Security Threat

In: Computers and Technology

Submitted By dz46254
Words 2340
Pages 10
Security Considerations for Pro Trans
Brian Smith
CMGT/400
July 27, 2015
Professor Iwona Rusin

Security Considerations for Pro Trans

To identify any of the vulnerabilities that may be associated with Pro Trans, I would first conduct a detailed risk analysis report that would include data related to variable aspects of the business. First, all of the possible risks will need to be evaluated. How those risks are being controlled will need to be assessed. It will be important to identify any assets that belong to the company that can be tampered with or stolen. The past and possible threats will also need to be documented. Simulated attacks can provide information on the possible impact they would have on the company.

This data includes SLE or Single Loss Expectancy rating and an Annualized Loss Expectancy rating with monetary values for both. How much control the company has over specific and general attacks is important also. This data will reveal how safe the system truly is. Conducting interviews with each department staff leader will also be a key step in assessing risk. This would give a general idea of how day-to-day operations are run, how many employees have access to the system, and how many remote locations they have.

Since the servers used for data storage are connected to the same network as the servers used for software and Internet programs, there is a serious risk when using web components. For example, all of the employees in the accounting department use a payment posting web application. If an attacker or even a disgruntled employee wants to write company checks to a fraudulent account, they could simply sign in and fill out the information for writing a check and have the funds within 24 hours. To counter this, a simple solution would be to have active employees change their passwords every six months, and revoke all employee…...

Similar Documents

Information Security Threat Mitigation

...Information Security Threats Mitigation By Francis Nsofwa Mubanga Keller Graduate School of Management Devry University Professor Sandra Kirkland SE572 July 14th, 2011  Table of Contents Introduction 1 Steps 1 Denial-of-Service attacks (DoS) 1 Distributed Denial-of-Service attacks (DDoS) 1 Masquerading and IP Spoofing attacks 2 Smurf attacks 2 Land .c attacks 2 Man-in-the-Middle attacks 3 Conclusion 3 References 4 Introduction Our company faces the largest information security threat and we need to take steps to mitigate the risks associated with each one of them. Steps Denial-of-Service attacks (DoS) We will analyze the attack as best as we can and implement the correct defense. We will ask ourselves if there are any common packet signatures that are easy to filter against. We will ask ourselves if all attackers hitting a single target if they can be sacrificed. We will also need to find out as to which network the attack is coming from, and if we can verify it (remember that spoofed packets can come from anywhere, including our own network). Once we’ve found a reasonable match for the attack, pass the filters to our upstream provider(s) and seek their help getting them propagated outwards. We will need to make sure we filter or redirect traffic with a minimum amount of actual downtime (Kaeo, 2004). Distributed Denial-of-Service attacks (DDoS) CluB: a Cluster-Based architecture is the method we will use to prevent DDoS......

Words: 789 - Pages: 4

Security Threats

...Security Threats & Vulnerabilities As information technology grows also does the need to protect technology or information on the system. Before we can protect the information on a system we need to know what to protect and how to protect them. First must decide what a threat to our system is. A Security threat is anything or anyone that comprise data integrity, confidentiality, and availability of a system. Another security issue for systems is Vulnerabilities in software that can be exploited by people that want to do harm to a system. It’s up to the personnel or team that’s in charge of protecting the system from threats and vulnerabilities. The personnel that secure information technology systems are known as (ISO) Information Security Officer, (IASO) Information Assurance Security Officer, (ISM) Information Security Manager ect. No matter what name the personnel there job is the same to protect information systems. Security Officers will have to set policies that govern the system and create plan on how to handle security threat and vulnerabilities. Security threats can consist of any number issues ranging from physical attack, spoofing, password attacks, identity theft, virus attacks, and Denial of Service attacks, Social Threats, Espionage, malware, spyware, Careless Employees, and hackers. We will disuse all of these threats and ways to prevent them later in the report. In 2010 Kevin Prince, CTO, Perimeter E-Security "As these security threats are becoming......

Words: 2408 - Pages: 10

Top Security Threats

...Top Security Threats Craig Gagne’ IS317: Hacker Techniques Tools and Incident Handling 12/15/2013 Hany Othman The report highlights dramatic increases in targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices. Targeted attacks Targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues. Stuxnet could not have breached its target without someone being given trusted access with a USB key. Meanwhile, Hydraq would not have been successful without convincing users that the links and attachments they received in an email were from a trusted source. Social Networks Social network platforms continue to grow in popularity and this popularity has not surprisingly attracted a large volume of malware. One of the primary attack techniques used on social networking sites involved the use of......

