4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-de7b-4272-9f10-575e7c09e6… 1/4
%77
SafeAssign Originality Report
Spring 2020 - Emerging Threats & Countermeas (ITS-834-54)(ITS-834-… • Final research paper
%77Total Score: High riskSharath Kumar Dasari
Submission UUID: 70b554c4-5d3a-02b1-8878-68739542fe9b
Total Number of Reports
1
Highest Match
77 %
Final_Research Paper.docx
Average Match
77 %
Submitted on
04/18/20
06:02 PM PDT
Average Word Count
732
Highest: Final_Research Paper.docx
%77Attachment 1
Institutional database (12)
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 732
Final_Research Paper.docx
8 5 1
10 4 7
6 9 12
11 3 2
8 Student paper 5 Student paper 1 Student paper
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=7796a37b-de7b-4272-9f10-575e7c09e613&course_id=_114598_1&download=true&includeDeleted=true&print=true&force=true
Smallpdf User
Highlight
Sharath Kumar Dasari
Smallpdf User
Highlight
Sharath Kumar Dasari
4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-de7b-4272-9f10-575e7c09e6… 2/4
Source Matches (22)
Student paper 97% Student paper 77%
Running head: RESEARCH PAPER 2
Defense-In-Depth & Awareness 2
Research Paper - Defense-In-Depth & Awareness
ITS-834 Emerging threats and countermeasures
Sharath Kumar Dasari
University of Cumberland’s
Dr. Giovanni Silvestri
04/18/2020
Basically, this exploration paper will spread out some significant techniques of mindfulness and the barrier inside and out to recognize developing dangers and
reinforce countermeasures. In the event that one considers it, the entire simple space has moved into computerized area in recent years, and the start of this cutting-
edge topic with simulated intelligence (Man-made consciousness) and propelled conventions has indicated exponential development. Be that as it may, we didn't
figure the expense of hazard and dangers joining these trendsetting innovations of the computerized world, which can be alarming for the national foundation (Yang,
Wang, and Zhang, 2016). As individuals don't have legitimate familiarity with the dangers and measures to recognize the cybersecurity issues, they can't take
proper activities to manage it. Keeping this circumstance and some disturbing digital assaults as a top priority, this paper plans to make one mindful of some
basic dangers and propelled procedures to watchful the circumstance alongside conceivable counter strides against the risk. (Foltyn, 2018). In this paper, I have
introduced a review of mindfulness and location procedures alongside t ...
6/21/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=6d3212a4-b0a4-44b2-afd8-56ae47ca2c6b&course_id=_… 1/5
%46
%5
SafeAssign Originality Report
Summer 2020 - Emerging Threats & Countermeas (IT… • Final research paper/project/assignment
%51Total Score: High risk
Vikeshkumar Dipakkumar Desai
Submission UUID: e2f632c2-fdcf-616b-51d7-5a4eb8187331
Total Number of Reports
1
Highest Match
51 %
Document8.docx
Average Match
51 %
Submitted on
06/21/20
03:48 PM PDT
Average Word Count
1,276
Highest: Document8.docx
%51Attachment 1
Institutional database (5)
Student paper Student paper Student paper
Student paper Student paper
Internet (3)
lplanet hack-ed wikipedia
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 1,276
Document8.docx
1 3 4
2 5
7 6 8
1 Student paper 3 Student paper 4 Student paper
Running head: DEFENSE-IN-DEPTH AND AWARENESS TECHNIQUES
1
Running head: DEFENSE-IN-DEPTH AND AWARENESS TECHNIQUES
4
Defense-in-Depth and Awareness Techniques
Vikesh Desai
University of Cumberlands
Defense-in-Depth and Awareness Techniques
Awareness is one of the essential aspects in most of the organization, which requires a high magnitude to address comprehensively in all sections.
The depth in defense is more paramount to ensure that the organizations are comprehensively and effectively protect their system from the cyber-
attack activities. The most crucial strategy to deploy is two strategic systems that enhance the high degree of security instead of implementing one
security system. Various organizations have taken into account the defense in depth very crucial. Still, the organizations demanded to incorporate
their awareness through the provision of comprehensive educations to the employees and the workers in the organizations concerning the vital
measures that should be taken into account to curb security issues and develop holistic values taken into account. Most of the organizations are
known not to take the awareness as pressing issues that demand high consideration for the process of protecting and enhancing the security to be
tight. For any organization to protect their system from the cybercrime attack, they need to embrace situational awareness so that they can compre-
hensively develop strategic interventions that enable them to improve and assist in the detection of the up and coming threats as well as the
1
1
1
1
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=6d3212a4-b0a4-44b2-afd8-56ae47ca2c6b&course_id=_116194_1&download=true&includeDeleted=true&print=true&force=true
6/21/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=6d3212a4-b0a4-44b2-afd8-56ae47ca2c6b&course_id=_… 2/5
Source Matches (23)
strengthens that countermeasures the cybercrime activities. To me.
12022, 929 AM Originality Reporthttpsucumberlands.blBenitoSumpter862
1/20/22, 9:29 AM Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=a17e712f-fe4f-437d-b00e-ba5879e7983f&course_id=_… 1/3
%51
%11
SafeAssign Originality Report
Spring 2022 - Operations Security (ISOL-631-A01) - First Bi-Term •
%62Total Score: High risk
Total Number of Reports
1
Highest Match
62 %
DepartmentOfDeforcef.docx
Average Match
62 %
Submitted on
01/19/22
02:05 PM CST
Average Word Count
500
Highest: DepartmentOfDeforcef.docx
%62Attachment 1
Institutional database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Internet (2)
jissec rand
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 500
DepartmentOfDeforcef.docx
2 3 7
6 4 1
5 8
2 Student paper 3 Student paper 7 Student paper
4
S
Introduction
The business considerations to the security policy frameworks include data integrity, data availability, and physical security (Drezner et al.,2020). Data integrity
enhances the protection of sensitive data whose purpose is to avoid unauthorized access by people who violate compliance with data security laws and hinder the
firm's productivity. The active directory and the group's policy can be implemented and arranged in a manner that only the users who are mandated with the execu-
tion of duties in the system are allowed to access the system (Anton et al., 2019). Secondly is the data availability, which ensures that the data is made available to an
authorized individual with minor obstacles. This can be enhanced through the availability of backup servers, backup routers, battery power backups, regular data
backup, and update of the regular system (Anton et al., 2019). The update of the regular system is meant to limit the downtimes and swiftness of the data networks.
Thirdly, physical security deals with enhancing the safety of the assets to avoid the loss of personal devices that store sensitive information of the organization.
Physical security can be implemented by creating a secured room that will offer protection to the information technology devices that carry sensitive information
(Herath et al., 2009). DOD frameworks Business considerations.
Network segmentation The network should be designed so that only weapon-related activities are allowed.
Continuous monitoring framework A framework of 24/7 monitoring and a protocol of swift notification of unusual activities should be created.
Visibility framework Establish a high level of visibility that will extend to weapon systems, thus restricting the hacking of the unguarded weapon.
Rationale Due to the sophistication of the modern cyber-attacks, which have been growing on a daily basis, there has been no feasibility of past responses to the cyber
threat. The department of defense experienced a great number of appealing target, and thus enforcement of standards above the threats needs to be considere ...
12022, 929 AM Originality Reporthttpsucumberlands.blCicelyBourqueju
1/20/22, 9:29 AM Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=a17e712f-fe4f-437d-b00e-ba5879e7983f&course_id=_… 1/3
%51
%11
SafeAssign Originality Report
Spring 2022 - Operations Security (ISOL-631-A01) - First Bi-Term •
%62Total Score: High risk
Total Number of Reports
1
Highest Match
62 %
DepartmentOfDeforcef.docx
Average Match
62 %
Submitted on
01/19/22
02:05 PM CST
Average Word Count
500
Highest: DepartmentOfDeforcef.docx
%62Attachment 1
Institutional database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Internet (2)
jissec rand
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 500
DepartmentOfDeforcef.docx
2 3 7
6 4 1
5 8
2 Student paper 3 Student paper 7 Student paper
4
S
Introduction
The business considerations to the security policy frameworks include data integrity, data availability, and physical security (Drezner et al.,2020). Data integrity
enhances the protection of sensitive data whose purpose is to avoid unauthorized access by people who violate compliance with data security laws and hinder the
firm's productivity. The active directory and the group's policy can be implemented and arranged in a manner that only the users who are mandated with the execu-
tion of duties in the system are allowed to access the system (Anton et al., 2019). Secondly is the data availability, which ensures that the data is made available to an
authorized individual with minor obstacles. This can be enhanced through the availability of backup servers, backup routers, battery power backups, regular data
backup, and update of the regular system (Anton et al., 2019). The update of the regular system is meant to limit the downtimes and swiftness of the data networks.
