+1-817-968-5551
+61-488-839-671
+44-7480-542904About Expert
Key Topics
Requirement
Objective: Assess the vulnerabilities of an organization's hardware and software systems, transmission media, local area networks, wide area networks, enterprise networks, Intranets, and its use of the Internet to cyber intrusions.
Competencies: Critical thinking
Instructions: In 8 -10 double-spaced pages develop arguments:
How to model and determine threats and How to conduct vulnerability assessment.
The paper should be based on leading industry practices and include at a minimum complete strategies of modeling threats and assessing vulnerabilities, the reasons why these are good strategies, the impact of threats and vulnerabilities on organizations and how organizations can best address its potential impacts.
Illustrations (figures) should be included in explaining and supporting your arguments. Experiments data should be included while possible.
Solution
INTRODUCTION
All the organizations and institutions all over the world are under threat from security issues driven by the IT systems installed in them. As IT infrastructure has emerged as the most strategic resource for an organization with the advancement of technology and globalization, they are all the more vulnerable to destruction and sabotage. IT vulnerabilities can be caused by numerous reasons and the sources of such deviances originate from both internal and external sources (Alhazmi, O., Malaiya, Y., & Ray, I., 2007). An IT infrastructure consists of several sections which incorporate operating systems, networks, computer systems, wireless technologies, software applications, the Intranet, and other threat vectors. Broadly the diverse types of IT security issues can be classified into seven major categories: software, hardware, data, network, physical, personnel, and administration. The security issues have caused disastrous effects to various operations of the business which has raised serious concerns regarding this topic. It is evident that lack of security undermines the stability of IT/IS systems with dire consequences in many cases. This article tries to make a critical analysis of various aspects of IT/ITES threats that are prevalent all over the world and the counter measures that are being followed to insulate ourselves from such unwanted intrusions. It also takes into concern the interconnected nature of today’s world which makes the system all the more vulnerable to threat since one portion of an IT infrastructure is dependant or interlinked with another portion. Even if a section of the IT infrastructure mentioned above is not affected or well protected from outside invasion its dependability on other functions can damage it and lead to its dysfunction. At last the article makes an attempt to chart out a future path regarding the development of a seamless and smooth IT infrastructure in any organization (Barrett, 2009).
Do you have no idea how to write your Information Technology assignment? Then consider contacting Allassignmenthelp.com for assistance. Our professionals have extensive experience and always deliver well-researched bioinformatics assignments. The main advantage of getting information systems homework help from our website is timely delivery. We never miss a deadline for an assignment.
NATURE OF INFORMATION TECHNOLOGY
Information Technology which is more popular with its abbreviated term IT is a broad word to represent a wide gamut of subjects which are basically intertwined with one other but serve crucial functions and they can be listed as namely, hardware, software, and telecommunication networks. IT has a wide influence on the everyday working of a person or an organization and often includes the functions of internet, electronics and telecommunications as well. All in all IT should be regarded as the elixir which can transform the process, function and management of an organization, institution or an entire country.
In this respect, IT is a bit different from IS which has to bring under its umbrella a lot of other aspects as well. However it has been seen that traditionally they are used synonymously especially in the western countries but there should be a strict line to demarcate the functionality of the two since ICT encompasses a wide-ranging set of technologies and services including the computing industry, electronic data processing and related services, telecommunication and services, the Internet, and related services; and audio visual equipment and services. IT is concerned with computer systems and related services, software, networks and ancillary equipment, telecommunications and related resources and services. A robust and efficient security is central for IT to perform its role of facilitating acquisition, storage, processing, movement, management, and manipulation of data. As there have been several researches conducted regarding the reach of IT and its allied services there has been a consensus that broadly three things should be compulsorily brought under IT which includes computer systems, networks and telecommunications. Over the years it has been seen empirically that IT has become inevitable. As more and more organizations are resorting to these network based technologies there are increased scope of vulnerabilities which take new shape every now and then. Some of the security can be broadly classified into hazards like piracy of server content, modification or destruction of data, hardware vandalism, software piracy, and network sabotage. However this is just the tip of the iceberg and can these disasters can take any form or shape which may even be difficult to predict earlier (Chen, R., Hsieh, C., & Huang, Y. , 2010).