Words: 727 - Pages: 3

Information Security Threat

...Illeana Morales-Frazier 1/19/13 SEC 572:Week 2: You Decide Information security threat and the steps we have taken to mitigate the risks associated with these threats. External cyber-attacks are on the rise and have become a real challenge for network administrators as well as network design planners to ensure their respective networks are protected from external attacks resulting in loss of website availability, confidential data, and internal processes critical to mission objectives. Cyber-attacks can cost companies large sums of unrecoverable revenue associated with site downtime and possible compromise of sensitive confidential data. It is imperative today’s corporate network is configured and prepared to protect itself from external cyber-attacks. Since there is no 100% method to stop external cyber-attacks, attention to detail must be made in regards to proper configuration of the network to include state of the art hardware and software. To include current security patches for both software and hardware respectively. Additionally, hardware and software measures will be limited in their effectiveness without network policies and techniques to protect against external cyber-attacks such as Denial of Service, Distributed Denial of Service, Masquerading and IP Spoofing, Smurf Attacks, Land c Attacks, and Man-in-the-Middle attacks. In close coordination with our IS team engineers and IT network director an approved plan has been incorporated to minimize......

Words: 735 - Pages: 3

Security Threats

... social networking, attack kits, mobile threats, zero-day and rootkits. These targeted attacks are exactly what it says, they target what they are designed to hit, whether it is a company (small or large), and individual or a specific machine. [ (Symantec, 2011) ] Symantec recorded over 3 billion malware attacks but yet Stuxnet stands out more than the others. However, lets us not forget Hydraq. Each one was highly sophisticated and was tailored for specific targets. Although Hydraq was old-fashioned, what made it stand out was what and whom it stole. Of course targeted attacks didn’t begin until 2010, and it won’t end. Once inside, the attack attempts to avoid detection until its objective is met. [ (Symantec, 2011) ] In 2010, the volume and sophistication of malicious activity increased, the Stuxnet worm became the first with the ability to affect physical devices while attempting exploits for an unprecedented number of zero-day vulnerabilities simultaneously. Although unlikely to become commonplace, Stuxnet does show what a skilled group of organized attackers can accomplish. [ (Symantec, 2011) ] Although providing a look at the security threats that are out there on the internet that us as users face on a daily basis, unless we know what we are dealing with, there is no way to defend against it. This is why it is important that we keep our software updated to help prevent attacks. [ (Symantec, 2011) ] Implementing security measures such as isolated networks can......

Words: 340 - Pages: 2

Security Threats

...Control Fundamentals and Security Threats To: John Smith, Business Manager From: your name Date: n/a Subject: Security threats and the need for security measures The need for security measures is vital to the company. The risk of not protecting against known security threats can be catastrophic. For example, an insider attack can obtain business advantage (long-term business benefits), financial gain, and sabotage which can disrupt performance and corrupt data. Computer criminals known as hackers can obtain secure company information or even create malicious software to harm the system. We must implement ways to make the company more secure by installing firewalls, virus protection, spyware, and other malware protection. The following are three specific social engineering techniques and how to best prepare employees for each potential attack. • Dumpster diving a social engineering attack in which malicious users search through the organization’s trash in the hope of retrieving useful inside information. We must ensure documents and data are properly destroyed before disposing such as using a shredded for hard copies. Providing training and educating employees on guidelines on how to safely dispose of information. • Tailgating is an attack in which a malicious user follows closely behind an authorized user to bypass a security access point. Malicious users can also persuade someone to grant them access to an area without authorization by claiming to have lost or......

Words: 360 - Pages: 2

Security Threats to Companies

...Final Essay- security Threats for companies | Security Threats for Companies | Focusing on Employees | | Meadows Steven A CTR SITEC United States Special Operations Command | 4/17/2014 | American Military University TABLE OF CONTENTS Introduction 2 Chapter 1 4 External Threats 1.1 4 Malicious Code 1.1.a 4 Firewalls 1.1.b 6 Chapter 2 7 Physical Threats 2.1 7 Structure Outside 2.1.a 7 Structure Inside 2.1.b 7 Chapter 3 9 Internal Threats 3.1 9 Employee Access 3.1.a 9 Employee Attitude 3.1.b 10 Employee Training 3.1.c 11 File Permissions 3.2 11 Least Access 3.2.a 11 References 12 Introduction The internet has become a global resource for the working companies. Those who utilize the internet have near endless resources at their fingertips. This gives companies large advantages that those that don't utilize the information available to them on the internet. However, with great advantages, and information, comes great responsibility, and risks. The internet is also full of those who want to hurt companies, for reasons unknown to the company or for reasons that the company may be aware of, but is unable to prevent. Companies will never be able to eliminate the human factor from the work place. Even as self-automation and computers take over the human bodies for work and productivity, the human factor is still there. Someone, somewhere has to have access to the systems in order to maintain accountability, control, quality, and......