Thirdly, physical security deals with enhancing the safety of the assets to avoid the loss of personal devices that store sensitive information of the organization.
Physical security can be implemented by creating a secured room that will offer protection to the information technology devices that carry sensitive information
(Herath et al., 2009). DOD frameworks Business considerations.
Network segmentation The network should be designed so that only weapon-related activities are allowed.
Continuous monitoring framework A framework of 24/7 monitoring and a protocol of swift notification of unusual activities should be created.
Visibility framework Establish a high level of visibility that will extend to weapon systems, thus restricting the hacking of the unguarded weapon.
Rationale Due to the sophistication of the modern cyber-attacks, which have been growing on a daily basis, there has been no feasibility of past responses to the cyber
threat. The department of defense experienced a great number of appealing target, and thus enforcement of standards above the threats needs to be considere ...
This article was published in Education Technology Insights in June 2019. Because the publisher didn’t include my references, this document is shared to provide the article’s references cited.
https://education-security.educationtechnologyinsights.com/cxoinsights/defending-your-institution-against-ransomware-attacks-nid-646.html
The Custom Defense Against Targeted AttacksTrend Micro
Advanced persistent threats (APTs) and targeted attacks have a proven ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. We review challenges faced by information security leaders, their options for dealing with attackers and how to a Custom Defense approach to deploy a comprehensive Detect—Analyze—Adapt—Respond lifecycle that enhances current security investments while providing new weapons to fight back against their attackers.
Southwestern Business Administration JournalVolume 16 Is.docxrosemariebrayshaw
Southwestern Business Administration Journal
Volume 16 | Issue 1 Article 1
2017
Leveraging Decision Making in Cyber Security
Analysis through Data Cleaning
Chen Zhong
Hong Liu
Awny Alnusair
Follow this and additional works at: https://digitalscholarship.tsu.edu/sbaj
Part of the Business Administration, Management, and Operations Commons, E-Commerce
Commons, Entrepreneurial and Small Business Operations Commons, Management Information
Systems Commons, Marketing Commons, Organizational Behavior and Theory Commons, and the
Real Estate Commons
This Article is brought to you for free and open access by Digital Scholarship @ Texas Southern University. It has been accepted for inclusion in
Southwestern Business Administration Journal by an authorized editor of Digital Scholarship @ Texas Southern University. For more information,
please contact [email protected]
Recommended Citation
Zhong, Chen; Liu, Hong; and Alnusair, Awny (2017) "Leveraging Decision Making in Cyber Security Analysis through Data
Cleaning," Southwestern Business Administration Journal: Vol. 16 : Iss. 1 , Article 1.
Available at: https://digitalscholarship.tsu.edu/sbaj/vol16/iss1/1
https://digitalscholarship.tsu.edu/sbaj?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj/vol16?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj/vol16/iss1?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj/vol16/iss1/1?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/623?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/624?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/624?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/630?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/636?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/636?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/638?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
ht.
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeriaijtsrd
This article looks at corporate agility from indicators such as sensing agility, decision making agility, acting agility or practice. It went on to review what cyber security awareness entails by stating some of the most possible threat that people encountered on a daily bases. The article identify poor management of cyber security solutions provided by modern internet security experts in the form of difficulty of tracing the cyber crime attackers, limited cybercrime laws, and limited IT security knowledge among internet users as the problems that the study addresses. Theory of protection motivation was used primarily to explain cyber security awareness, and how and when a user adopts adaptive behaviors. The article conclude that cyber security awareness is more important now than it has ever been before and that threats to personal and corporate information are increasing and identities are getting stolen every day. The article recommend that government, deposit money banks, users, mass media and manager should introduce and enforce cybercrime laws, train ,offers advices and create more awareness among their staff and clients of the organization on the need to be aware of internet threat and be careful in their dealings on a daily bases. Dr. Agbeche Aaron "Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd47613.pdf Paper URL : https://www.ijtsrd.com/management/other/47613/cyber-security-awareness-and-corporate-agility-of-deposit-money-banks-in-nigeria/dr-agbeche-aaron
Risk management plan
Executive Summary
The past few decades have seen technological evolutions on a rapid scale with the growth of the industry taking over the world by storm. Governments and companies alike are investing in further research and development of futuristic technologies in order to work towards a more efficient future in terms of productivity and task automation. The evolution of computers and powerful technologies being made available to the public with them having high processing power and some being small, powerful and portable has led to people having information in their hands, literally.
However, with the advantages of the recently introduced technologies, there still are threats brought about by the same since they have raised privacy and other security concerns as well as health concerns associated with a number of the devices. This paper is aimed at identification of strategies to handle risks which may arise from the continuous development of new technologies (Galati, 2015). Comment by Schneider, Paul: This is the only sentence in this summary which focuses on the paper, and it does a very poor job of previewing everything that the reader will see in this paper.
Project Summary
Scope Comment by Schneider, Paul: This section tells me nothing about the scope for your project. What are the task/activities needed to successfully complete your project?
This report is important in analysis of the importance of information technologies being managed and security implemented since with their introduction, most companies have taken them up therefore the need to prevent attacks via technologies implemented. Critical processes in business are reliant to information technologies therefore need for safeguarding them against hacking attacks among other similar threats relating to information technologies.
Milestones Comment by Schneider, Paul: This section tells me nothing about the milestones for your project. When does the project start? When does the project end? What are all of the milestones between the start & end?
All businesses especially in a technologically growing and depend world need to learn the vulnerabilities posed by the developments as well as methods which can be used to control or curb them. Most companies have successfully put in place firewalls and administrators of networks to monitor, analyze and notify of irregularities which may cause a breach to sensitive company information.
Cost Constraints Comment by Schneider, Paul: Very poor job.
In implementation of security within information technologies, there are costs involved, some being one off and others being recurrent however all serving the same purpose. Costs inclusive in implementation of security protocols are such as purchase as hardware and software offering security such as firewalls, antiviruses, antimalware programs and programs for detection of network intrusions. Costs can also arise from contracting an external organization to ...
6/21/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=6d3212a4-b0a4-44b2-afd8-56ae47ca2c6b&course_id=_… 1/5
%46
%5
SafeAssign Originality Report
Summer 2020 - Emerging Threats & Countermeas (IT… • Final research paper/project/assignment
%51Total Score: High risk
Vikeshkumar Dipakkumar Desai
Submission UUID: e2f632c2-fdcf-616b-51d7-5a4eb8187331
Total Number of Reports
1
Highest Match
51 %
Document8.docx
Average Match
51 %
Submitted on
06/21/20
03:48 PM PDT
Average Word Count
1,276
Highest: Document8.docx
%51Attachment 1
Institutional database (5)
Student paper Student paper Student paper
Student paper Student paper
Internet (3)
lplanet hack-ed wikipedia
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 1,276
Document8.docx
1 3 4
2 5
7 6 8
1 Student paper 3 Student paper 4 Student paper
Running head: DEFENSE-IN-DEPTH AND AWARENESS TECHNIQUES
1
Running head: DEFENSE-IN-DEPTH AND AWARENESS TECHNIQUES
4
Defense-in-Depth and Awareness Techniques
Vikesh Desai
University of Cumberlands
Defense-in-Depth and Awareness Techniques
Awareness is one of the essential aspects in most of the organization, which requires a high magnitude to address comprehensively in all sections.
