system as a whole. For instance, if an attack leads to one security strategy to fail, other strategies may still offer the required security measures to protect the whole system.

 

 

  • Contingency Planning

Contingency planning is crucial in numerous ways for any security enterprise to be certain of withstanding any sort of security disaster or breach. The contingency plans are incorporated with each other so as that a response team can adjust from one to the other effortlessly if there is a need.

  • Information Risk Management

Because of risk consequence and likelihood, a security enterprise should try to reduce the risk to an acceptable level. The notion of risk management is that the threats to the enterprise are identified, classified, and evaluated to determine their damage potential (Hsu, 2012).

The roles and functions of Information Technology (IT) personnel in sustaining these practices.

For the four security strategies, the IT personnel should realize that it is substantial enough for them to maintain information security in a strong viewpoint of all the areas of the enterprise that need protection. Therefore, through the cooperation of all enterprise units, the IT personnel must work in incorporating security into the procedures of all phases of the enterprise, from the workers training and development to research and progress (Krutz & Vines, 2010).

  1. The role of planning when developing a cybersecurity strategy and key deliverables in ensuring an effective implementation and transition.

The threat of cyber-attack becomes more imminent as technology tends to change the manner in which work is getting done. For the sake of organizational and clients privacy, cybersecurity, therefore, tends to be a top priority for the organizations. Therefore, when developing a cybersecurity strategy, planning helps in finding the best time for a training and development layout that can assist to put the strategies into action, working collaboratively to achieve the training needs and technical applications and that will be crucial to effectively launch the strategies (Hsu, 2012).

To ensure an effective implementation and transition, organizations must always acknowledge that upholding protection goes beyond mere IT managers. Therefore, the organizations should ensure that every employee is equipped with appropriate knowledge of the best practices to avoid attacks and safeguard information, and the urge for training should also be built into every strategic plan for cybersecurity. The employees should also be able to recognize the internal and external threats and report to avoid security breaches. Effective training should also address such areas as secure browsing practices, safe password management, cryptographic communications and appropriate system configuration.

  1. How public-private partnerships can strengthen cybersecurity efforts and effectiveness

Public-private partnerships in the efforts of strengthening cybersecurity entail the incorporation of both public and private sectors in determining the ideal approach and framework in advancing the measures, standards, and technology that would enhance economic stability and improve quality of life.

In a corporate environment, the partnership can develop a framework that encompasses a collection of industry standards, processes, and best practices, geared towards leveraging a more broad approach to assist the corporate environment in managing their cybersecurity attacks. The partnership offers a common language to address and manage cyber-attacks in a cost-effective way.

At the Regional level, the partnership can reinforce key procedures that every region regard as they balance attacks effectively. The partnership can develop a framework that allows various leadership involvement in the cybersecurity attacks management process, offers an approach to provide accountability and responsibility, and devices for synthesis of threat and vulnerability information with impending influence on regional needs and operational capabilities.

At the National level, the partnership can be designed with the nation’s crucial infrastructure in mind. The infrastructure involves the engagement of large and small, various sectors, academia and even government. The partnership may capture future national directions and plans to identify significant areas for development, collaboration, and alignment with various government agencies and organizations to build national guidelines, standards, and best practices (Carr, 2016).

References

Carr, M. (2016). Public-private partnerships in national cyber‐security strategies. International    Affairs, 92(1), 43-62.

Cohen, F. (1999). Simulating cyber-attacks, defenses, and consequences. Computers & Security, 18(6), 479-518.

Hsu, D. F. (2012). Building a Secure and Sustainable Cyberspace Ecosystem: An Overview.        Advances in Cyber Security: Technology, Operations, and Experiences, 1.

Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud         computing. Wiley Publishing.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cybersecurity. Computers           & security, 38, 97-102