Words: 2691 - Pages: 11

National Security Threat

...National Security Terrorism can be looked at from many different points of view. The definition of terrorism is the use of violence and intimidation in the pursuit of political aims. That doesn’t put a target on foreign countries alone. Terrorism can happen between Americans as well. Though the most fatal attacks such as 9/11, Pearl Harbor, and Boston Marathon Bombings were done by groups such as the al-Qaeda, Imperial Japanese Navy and as little as two foreign Soviet brothers who immigrated, became citizens, then attacked. Many things can be done to protect Americans at home. Records could be kept of every action someone makes. Surveillance of the internet sites accessed, text messages and phone calls made, and financial transactions. Being able to access and monitor these records will allow National Security to prevent attacks before they happen. A system could be made where they don’t monitor 24/7 but there would be red zones or red flags, which would alert National Security to investigate or watch over whatever is happening. This shouldn’t be a problem to many Americans if they claim they’re not doing anything wrong. This is a similar scenario as the National Terrorism Advisory System. It alerts to communicate information about terrorist threats by providing timely, detailed information to the public, government agencies, first responders, public sector organizations, airports and other transportation hubs. Using available information, the alerts will provide a concise...

Words: 1017 - Pages: 5

Security Threats

...Security Threats Vulnerability can be defined as “a security exposure that results from a product weakness that the product developer did not intend to introduce and should fix once it is discovered” (Microsoft TechNet, 2014). There are possibility that the two databases could have vulnerabilities such as a weakness in the technology, configuration or security policies. The vulnerabilities can lead to potential risks in the personnel records systems. Security risks can be described as actions that could cause loss or damage to computer hardware, software, data or information. Potential security risks to milPDS and Remedy are computer viruses, unauthorized access of systems, personal information theft, personally identifiable information (PII) being compromised or violated, and system failure. These vulnerabilities and security risks can result in serious issue to the center. As a center that has a main purpose of managing personal records, any compromise, whether it is information stolen or a database system losing information can be disastrous for many different reasons. After threats and vulnerabilities have been identified, an assessment should be processed to figure out how the threat and vulnerability affected the system(s). This will assist in determining what measures are needed to ensure the vulnerability is handled. There are policies, Air Force Instructions and procedures in place if threats and vulnerabilities have been detected. The Commander......

Words: 474 - Pages: 2

Security Threats

...PC Security Threats DeVry University Professor Andino SEC 280: Principles Info Sys Security Computer security is not an issue for organizations alone. Anyone whose personal computer is connected to a network or the Internet faces a potential risk of attack. The Internet continues to grow exponentially which I believe makes us less secure since there is more to secure. Information security is concerned with three main areas: Confidentiality - information should be available only to those who rightfully have access to it. Integrity -- information should be modified only by those who are authorized to do so, and availability - information should be accessible to those who need it when they need it. These concepts apply to home Internet users just as much as they would to any corporate or government network. You wouldn't let a stranger look through your important documents. In the same way, you may want to keep the tasks you perform on your computer confidential, whether it's tracking your investments or sending email messages to family and friends. Also, you should have some assurance that the information you enter into your computer remains intact and is available when you need it. Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you weren't connected to the Internet; hard disk failures, theft, power outages. The bad news is that you probably cannot plan......

Words: 786 - Pages: 4

Common Information Security Threats

...The purpose of this paper is to identify three information security threats, potential risks, and the related vulnerabilities to an organization. We will go in depth to identify these harmful threats and describe each potential risk an organization may have to endure. We will also discuss three major information security threats dealing with SunTrust Bank. SunTrust bank headquartered in Atlanta, Ga operates 1,497 branches and over 2, 200 ATMs in the South and some in the North. SunTrust bank has over $175 billion in assets in the US and the money is increasing even more. The major assets that SunTrust has invested needs to be fully protected against potential information security threats from people trying to steal money or do harm to the organization. One of the major threats that SunTrust bank and other banks have to be cautious of is distributed-denial-of-service attacks or DDoS. A DDoS attack is designed for an attack on a single target by a group of compromised system infecting the target with a Trojan. There are two types of attacks associated with DDoS attacks, which are network-centric and application layer attack. There are two types of DDos attacks a network centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls (Rouse, 2013). The most well known DDoS attack was committed by the Izz ad-Din al-Zassan Cyber fighters in 2012. These attacks were distributed in two......