The depth in defense is more paramount to ensure that the organizations are comprehensively and effectively protect their system from the cyber-
attack activities. The most crucial strategy to deploy is two strategic systems that enhance the high degree of security instead of implementing one
security system. Various organizations have taken into account the defense in depth very crucial. Still, the organizations demanded to incorporate
their awareness through the provision of comprehensive educations to the employees and the workers in the organizations concerning the vital
measures that should be taken into account to curb security issues and develop holistic values taken into account. Most of the organizations are
known not to take the awareness as pressing issues that demand high consideration for the process of protecting and enhancing the security to be
tight. For any organization to protect their system from the cybercrime attack, they need to embrace situational awareness so that they can compre-
hensively develop strategic interventions that enable them to improve and assist in the detection of the up and coming threats as well as the
1
1
1
1
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=6d3212a4-b0a4-44b2-afd8-56ae47ca2c6b&course_id=_116194_1&download=true&includeDeleted=true&print=true&force=true
6/21/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=6d3212a4-b0a4-44b2-afd8-56ae47ca2c6b&course_id=_… 2/5
Source Matches (23)
strengthens that countermeasures the cybercrime activities. To me.
12022, 929 AM Originality Reporthttpsucumberlands.blBenitoSumpter862
1/20/22, 9:29 AM Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=a17e712f-fe4f-437d-b00e-ba5879e7983f&course_id=_… 1/3
%51
%11
SafeAssign Originality Report
Spring 2022 - Operations Security (ISOL-631-A01) - First Bi-Term •
%62Total Score: High risk
Total Number of Reports
1
Highest Match
62 %
DepartmentOfDeforcef.docx
Average Match
62 %
Submitted on
01/19/22
02:05 PM CST
Average Word Count
500
Highest: DepartmentOfDeforcef.docx
%62Attachment 1
Institutional database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Internet (2)
jissec rand
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 500
DepartmentOfDeforcef.docx
2 3 7
6 4 1
5 8
2 Student paper 3 Student paper 7 Student paper
4
S
Introduction
The business considerations to the security policy frameworks include data integrity, data availability, and physical security (Drezner et al.,2020). Data integrity
enhances the protection of sensitive data whose purpose is to avoid unauthorized access by people who violate compliance with data security laws and hinder the
firm's productivity. The active directory and the group's policy can be implemented and arranged in a manner that only the users who are mandated with the execu-
tion of duties in the system are allowed to access the system (Anton et al., 2019). Secondly is the data availability, which ensures that the data is made available to an
authorized individual with minor obstacles. This can be enhanced through the availability of backup servers, backup routers, battery power backups, regular data
backup, and update of the regular system (Anton et al., 2019). The update of the regular system is meant to limit the downtimes and swiftness of the data networks.
Thirdly, physical security deals with enhancing the safety of the assets to avoid the loss of personal devices that store sensitive information of the organization.
Physical security can be implemented by creating a secured room that will offer protection to the information technology devices that carry sensitive information
(Herath et al., 2009). DOD frameworks Business considerations.
Network segmentation The network should be designed so that only weapon-related activities are allowed.
Continuous monitoring framework A framework of 24/7 monitoring and a protocol of swift notification of unusual activities should be created.
Visibility framework Establish a high level of visibility that will extend to weapon systems, thus restricting the hacking of the unguarded weapon.
Rationale Due to the sophistication of the modern cyber-attacks, which have been growing on a daily basis, there has been no feasibility of past responses to the cyber
threat. The department of defense experienced a great number of appealing target, and thus enforcement of standards above the threats needs to be considere ...
12022, 929 AM Originality Reporthttpsucumberlands.blCicelyBourqueju
1/20/22, 9:29 AM Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=a17e712f-fe4f-437d-b00e-ba5879e7983f&course_id=_… 1/3
%51
%11
SafeAssign Originality Report
Spring 2022 - Operations Security (ISOL-631-A01) - First Bi-Term •
%62Total Score: High risk
Total Number of Reports
1
Highest Match
62 %
DepartmentOfDeforcef.docx
Average Match
62 %
Submitted on
01/19/22
02:05 PM CST
Average Word Count
500
Highest: DepartmentOfDeforcef.docx
%62Attachment 1
Institutional database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Internet (2)
jissec rand
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 500
DepartmentOfDeforcef.docx
2 3 7
6 4 1
5 8
2 Student paper 3 Student paper 7 Student paper
4
S
Introduction
The business considerations to the security policy frameworks include data integrity, data availability, and physical security (Drezner et al.,2020). Data integrity
enhances the protection of sensitive data whose purpose is to avoid unauthorized access by people who violate compliance with data security laws and hinder the
firm's productivity. The active directory and the group's policy can be implemented and arranged in a manner that only the users who are mandated with the execu-
tion of duties in the system are allowed to access the system (Anton et al., 2019). Secondly is the data availability, which ensures that the data is made available to an
authorized individual with minor obstacles. This can be enhanced through the availability of backup servers, backup routers, battery power backups, regular data
backup, and update of the regular system (Anton et al., 2019). The update of the regular system is meant to limit the downtimes and swiftness of the data networks.
Thirdly, physical security deals with enhancing the safety of the assets to avoid the loss of personal devices that store sensitive information of the organization.
Physical security can be implemented by creating a secured room that will offer protection to the information technology devices that carry sensitive information
(Herath et al., 2009). DOD frameworks Business considerations.
Network segmentation The network should be designed so that only weapon-related activities are allowed.
Continuous monitoring framework A framework of 24/7 monitoring and a protocol of swift notification of unusual activities should be created.
Visibility framework Establish a high level of visibility that will extend to weapon systems, thus restricting the hacking of the unguarded weapon.
Rationale Due to the sophistication of the modern cyber-attacks, which have been growing on a daily basis, there has been no feasibility of past responses to the cyber
threat. The department of defense experienced a great number of appealing target, and thus enforcement of standards above the threats needs to be considere ...
This article was published in Education Technology Insights in June 2019. Because the publisher didn’t include my references, this document is shared to provide the article’s references cited.
https://education-security.educationtechnologyinsights.com/cxoinsights/defending-your-institution-against-ransomware-attacks-nid-646.html
The Custom Defense Against Targeted AttacksTrend Micro
Advanced persistent threats (APTs) and targeted attacks have a proven ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. We review challenges faced by information security leaders, their options for dealing with attackers and how to a Custom Defense approach to deploy a comprehensive Detect—Analyze—Adapt—Respond lifecycle that enhances current security investments while providing new weapons to fight back against their attackers.
Southwestern Business Administration JournalVolume 16 Is.docxrosemariebrayshaw
Southwestern Business Administration Journal
Volume 16 | Issue 1 Article 1
2017
Leveraging Decision Making in Cyber Security
Analysis through Data Cleaning
Chen Zhong
Hong Liu
Awny Alnusair
Follow this and additional works at: https://digitalscholarship.tsu.edu/sbaj
Part of the Business Administration, Management, and Operations Commons, E-Commerce
Commons, Entrepreneurial and Small Business Operations Commons, Management Information
Systems Commons, Marketing Commons, Organizational Behavior and Theory Commons, and the
Real Estate Commons
This Article is brought to you for free and open access by Digital Scholarship @ Texas Southern University. It has been accepted for inclusion in
Southwestern Business Administration Journal by an authorized editor of Digital Scholarship @ Texas Southern University. For more information,
please contact [email protected]
Recommended Citation
Zhong, Chen; Liu, Hong; and Alnusair, Awny (2017) "Leveraging Decision Making in Cyber Security Analysis through Data
Cleaning," Southwestern Business Administration Journal: Vol. 16 : Iss. 1 , Article 1.
Available at: https://digitalscholarship.tsu.edu/sbaj/vol16/iss1/1
https://digitalscholarship.tsu.edu/sbaj?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj/vol16?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj/vol16/iss1?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj/vol16/iss1/1?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
https://digitalscholarship.tsu.edu/sbaj?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/623?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/624?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/624?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/630?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/636?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/636?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
http://network.bepress.com/hgg/discipline/638?utm_source=digitalscholarship.tsu.edu%2Fsbaj%2Fvol16%2Fiss1%2F1&utm_medium=PDF&utm_campaign=PDFCoverPages
ht.