THREAT ANALYSIS OF IT SYSTEMS:
As per theory vulnerability is defined as the weakness or flaw that exists in the IT infrastructure system which is targeted by the mal practitioners. This deficiency is majorly exploited to get hands on private data which are of considerable interest to the concerned party. It is generally believed that IT systems are developed on platforms or architecture where one or two weak links are always left behind which is exploited to breach the security of such systems. Deficiency in these IT systems can be represented through several methods which are architectural, procedural, and structural. Programming errors, network errors, operation errors, compatibility errors, and configuration errors are some of the popular instances of weak links or vulnerabilities which are exploited. However it is accepted that vulnerabilities arise from the close interaction among numerous systems which can range from operating system, sever processor, to content or file system (Artail, H; Safa, H; Sraj, M; Kuwatly, I; & Al-Masri, Z., 2006).
As time elapses there are more and more reports of security breaches or challenges which are being viewed as a serious threat. These challenges has evolved over the years as the business eco-system has changed drastically in the era of globalization and the intent of the perpetrators are evolving so that they are becoming very difficult to track down. From the fear of forced access to physical entities hosting computer systems to unauthorized remote access to IT assets, the changes in techniques and tools have been markedly innovative. If we take a look at the empirical data available then it reveals that it has increased exponentially from 171 to 7326 over a span of 15 years from 1992 to 2007. A close analysis of these breach of IT system security has presented us with the crucial information that these unscrupulous activities can be identified under four main treats: interception, interruption, modification, and fabrication.
Apart from these threats there are other hazards including disclosure, and deletion of information and revelation of secret data to unauthorized people, and vandalism of hardware, software and/or record. Standard vulnerabilities include under its umbrella unavoidable calamities, man-made force majeure, wasteful activities, improper usage, faulty operation, and fraud. Threats can stem from numerous sources which can be both internal and external. Regarding internal attacks, following classification can be done namely: stealing of personal data, unintentional or harmless intrusion, sabotage, theft, malwares, and monitoring without permission. These attacks can be premeditated, deliberate or malevolent. Internal security issues can be broadly classified into (1) Possible intentional, (2) potential accidental threat, (3) suspicious and (4) harmless. It is important to keep in mind that the stature and scale of threat that can be posed by an insider is much higher than that can be done by an outsider. An insider has accurate knowledge about all the systems that are prevailing in an organization can use to its advantage while sabotaging the IT systems of the company. A computer crime and security survey was conducted in 2010-11 where it was revealed that most of the attacks are dominated by malware infections which approximately constitute around 67.1 per cent of the intrusions. If there is a meaningful approach towards combatting this threat then it should be followed in the following ways which include (1) encryption, (2) access control, (3) minimum privilege, and (4) monitoring, auditing and reporting (Report., 2005).
As we have talked in detail about the internal threats the IT infrastructure is also subjected to certain external threats which range from physical breaches to partner networks. Some of the examples of external attacks include eavesdropping, routing table overflow, routing cache poisoning, routing maintenance, data forwarding, wormhole, sinkhole, byzantine, selfish nodes, external denial of service, internal denial of service, spoofing, Sybil, badmouthing, and flattering. With the advent of globalization IT systems of organizations are more intricately connected with the ability to remotely access systems. All these prove extremely detrimental to the safety and security of systems which are working on connected networks. This also raises the issue of implementing advance detection facilities which might need a significant upfront investment but in the long run it pays off since it mitigates other attacks or breaches.
PEER-TO-PEER APPLICATIONS:
Peer-to peer applications are the weakest link in an organization’s IT infrastructure since they are involved with VOIP and file sharing services which have extreme possibility of security threat by getting exposed to malicious worms, unknown viruses, and other types of malware. P2P applications ubiquitously enable file sharing which are not legal and open the gateway for the entry of diverse kinds of worms (Hoffer, J.A., George, J.F., & Valacich, J.S., 2011).