Words: 1269 - Pages: 6

Common Information Security Threats

...Common Information Security Threats to Fundraising Organizations Klay C. Kohl CMGT/400 May 19, 2015 Robert Quintin Common Information Security Threats to Fundraising Organizations Introduction The advantages for fundraising organizations when integrating donor databases with their website are endless. Moreover, the security risk considerations from accessing online databases are an exponentially higher risk. These risks exist whether they are a small fundraising organization comprised mostly of volunteers or a Fortune 500 corporation. These risks fortunately, can be greatly reduced, and often, as in many cases, eliminated altogether when information security concerns are a priority in the design, implementation, and maintenance of the organizations offline access portal. In this article, we’d like to address some common security risks associated with database transactions online, discuss common technology behind these interactions, and describe controls that can be taken to mitigate the risks involved. Security concerns and the SDLC The system development life cycle (SDLC) commences with the initiation phase of the system planning process, continuing through system acquisition, development, implementation, and maintenance. Specific decisions about security must be made in each of these phases to assure that the system is secure.  During this initiation phase, organizations conduct a......

Words: 1404 - Pages: 6

Common Information Security Threats

...Common Information Security Threats NAME CMGT400 – Intro to Information Assurance and Security DATE INSTRUCTOR Common Information Security Threats Information is one of the biggest and most important assets an organization has. This information is what drives a company, such as Bank of America, to be profitable and retain a customer’s trust. Without the customer’s trust, an organization will lose those customers, and therefore will be unsuccessful. So, in order to manage information securely, a risk assessment of all data storage devices and data transmitters should be produced to weigh the potential risks involved, the vulnerabilities of the risks, the impact the risks may cause, and the mitigation needed to safeguard any threats from occurring. The most well known, and one of the biggest threats to information loss are undoubtedly viruses, Trojan horses, and worms. These threats are no longer only considered childish annoyances as they once were. They can cause serious damage to an organization whether it’s financially, or to their reputation. Often referred to as malware, which means malicious code, these programs infect information systems that can replicate at a rapid rate by exploiting vulnerabilities in a computer’s operating system or network. These malicious tools can be used to steal company data, destroying information completely, or bringing down an entire corporation to its knees. In addition to malware, Distributed Denial of Service (DDoS)......

Words: 1137 - Pages: 5

Security Threats

...Project Part 1: Current Security Threats The top three security threats that Aim Higher College faces are the following: * Mobile devices connecting to the network * Social Media * Compromised routers intercepting sensitive information These threats are the most common that any college faces. The threats have remained at the top of the list every year for a variety of reasons. This list of threats is also unique to college campuses. I will discuss each of the threats in this report. College students love new technology and each year smaller and more powerful devices are hitting the market. Students on the campus have a variety of devices ranging from cell phones, tablets, and laptops. These devices connect to the campus network and are used by students to check email, class schedules, get grades, and many other uses. The challenge is to allow these devices the necessary access and still have a secure network. Each device has to be checked for viruses, spyware, and other types of malware while still maintaining the C-I-A triad. A balance must be found between usability and security. Each time a remote device is connected to the network there is a possibility that the network can be compromised by one these devices. Every device should be authenticated, scanned, and identified. The use of social media has increased in recent years. Students and teachers both use things like Facebook, Myspace, and others. These applications have the potential to transmit......

Words: 589 - Pages: 3

Common Information Security Threat

...Common Information Security Threat Name School Class   Common Information Security Threat There are hundreds and thousands of different organizations in the world and many of them have similar threats that an organization in the Casino & Resort industry would face. The Casino & Resort industry faces Information Technology threats across the board from external attacks on their website, internal attacks, and data corruption or misuse of data. The majority of companies that exist today would face these same risks due to the use of internet and trying to make everything more convenient for the customer. Computer viruses are an issue for all companies in the world because either they use information systems within their own business or they do business with companies that use information systems. The Resort & Gaming industry deals a tremendous amount with information systems from their Hotel Management System, Ticketing System, Casino System, Point of Sale System, and Food and Beverage System. Not everyone realizes the different systems an organization uses much less the risks that they face. In a twenty-four hour period it is not uncommon for the enterprise anti-virus solution to clean over a thousand threats. These threats could come from email, websites, removable storage devices, or other entry points. Distributed Denial of Service (DDoS) attacks are something that people have to worry about who host websites. DDoS attacks are internet based attacks which flood a......

Words: 1066 - Pages: 5