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeriaijtsrd
This article looks at corporate agility from indicators such as sensing agility, decision making agility, acting agility or practice. It went on to review what cyber security awareness entails by stating some of the most possible threat that people encountered on a daily bases. The article identify poor management of cyber security solutions provided by modern internet security experts in the form of difficulty of tracing the cyber crime attackers, limited cybercrime laws, and limited IT security knowledge among internet users as the problems that the study addresses. Theory of protection motivation was used primarily to explain cyber security awareness, and how and when a user adopts adaptive behaviors. The article conclude that cyber security awareness is more important now than it has ever been before and that threats to personal and corporate information are increasing and identities are getting stolen every day. The article recommend that government, deposit money banks, users, mass media and manager should introduce and enforce cybercrime laws, train ,offers advices and create more awareness among their staff and clients of the organization on the need to be aware of internet threat and be careful in their dealings on a daily bases. Dr. Agbeche Aaron "Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd47613.pdf Paper URL : https://www.ijtsrd.com/management/other/47613/cyber-security-awareness-and-corporate-agility-of-deposit-money-banks-in-nigeria/dr-agbeche-aaron
Risk management plan
Executive Summary
The past few decades have seen technological evolutions on a rapid scale with the growth of the industry taking over the world by storm. Governments and companies alike are investing in further research and development of futuristic technologies in order to work towards a more efficient future in terms of productivity and task automation. The evolution of computers and powerful technologies being made available to the public with them having high processing power and some being small, powerful and portable has led to people having information in their hands, literally.
However, with the advantages of the recently introduced technologies, there still are threats brought about by the same since they have raised privacy and other security concerns as well as health concerns associated with a number of the devices. This paper is aimed at identification of strategies to handle risks which may arise from the continuous development of new technologies (Galati, 2015). Comment by Schneider, Paul: This is the only sentence in this summary which focuses on the paper, and it does a very poor job of previewing everything that the reader will see in this paper.
Project Summary
Scope Comment by Schneider, Paul: This section tells me nothing about the scope for your project. What are the task/activities needed to successfully complete your project?
This report is important in analysis of the importance of information technologies being managed and security implemented since with their introduction, most companies have taken them up therefore the need to prevent attacks via technologies implemented. Critical processes in business are reliant to information technologies therefore need for safeguarding them against hacking attacks among other similar threats relating to information technologies.
Milestones Comment by Schneider, Paul: This section tells me nothing about the milestones for your project. When does the project start? When does the project end? What are all of the milestones between the start & end?
All businesses especially in a technologically growing and depend world need to learn the vulnerabilities posed by the developments as well as methods which can be used to control or curb them. Most companies have successfully put in place firewalls and administrators of networks to monitor, analyze and notify of irregularities which may cause a breach to sensitive company information.
Cost Constraints Comment by Schneider, Paul: Very poor job.
In implementation of security within information technologies, there are costs involved, some being one off and others being recurrent however all serving the same purpose. Costs inclusive in implementation of security protocols are such as purchase as hardware and software offering security such as firewalls, antiviruses, antimalware programs and programs for detection of network intrusions. Costs can also arise from contracting an external organization to ...
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
A Time of Great Risk: The Time Between Compromise and Mitigation
In most organizations today, threat detection is based on various security sensors that attempt to look for anomalous behavior or for known signatures of malicious activity. These sensors include firewalls, intrusion detection/prevention systems (IDS/IPS), application gateways, anti- virus/anti-malware, endpoint protection, and more. They operate at and provide visibility into all layers of the IT stack.
A review: Artificial intelligence and expert systems for cyber securitybijejournal
Artificial intelligence (AI) and expert systems are essential and vital tools to counter potentially dangerous threats
in cyber security. The protection of data requires skilled cyber security technicians for various types of roles. The
essential role of an expert system is to monitor the threats and assist the technician to strengthen security. The
system uses various datasets like a machine and deep learning as well as reinforced learning in order to make
intelligent decisions. The Internet of Things (IoT) is one of the major concerns for cyber security because it is
potentially the second most likely vulnerable link in the cyber security environment because an attacker can easily
gain access to the system by breaching any IoT device that is connected to the system. Still human is the strongest
and potentially the weakest link in the cyber security environment. This review intends to present AI and expert
systems for cyber security
Classmate 1Cybersecurity risk can be characterized as the ris.docxbartholomeocoombs
Classmate 1:
Cybersecurity risk can be characterized as the risk emerging from pernicious electronic or Non-electronic occasions influencing information innovation assets of firms, regularly bringing about the disturbance of business and budgetary misfortune. The significance of cybersecurity has become in the course of the most recent couple of decades with the fast development of electronic gadgets and the web (Biener, Eling, and Wirfs, 2015). Physical items where information and information were utilized to be put away, for example, records, floppy plates, and tapes are not, at this point utilized and practically all individuals store their own and work information electronically now.
Information is put away in a confined private system at work while at home individuals store their private information, for example, photographs, messages, and so on in their messages or even or cloud administrations, for instance, the Apple cloud where Apple iPhone clients will have their information continually upheld. This individual information may contain by and by recognizable information too, for example, the information that can be contained in an individual driver's permit, for example, date of birth, address (Fazlida, and Said, 2015). For the assailants, PII information is truly significant and thus they target global organizations where they could get this PII information effectively which can be connected with the client's record and their installment information.
We see a great deal of cyber-assault happening to global organizations, for example, Target and Home-stop along these lines. From a mechanical standpoint, firms regularly share associated risks and vulnerabilities of being penetrated together because of the use of normal security advances and the availability of PC systems. In the above articulation, we can see that all organizations have risks and vulnerabilities in their system which should be appropriately redesigned and checked to be made sure about. We additionally observe government databases being hacked from remote nationals to pick up the necessary information or PII of assets they are quick to acquire (Biener, Eling, and Wirfs, 2015). In this manner, we can say that cybersecurity isn't only a business danger yet, in addition, a matter of national security.
As an IT administrator, there are a few different ways I would attempt to deal with the IT risks inside my organization (Pei-Yu, Kataria, and Krishnan, 2011):
1. I would initially do a constant risk evaluation and distinguish the risks which are generally essential and touchy to the organization and make a rundown of basic resources, recognized risks, and future potential risks that would be tended to. The prioritizations of these risks are significant and likewise to include the administration about this.
2. The risk proprietors can possess the organized risks and work with the group to relieve these risks and record it. The most noteworthy risks are to be killed first.
With the advent of the internet, cyber-attacks are changing rapidly and the security situation on the internet is not always optimistic. Machine Learning (ML) and In-depth Learning (DL) methods for community-based access to entry and present a quick teaching definition of the entire ML/DL method. Representative papers all the way have been listed, read, and summarized primarily based on their temporary or thermal interactions. Because information is critical to ML/DL strategies, it describes the amount of commonly used public databases used in ML/DL, discusses the complexities of using ML/DL for Internet protection and provides guidelines for course guides. KDD a set of information is a symbol of standing that is widely recognized within the study of the Acquisition strategies. A lot of work is underway to develop innocent identification strategies as information courses used to read and test the diagnostic version are equally problematic because high-quality information can improve offline access. This paper provides a KDD knowledge test set by recognizing the 4 Basic Courses, Content, Traffic and Handling in which all information attributes can be categorized using the Modified Random Forest (MRF). The test was completed by identifying the remaining 2 metric metrics, Visual Rate (DR) and False Noise Scale (FAR) of the Intervention Detection System (IDS). As a result of this evidence-based evaluation of the data set, the contribution of all 4 character studies in DR and FAR has been proven to help determine the validity of the information set.
This paper discusses the question of optimizing security decisions in an organization, based on the information provided by the technical security infrastructure.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
Holistic Cyber Risk Management Programs in the Financial Industry Must "Predict and Prevent" in Today's Complex Threat Environment, says new White Paper.