WIRELESS TECHNOLOGIES:
Wireless systems such as Bluetooth and Wi-Fi are some of the technologies which are very superficially protected from outside threats and breaches. They are attached very easily by the hackers or mal practitioners and considered to be the soft targets for getting any data. Some of the unsecure wireless technologies or devices enlist the following like mobile wireless phone, wireless laptop, Personal Digital Assistant, SMS, MMS, LAN, VPN, and WAN which can be easily intruded and important data stored in theme can be destructed. Selective jamming is one of the techniques which has become extremely popular in the recent years for hacking through wireless devices however nowadays a wide gamut of anti-jamming processes have evolved which include channel surfing strategy, spatial retreats strategy, and jamming-resistant MAC protocol and SPREAD system, RFReact, and internal adversary model. In short all these methodologies insist on countering jamming with the help of jamming (Colwill, 2010).
SECURITY COUNTER MEASURES:
As an outcome of the above discussions it can be stated that any attack on IT infrastructure has a multidimensional aspect to it. These can take place at any sector or level of the organization which includes browser level, server level, TCP/IP level, cloud level or intricate hardware level. For example, Microsoft Vista was plagued with so much breaches that several institutions comprising of the Charlotte-Mecklenburg Schools (CMS) ignored their technology. With the intention of restricting unauthorized interception or unauthorized modification of data, several counter steps need to be taken. These protective measures are taken mostly to prevent such mishap or even if it happens it would minimize the cost of the damage. Some of the protective measures that can be thought of includes virus scanners, firewalls, security patches, password change control systems, and a range of other technologies. Furthermore, encryptions, virus detection and prevention programs, and physical and virtual honeypots are further advanced methods to insulate one’s IT systems (Waclawsky, 2006).
RECOMMENDATIONS:
As the number of instances for security breach is increasing a plethora of solutions have been thought about. It is accepted throughout the industry that a single remedy for an umbrella of problems is impossible to find. The baby steps towards rationalizing the security systems can be taken with the help of enhancing access controls, legislation, system monitoring, threat analysis capabilities, system and network configuration, and education about security risks. An integrated approach with hybrid processes is one of the solution that can be thought of in such a complex business environment.
Access Controls: A Biometric Approach – A breakthrough development in the field of security measures has been the adoption of biometric control which has taken the IT world to much enthusiasm. Biometric identification is a simple and smooth process of identification. Moreover it is highly encrypted which does not allow any user to easily breach into the system to collect information. Some of the more common and traditional authentication techniques involve Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Access Matrix. Although there is debate about the magnitude of efficacy of each of these processes there is a general consensus that they mostly enable in security of data.
CONCLUSION:
At the last leg of this detailed analysis it is justified to mention that IT has taken the world to new dimensions as well as posed new challenges to overcome. This article undergoes a thorough analysis of the various aspects of the IT infrastructure and systems which enable the organizations to achieve growth and profitability as well as undergo cost optimization. Some these also emerge as a disruptive technology and change the entire business model for the industry. However all these positives are also marred with disadvantages which mainly consist of data breach and security issue. However there are numerous ways being found to mitigate these threats in the quest to build a better world.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderReferences
-
Alhazmi, O., Malaiya, Y., & Ray, I. (2007). Measuring, analyzing and predicting security vulnerabilities in software systems. Computers and Security, 219-228.
-
Artail, H; Safa, H; Sraj, M; Kuwatly, I; & Al-Masri, Z. (2006). A hybrid honeypot framework for improving intrusion detection systems inprotecting organizational networks. Computers and Security,, 274-288.
-
Barrett, S. (2009). Information systems: An exploration of factors influencing effective use. Journal of Research on Computing in Education, 4-16.
-
Chen, R., Hsieh, C., & Huang, Y. . (2010). An isolation intrusion detection system for hierarchical wireless sensor networks. Journal of Networks, 335-342.
-
Colwill, C. (2010). Human factors in information security: The insider threat- Who can you trust these days? Information Security Technical Report, 186-196.
-
Hoffer, J.A., George, J.F., & Valacich, J.S. (2011). Modern Systems Analysis and Design. New Jersey: rentice Hall: Englewood Cliffs.
-
Report., G. (2005). Emerging cybersecurity issues threaten federal information systems. Information Security, 1-72.
-
Waclawsky, J. G. (2006). P2P: The next wave of Internet evolution. Business Communications Review, 48-53.
Give your grades a boost
Just share your requirements and get customized solutions on time.
-
1,168,768 Orders
-
4.9/5 Overall Rating
-
5,052 Experts