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
Today threat landscape growing at the rapid rate with much organization continuously face complex and malicious cyber threats. In today's Internet connected world where technologies support almost every feature of our society, cyber security and forensic specialists are increasingly distributing with wide ranging cyber threats in almost. real time conditions. The capability to detect, analyze, and defend against such threats in near real time conditions is not possible without the employment of threat intelligence, big data, and machine learning techniques. Cyber Threat Intelligence CTI has become a hot topic and being under consideration for many organizations to counter the rise of cyber attacks. The vast majority of information security challenges we face today are the result of serendipitous and naive decisions made in the early stages of the Internet. Khin Myat Nwe Win | Yin Myo Kay Khine Thaw "Information Sharing of Cyber Threat Intelligence with their Issue and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26504.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26504/information-sharing-of-cyber-threat-intelligence-with-their-issue-and-challenges/khin-myat-nwe-win
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...ijtsrd
The rapid proliferation of mobile applications has revolutionized the way individuals interact with technology, offering unprecedented convenience and connectivity. However, this ubiquity has brought about a corresponding surge in cybersecurity vulnerabilities, posing significant risks to user data and privacy. This research paper presents a comprehensive study aimed at fortifying the security of mobile applications through a holistic approach. By analyzing a diverse range of applications across various industries, we identify and categorize common vulnerabilities that undermine the integrity of these platforms. Our research underscores the critical importance of addressing these vulnerabilities and presents a novel risk assessment framework to quantify potential threats. Leveraging a blend of meticulous code reviews, dynamic analysis, and simulated attack scenarios, we provide developers with actionable insights to enhance security measures effectively. Additionally, we offer a set of best practices and guidelines to guide the implementation of robust security protocols during mobile application development. The culmination of our research is a multifaceted methodology that empowers developers to not only identify and rectify vulnerabilities but also proactively build resilient mobile applications. By bridging the gap between cybersecurity theory and practical implementation, this study contributes to a safer digital landscape for mobile users, fostering trust and security in an increasingly interconnected world. Smitraj Gaonkar | Sanjay Indrale "Enhancing Cybersecurity for Mobile Applications: A Comprehensive Analysis, Threat Mitigation, and Novel Framework Development" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-7 | Issue-5 , October 2023, URL: https://www.ijtsrd.com/papers/ijtsrd59967.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/59967/enhancing-cybersecurity-for-mobile-applications-a-comprehensive-analysis-threat-mitigation-and-novel-framework-development/smitraj-gaonkar
Application Threat Modeling In Risk ManagementMel Drews
How to perform threat modeling of software to protect your business, critical assets and communicate your message to your boss and the Board of Directors
Analysis of personal information security behavior and awareness.docxdaniahendric
Analysis of personal information security behavior and awareness
It's a developing portion of human security that aims at raising awareness concerning the dangers of fast-evolving information forms and emerging threats to the info which focuses on human character. Since threats have developed and information is developing value, attackers have upgraded their abilities and extended to broader intentions. Also, more means of making the attacks have as well developed (Öğütçü, Testik & Chouseinoglou, 2016). The attacks have evolved to circumvent processes and controls. Aggressors have focused and effectively exploited the character of humans to breach relevant infrastructure schemes and corporate networks. Individual who are unaware about the threats may circumvent traditional processes and security controls and cause organization breach. In reply, information security awareness is growing.
The main aim of the concept in the discussion is to enhance awareness to everyone and inform that they can be a victim of the threats and risk any time. Information security consciousness responds to developing cyber-attacks. Most of the time, people assume that security it's all about technical controls (Ki-Aries & Faily, 2017). But the fact is that people are the targets and the character they possess can cause risk or offer countermeasures in response to threats and risks. Awareness metrics are increasing at a high rate to know and amount people threat landscape. The increase also aims at reducing risks associated with organizations and weigh the effectiveness and expense of awareness as the countermeasure.
Most of the organizations don't invest a lot in information security. Few organizations pay attention to security issues. They tend to assume all is well so long as they have a password in their systems. However, this not trust because if an attack occurs, such kind of organization is likely to suffer a lot. Security is an essential plan any organization can adopt to minimize security threats resulting from workers. Awareness plan assists associates to understand that security it's not personal responsibility but everyone's' responsibility. Everyone should be careful when it comes to security because nobody can choose to be a victim, but they only find themselves (Ki-Aries & Faily, 2017). Employees should be accountable for the actions done under their empathies. Security awareness enforces effective means of how business computers can be handled.
A policy developed should give awareness about social media and other types of virus. Workers should be aware of necessary to be followed when using computers. Alternatively, Companies can plan to form interactive sessions for every worker to get to understand more about their security. Such kind of interactive sessions entails consciousness about new risks and measure to overcome them. The program of awareness won't be gainful if no punishment for those who violate rules. Employees who don't adhere to the pr ...
1. Report contentThe report should demonstrate your understa.docxblondellchancy
1. Report content
The report should demonstrate your understanding of good project management and health and safety management as appropriate within the context of your chosen project and event.
The report will present the context/background of the chosen project, describe the project, and present student’s critical reflection and thoughts on the management of one particular event/issue of project. The impacts of the event/issue on (1) people, (2) cost, (3) time, (4) health and safety, (5) sustainability, and (6) Ethics will be explored. Using the theory and tools presented in the lectures across the module as well as their own independent research, students should suggest and discuss solutions to (1) overcome the challenges and manage the risks associated with the event/issue, and (2) improve the efficiency, sustainability and ethics of the management of the event/issue.
Appendices and references must be used to demonstrate study that has been undertaken and to provide sources for points made in the body of the report. This will include copies of any individual or group student work undertaken during the module.
The student should refer to the learning materials and readings provided across the module, but are also recommended to give appropriate regard to any additional useful material available online in terms of theory and practice.
.
1. Research the assessment process for ELL students in your state. W.docxblondellchancy
1. Research the assessment process for ELL students in your state. What is the process your district goes through to properly identify students for ESL program placement?
2. Planning for effective instruction is the key to academic success for students. Using data to inform instruction is a regular process. Discuss how teachers can use longitudinal data along with other formative classroom assessments to design effective instruction.
200-300
.
More Related Content
Similar to 4182020 Originality Reporthttpsucumberlands.blackboar.docx
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
A Time of Great Risk: The Time Between Compromise and Mitigation
In most organizations today, threat detection is based on various security sensors that attempt to look for anomalous behavior or for known signatures of malicious activity. These sensors include firewalls, intrusion detection/prevention systems (IDS/IPS), application gateways, anti- virus/anti-malware, endpoint protection, and more. They operate at and provide visibility into all layers of the IT stack.
A review: Artificial intelligence and expert systems for cyber securitybijejournal
Artificial intelligence (AI) and expert systems are essential and vital tools to counter potentially dangerous threats
in cyber security. The protection of data requires skilled cyber security technicians for various types of roles. The
essential role of an expert system is to monitor the threats and assist the technician to strengthen security. The
system uses various datasets like a machine and deep learning as well as reinforced learning in order to make
intelligent decisions. The Internet of Things (IoT) is one of the major concerns for cyber security because it is
potentially the second most likely vulnerable link in the cyber security environment because an attacker can easily
gain access to the system by breaching any IoT device that is connected to the system. Still human is the strongest
and potentially the weakest link in the cyber security environment. This review intends to present AI and expert
systems for cyber security
Classmate 1Cybersecurity risk can be characterized as the ris.docxbartholomeocoombs
Classmate 1:
Cybersecurity risk can be characterized as the risk emerging from pernicious electronic or Non-electronic occasions influencing information innovation assets of firms, regularly bringing about the disturbance of business and budgetary misfortune. The significance of cybersecurity has become in the course of the most recent couple of decades with the fast development of electronic gadgets and the web (Biener, Eling, and Wirfs, 2015). Physical items where information and information were utilized to be put away, for example, records, floppy plates, and tapes are not, at this point utilized and practically all individuals store their own and work information electronically now.
Information is put away in a confined private system at work while at home individuals store their private information, for example, photographs, messages, and so on in their messages or even or cloud administrations, for instance, the Apple cloud where Apple iPhone clients will have their information continually upheld. This individual information may contain by and by recognizable information too, for example, the information that can be contained in an individual driver's permit, for example, date of birth, address (Fazlida, and Said, 2015). For the assailants, PII information is truly significant and thus they target global organizations where they could get this PII information effectively which can be connected with the client's record and their installment information.
We see a great deal of cyber-assault happening to global organizations, for example, Target and Home-stop along these lines. From a mechanical standpoint, firms regularly share associated risks and vulnerabilities of being penetrated together because of the use of normal security advances and the availability of PC systems. In the above articulation, we can see that all organizations have risks and vulnerabilities in their system which should be appropriately redesigned and checked to be made sure about. We additionally observe government databases being hacked from remote nationals to pick up the necessary information or PII of assets they are quick to acquire (Biener, Eling, and Wirfs, 2015). In this manner, we can say that cybersecurity isn't only a business danger yet, in addition, a matter of national security.
As an IT administrator, there are a few different ways I would attempt to deal with the IT risks inside my organization (Pei-Yu, Kataria, and Krishnan, 2011):
1. I would initially do a constant risk evaluation and distinguish the risks which are generally essential and touchy to the organization and make a rundown of basic resources, recognized risks, and future potential risks that would be tended to. The prioritizations of these risks are significant and likewise to include the administration about this.
2. The risk proprietors can possess the organized risks and work with the group to relieve these risks and record it. The most noteworthy risks are to be killed first.
With the advent of the internet, cyber-attacks are changing rapidly and the security situation on the internet is not always optimistic. Machine Learning (ML) and In-depth Learning (DL) methods for community-based access to entry and present a quick teaching definition of the entire ML/DL method. Representative papers all the way have been listed, read, and summarized primarily based on their temporary or thermal interactions. Because information is critical to ML/DL strategies, it describes the amount of commonly used public databases used in ML/DL, discusses the complexities of using ML/DL for Internet protection and provides guidelines for course guides. KDD a set of information is a symbol of standing that is widely recognized within the study of the Acquisition strategies. A lot of work is underway to develop innocent identification strategies as information courses used to read and test the diagnostic version are equally problematic because high-quality information can improve offline access. This paper provides a KDD knowledge test set by recognizing the 4 Basic Courses, Content, Traffic and Handling in which all information attributes can be categorized using the Modified Random Forest (MRF). The test was completed by identifying the remaining 2 metric metrics, Visual Rate (DR) and False Noise Scale (FAR) of the Intervention Detection System (IDS). As a result of this evidence-based evaluation of the data set, the contribution of all 4 character studies in DR and FAR has been proven to help determine the validity of the information set.
This paper discusses the question of optimizing security decisions in an organization, based on the information provided by the technical security infrastructure.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
Holistic Cyber Risk Management Programs in the Financial Industry Must "Predict and Prevent" in Today's Complex Threat Environment, says new White Paper.
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
Today threat landscape growing at the rapid rate with much organization continuously face complex and malicious cyber threats. In today's Internet connected world where technologies support almost every feature of our society, cyber security and forensic specialists are increasingly distributing with wide ranging cyber threats in almost. real time conditions. The capability to detect, analyze, and defend against such threats in near real time conditions is not possible without the employment of threat intelligence, big data, and machine learning techniques. Cyber Threat Intelligence CTI has become a hot topic and being under consideration for many organizations to counter the rise of cyber attacks. The vast majority of information security challenges we face today are the result of serendipitous and naive decisions made in the early stages of the Internet. Khin Myat Nwe Win | Yin Myo Kay Khine Thaw "Information Sharing of Cyber Threat Intelligence with their Issue and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26504.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26504/information-sharing-of-cyber-threat-intelligence-with-their-issue-and-challenges/khin-myat-nwe-win
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...ijtsrd
The rapid proliferation of mobile applications has revolutionized the way individuals interact with technology, offering unprecedented convenience and connectivity. However, this ubiquity has brought about a corresponding surge in cybersecurity vulnerabilities, posing significant risks to user data and privacy. This research paper presents a comprehensive study aimed at fortifying the security of mobile applications through a holistic approach. By analyzing a diverse range of applications across various industries, we identify and categorize common vulnerabilities that undermine the integrity of these platforms. Our research underscores the critical importance of addressing these vulnerabilities and presents a novel risk assessment framework to quantify potential threats. Leveraging a blend of meticulous code reviews, dynamic analysis, and simulated attack scenarios, we provide developers with actionable insights to enhance security measures effectively. Additionally, we offer a set of best practices and guidelines to guide the implementation of robust security protocols during mobile application development. The culmination of our research is a multifaceted methodology that empowers developers to not only identify and rectify vulnerabilities but also proactively build resilient mobile applications. By bridging the gap between cybersecurity theory and practical implementation, this study contributes to a safer digital landscape for mobile users, fostering trust and security in an increasingly interconnected world. Smitraj Gaonkar | Sanjay Indrale "Enhancing Cybersecurity for Mobile Applications: A Comprehensive Analysis, Threat Mitigation, and Novel Framework Development" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-7 | Issue-5 , October 2023, URL: https://www.ijtsrd.com/papers/ijtsrd59967.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/59967/enhancing-cybersecurity-for-mobile-applications-a-comprehensive-analysis-threat-mitigation-and-novel-framework-development/smitraj-gaonkar
Application Threat Modeling In Risk ManagementMel Drews
How to perform threat modeling of software to protect your business, critical assets and communicate your message to your boss and the Board of Directors
Analysis of personal information security behavior and awareness.docxdaniahendric
Analysis of personal information security behavior and awareness
It's a developing portion of human security that aims at raising awareness concerning the dangers of fast-evolving information forms and emerging threats to the info which focuses on human character. Since threats have developed and information is developing value, attackers have upgraded their abilities and extended to broader intentions. Also, more means of making the attacks have as well developed (Öğütçü, Testik & Chouseinoglou, 2016). The attacks have evolved to circumvent processes and controls. Aggressors have focused and effectively exploited the character of humans to breach relevant infrastructure schemes and corporate networks. Individual who are unaware about the threats may circumvent traditional processes and security controls and cause organization breach. In reply, information security awareness is growing.
The main aim of the concept in the discussion is to enhance awareness to everyone and inform that they can be a victim of the threats and risk any time. Information security consciousness responds to developing cyber-attacks. Most of the time, people assume that security it's all about technical controls (Ki-Aries & Faily, 2017). But the fact is that people are the targets and the character they possess can cause risk or offer countermeasures in response to threats and risks. Awareness metrics are increasing at a high rate to know and amount people threat landscape. The increase also aims at reducing risks associated with organizations and weigh the effectiveness and expense of awareness as the countermeasure.
Most of the organizations don't invest a lot in information security. Few organizations pay attention to security issues. They tend to assume all is well so long as they have a password in their systems. However, this not trust because if an attack occurs, such kind of organization is likely to suffer a lot. Security is an essential plan any organization can adopt to minimize security threats resulting from workers. Awareness plan assists associates to understand that security it's not personal responsibility but everyone's' responsibility. Everyone should be careful when it comes to security because nobody can choose to be a victim, but they only find themselves (Ki-Aries & Faily, 2017). Employees should be accountable for the actions done under their empathies. Security awareness enforces effective means of how business computers can be handled.
A policy developed should give awareness about social media and other types of virus. Workers should be aware of necessary to be followed when using computers. Alternatively, Companies can plan to form interactive sessions for every worker to get to understand more about their security. Such kind of interactive sessions entails consciousness about new risks and measure to overcome them. The program of awareness won't be gainful if no punishment for those who violate rules. Employees who don't adhere to the pr ...
Similar to 4182020 Originality Reporthttpsucumberlands.blackboar.docx (20)
1. Report contentThe report should demonstrate your understa.docxblondellchancy
1. Report content
The report should demonstrate your understanding of good project management and health and safety management as appropriate within the context of your chosen project and event.
The report will present the context/background of the chosen project, describe the project, and present student’s critical reflection and thoughts on the management of one particular event/issue of project. The impacts of the event/issue on (1) people, (2) cost, (3) time, (4) health and safety, (5) sustainability, and (6) Ethics will be explored. Using the theory and tools presented in the lectures across the module as well as their own independent research, students should suggest and discuss solutions to (1) overcome the challenges and manage the risks associated with the event/issue, and (2) improve the efficiency, sustainability and ethics of the management of the event/issue.
Appendices and references must be used to demonstrate study that has been undertaken and to provide sources for points made in the body of the report. This will include copies of any individual or group student work undertaken during the module.
The student should refer to the learning materials and readings provided across the module, but are also recommended to give appropriate regard to any additional useful material available online in terms of theory and practice.
.
1. Research the assessment process for ELL students in your state. W.docxblondellchancy
1. Research the assessment process for ELL students in your state. What is the process your district goes through to properly identify students for ESL program placement?
2. Planning for effective instruction is the key to academic success for students. Using data to inform instruction is a regular process. Discuss how teachers can use longitudinal data along with other formative classroom assessments to design effective instruction.
200-300
.
1. Review the three articles about Inflation that are of any choice..docxblondellchancy
1. Review the three articles about Inflation that are of any choice.
2. Locate two JOURNAL articles which discuss this topic further. You need to focus on the Abstract, Introduction, Results, and Conclusion. For our purposes, you are not expected to fully understand the Data and Methodology.
3. Summarize these journal articles. Please use your own words. No copy-and-paste. Cite your sources. in 1200 words
.
1. Read the RiskReport to see what requirements are.2. Read the .docxblondellchancy
1. Read the RiskReport to see what requirements are.
2. Read the Interim Risk Assessment to see the current state of paper that needs to be revised.
3. Use the RiskReport and the details below on what is missing to revise paper.
Feedback on changes needed to the Risk Assessment Plan
Risk Assessment Plan: Purpose does not make reference to BRI at all. Provide context. Scope, assumptions and constraints appear reasonable, but you can add an assumption or constraint regarding budget.
Need to elaborate on how risk is determine using the qualitative approach.
1. Title
IT Security Risk Assessment
2. Introduction
You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations.
A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats.
In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive review of the agency’s information security controls and identified numerous issues.
The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations.
This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action.
Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to-date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive .
1. Quantitative According to the scoring criteria for the BAI, .docxblondellchancy
1. Quantitative: According to the scoring criteria for the BAI, a score of 21 or below indicates very low anxiety. What percentage of each group’s scores falls below that clinical cutoff?
Qualitative: Based on the qualitative responses, what percentage of the participants articulated a feeling of improvement?
.
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docxblondellchancy
1. Prof. Lennart Van der Zeil’s theorem says that any programming language is
complete
if it can be used to write a program to compute any computable number.
a. What is a computable number?
b. What is a non-computable number?
c. If all existing programming languages are complete why do we need more than one?
2. Two methodologies are used to transform programs written in a
source language
(also known as a
programmer-oriented language
, or a horizontal language, or a high-level language) into a
target language
(also known as a machine language, or a vertical language, or a low-level language). There is a static method called
translation
and a dynamic method called
interpretation
. Yet FORTRAN while 98% static ., uses interpretation for the Formatted I/O statement, similarly COBOL uses interpretation for the MOVE and MOVE CORRESPONDING statements; on the other hand, Java is fully interpretative except that in some programs and certain data sets it may invoke a JIT (Just In Time) compiler to execute a bit of static code
. Why do language designers mix these modalities if either is complete?
Hint: This is a long question with a short answer.
3. C and C++ store numerical arrays (matrices) in
row major
order and each index range must begin with 0; whereas FORTRAN stores arrays in
column major
order and the (default) index range starts (almost always) with 1. Engineers and scientists are often faced with the problem of converting a working program, or much more often a subroutine, from one language to another. Unfortunately, due to the index range difference (0 to n-1) in C/C++ and (1 to N) in FORTRAN, viewing one array as simply the transpose of the other will not suffice. What steps would you take to convert such a subroutine to compute the product of two matrices A(N,M) and B(M,N) to produce C(N,N) from FORTRAN to C++?
4. What was the major reason Jim Gosling invented Java? Did he succeed?
5. What are the four major features of C++ that were eliminated in Java? Why were they taken out? Why do we not miss them?
6. What was Kim Polese’ role at SUN Microsystems and why did she think Java should be positioned as a general purpose computer programming language? How did she accomplish this truly incredible feat, not done since Captain (later Admiral) Grace Murray Hopper, USN standardized COBOL in the early 1960s.
7. Describe briefly the role of women in the development of computer programming and computer programming languages. (Ada Lovelace, Betty Holberton, Grace Hopper, Mandaly Grems, Kim Polese, Laura Lemay)
8. What are the pros and cons of overloaded operators in C++? Java has only one, what is it?
9. State your own arguments for allowing mixed mode arithmetic statements. (See Ch 7)
10. What is BNF and why are meta-languages like BNF and EBNF used?
.
1. Review the results of your assessment using the explanation.docxblondellchancy
1. Review the results of your assessment using the explanation below.
2. Write at least 200 words describing the results, how you learn best, and how you will modify your study techniques to fit your learning style.
What do the results mean? Barbara Soloman, Coordinator of Advising, First Year College, North Carolina State University explains:
· Active Learners: tend to retain and understand information best by doing something active with it like discussing or explaining it to others. They enjoy group work.
· Reflective Learners: prefer to think about it quietly first. They prefer to work alone.
· Sensing Learners: tend to like learning facts. They are patient with details and good at memorizing things. They are practical and careful.
· Intuitive Learners: prefer discovering possibilities and relationships. They are good at grasping new concepts and are comfortable with abstractions and mathematical formulations. They are innovative and creative.
· Visual Learners: remember best what they see--pictures, diagrams, flowcharts, timelines, films, and demonstrations.
· Verbal Learners: get more out of words--written and spoken explanations. Everyone learns more when information is presented both visually and verbally.
· Sequential Learners: tend to gain understanding in linear steps, with each step following logically from the previous one. They follow logical steps when finding solutions.
· Global Learners: Global learners tend to learn in large jumps, absorbing material almost randomly without seeing connections, and then suddenly "getting it." They may be able to solve complex problems quickly or put things together in novel ways once they have grasped the big picture, but they may have difficulty explaining how they did it.
.
1. Search the internet and learn about the cases of nurses Julie.docxblondellchancy
1. Search the internet and learn about the cases of nurses Julie Thao and Kimberly Hiatt.
2. List and discuss lessons that you and all healthcare professionals can learn from these two cases.
3. Describe how the principle of beneficence and the virtue of benevolence could be applied to these cases. Do you think the hospital administrators handled the situations legally and ethically?
4. In addition to benevolence, which other virtues exhibited by their colleagues might have helped Thao and Hiatt?
5. Discuss personal virtues that might be helpful to second victims themselves to navigate the grieving process.
All discussion boards should be submitted in APA style (7th edition
.
1. Qualitative or quantitative paperresearch required(Use stati.docxblondellchancy
1. Qualitative or quantitative paper/research required(Use statistics and numbers or facts.
2. Apply Statistics, numbers, research
3. Primary Sources explained
4. APA Formatting(Do not use the word “I”, do not use opinions in papers do not use “we”or pronouns)
5. Write a 5 page paper (8 in total-cover page and reference page), you can go over
APA FORMAT
5 scholarly sources
.
1. Prepare a one page paper on associative analysis. You may researc.docxblondellchancy
1. Prepare a one page paper on associative analysis. You may research the internet for more information. Please double space your paper and cite your sources.
2.
Prepare a one page paper on decision trees or discriminant analysis. You may compare the two. You may research the Internet for more information.
Please double space your paper and cite your sources.
APA format.
.
1. Prepare a comparative table in which you contrast the charact.docxblondellchancy
1. Prepare a comparative table in which you contrast the characteristics and details of the origins and development of social work in the United States, Europe, Latin America and the Caribbean. Bring your comparison chart to the workshop to participate in a collaborative activity. The student will identify the most significant historical events in the United States that influenced the development and evolution of the Social Work profession.
2. Look for information on the following agencies:
1. National Association of Social Workers (NASW)
2. International Federation of Social Work (IFSW)
3. Association of Social Work Boards (ASWB)
4. Council on Social Work Education (CSWE)
Be prepared to participate in a collaborative activity during the workshop.
3. Write a reflective essay of at least two pages, and elaborate on the following aspects:
1. What is the current state of Social Work in the United States?
2. What do you focus on and what are the functions of current (modern) social work in the United States?
3. Explain the historical events that impacted the different ways of practicing social work.
Remember that an essay is made up of three basic parts: introduction, body or middle, and conclusion. In a reflective essay, the student must effectively combine the concepts and foundations of the discipline of study (definitions, history, prominent figures) with their experiences applicable to the topic of discussion or the guiding questions.
.
1. Portfolio part II a) APRN protocol also known as collab.docxblondellchancy
1.
Portfolio part II
a) APRN protocol also known as collaborative agreement with supervising physician(s).
b.) business proposal (refer to portfolio explanation/examples found on your BB lecture section.
There is an example of a business proposal. Use the example to create a brief business proposal with no more than two pages word or power point as your choice;
c.) Create a LinkedIn page and send me a proof of you creating the link.
.
1. Post the link to one news article, preferably a piece of rece.docxblondellchancy
1. Post the link to
one
news article, preferably a piece of recent news (2 points)
2. Explain
A) Which concepts (in which chapters) we learn in class is this news related to (4 points).
B) Specifically, how this concept is demonstrated in the news in your perspective (11 points).
.
1. Please explain fixed and flexible budgeting. Provide an examp.docxblondellchancy
1. Please explain fixed and flexible budgeting. Provide an example of budgeting for three
consecutive periods in which safety margin is included for flexibility
2. Explain statement of cash flows proforma and its significance in budgeting. Provide a
hypothetical example of a statement of cash flows in a manufacturing enterprise.
.
1. Open and print the Week 6 Assignment.2. The assignment .docxblondellchancy
1. Open and print the "Week 6 Assignment".
2. The assignment has four parts: A, B, C, and D.
(Part A has been created for use of the Access program where the data source recipients are to be created. However, if you do not have the Access program then you will need to create the data source recipients with the Excel program before you begin keying the letters for the mail merge. Also, If you are using Excel then be certain to create the label headers in each column with the data source recipient information beneath the headers. Whether you use Access or Excel you MUST save the data source in the Week 6 folder in which you will upload.
If you do not save the data source recipients in the folder then I am not able to grade your assignment
.)
3. Create a folder: [your last name]-Week6 (be sure to save to a disk device/hard drive NOT the desktop area.)
5. Complete the assignment as instructed and Save all work in [your last name]-Week6 folder.
6. Zip the folder and upload in the Week 6 Assignment Upload. DO NOT ATTACH THE FOLDER TO EMAIL, IT WILL NOT BE ACCEPTED. I will review the assignment and send you comments about the graded work.
.
1. Plato’s Republic takes as its point of departure the question of .docxblondellchancy
1. Plato’s Republic takes as its point of departure the question of the nature of:
A. JusticeB. ImmortalityC. TimeD. Equality
2. The most accurate way to describe Thrasymachus’ intervention onto the scene in Book I is:
A. He maintains that happiness is unattainable.B. He maintains that only the gods are just. C. He maintains that justice is the advantage of the strong.D. He maintains that justice and injustice are figments of the imagination.
3. In Book I, Thrasymachus’ ironic argument ad hominem is :
A. Socrates needs a wet-nurse.B. Socrates is ugly.C. Socrates should put himself to bed.D. Socrates should not have gone to last night’s banquet.
4. In Book II, Glaucon tells the myth of a ring, the point of which is to illustrate:
A. That we prize material goods above all else.B. That the rich decide what is just and unjust.C. That anyone will commit injustice when they can get away without punishment.D. That myth-telling is essential to philosophy.
5. In Book III, Socrates suggests the city adopt a noble lie, according to which:
A. There are three sorts of beings: humans, angels, and demons.B. Into our natures were mixed one of three metals: gold, silver, or bronze. C. Everyone will live virtuously in a just city.D. The just city lasts forever.
.
1. Objective Learn why and how to develop a plan that encompasses a.docxblondellchancy
1. Objective: Learn why and how to develop a plan that encompasses all components of a security system.
Use the information found at http://nces.ed.gov/pubs98/safetech/chapter5.asp
to research how determining possible physical threats may affect the choice of physical security countermeasures while planning new or updated security systems.
2. Objective: Determine the placement of physical barriers in integration with other components of the security system.
Research the different types of physical barriers and how they fit the needs of different types of facilities. Use the information found at
http://www.fs.fed.us/t-d/phys_sec/deter/index.htm.
APA Format , references & citations.
.
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docxblondellchancy
1. Open the attached “Excel Assignment.xlsx” file and name it “LastName_FirstInitial - Excel Assignment.xlsx”. 2. Set the page orientation to landscape. Change the student name(s) to your name(s). 3. Wrap the text in the column headings A4:J4 and A14:H14 in Sheet 1 and set the column width to (approximately) 10 for columns B to J. 4. Calculate the Gross Pay (F5:F9) using the following formula: Pay Rate times Regular Hours plus 1.5 times Pay Rate times O/T Hours. 5. Display the Taxable Benefits (G5:I9) in the following way: apply a formula/function to allocate and return the appropriate weekly amount of Dental, Insurance, and Medical based on his/her Benefits Level and the corresponding taxable benefit to this code in Sheet 2. The assumptions, the taxable benefit rates, and the tax rates (all in Sheet 2) may be subject to changes, so all formulas should be created in a way so that they would reflect any changes in Sheet 2 automatically. 6. Calculate the Taxable Income (Gross Pay plus Taxable Benefits). 7. Use the Taxable Income (J5:J9) to automatically locate the Federal and Provincial Tax withholdings from the Tax Table on Sheet 2. For example: Federal Tax = Taxable Income * Federal Tax %. 8. Calculate the Employ. Insurance and Govt. Pension contributions based on the Gross Pay (Note: Gross Pay not Taxable Income). The contribution percentages are located in the Assumption area in Sheet 2. Calculate the Total Deductions as a sum of all deductions (Federal Tax, Provincial Tax, Employ. Insurance, and Govt. Pension). 9. Calculate the Net Amount by subtracting the Total Deductions from the Gross Pay. 10. Calculate the totals in B20:G20 11. Insert cheque number 121 in H15 and create a formula that will automatically number all the rest of cheques in sequence. 12. Format the title as Arial 16 pt., bold, italic and merge and centre it across columns A:J. 13. Format all dollar values as: number, 2 decimal places, 1,000 separators and no dollar sign. 14. Centre the contents of the Benefits Level (B5:B9) and the Cheque No. (H15:H19) columns. 15. Format the borders and headings as shown in the example below.
.
1. must be a research article from either pubmed or google scholar..docxblondellchancy
1. must be a research article from either pubmed or google scholar.
2. the article you select must have an abstract, introduction/ background, materials &methods, results, conclusion
3. summarize the article you selected
4. no plagiarism
5. must include reference
.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
2. 732
Highest: Final_Research Paper.docx
%77Attachment 1
Institutional database (12)
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 732
Final_Research Paper.docx
8 5 1
10 4 7
6 9 12
11 3 2
8 Student paper 5 Student paper 1 Student paper
https://ucumberlands.blackboard.com/webapps/mdb-sa-
4. Dr. Giovanni Silvestri
04/18/2020
Basically, this exploration paper will spread out some
significant techniques of mindfulness and the barrier inside and
out to recognize developing dangers and
reinforce countermeasures. In the event that one considers it,
the entire simple space has moved into computerized area in
recent years, and the start of this cutting-
edge topic with simulated intelligence (Man-made
consciousness) and propelled conventions has indicated
exponential development. Be that as it may, we didn't
figure the expense of hazard and dangers joining these
trendsetting innovations of the computerized world, which can
be alarming for the national foundation (Yang,
Wang, and Zhang, 2016). As individuals don't have legitimate
familiarity with the dangers and measures to recognize the
cybersecurity issues, they can't take
proper activities to manage it. Keeping this circumstance and
some disturbing digital assaults as a top priority, this paper
plans to make one mindful of some
basic dangers and propelled procedures to watchful the
circumstance alongside conceivable counter strides against the
risk. (Foltyn, 2018). In this paper, I have
introduced a review of mindfulness and location procedures
alongside the safeguard top to bottom like a typical system to
ensure basic assets on big business
arranges just as Supervisory Control and Information
Procurement (SCADA) and different procedure control subnets.
Moreover, there are some more
5. countermeasures which can be taken to make arrangements for
programming vulnerabilities: rectangular malignant
connections/IP addresses, each useless
port at the Firewall and Host, remain contemporary with all
running framework management/programming patches, by no
means proportion your secret phrase
comply with the measures for your affiliation's methods,
together with the Innovation manipulate Plan (TCP), Lead visit
computer evaluations - In a super world: every
day at any price: Week by using week, document interruption
endeavors, separate computer framework incidentally in case of
an extreme attack (Wyman, 2017).
The idea of Barrier Top to bottom isn't new-numerous
associations as of now utilize a large number of the Protection
Inside and out measures talked about in
this report inside their data innovation (IT) frameworks; be that
as it may, they don't really apply it to their ICS activities.
Previously, most associations didn't see a
need to do as such. Inheritance ICSs utilized cloud conventions
and were generally considered "hack-confirmation" in light of
their division from IT and on account of
having physical insurance quantifies set up. Be that as it may,
with its assembly and ICS models, late prominent interruptions
have featured the potential hazard
to control frameworks. The danger of an interruption by
malignant on-screen characters on a basic framework utilizing
PC based endeavors has additionally
developed. Various ongoing prominent episodes have expanded
attention to this danger and the people and gatherings who seek
after it with pernicious
6. expectation. The accessibility of ICS-explicit security
arrangements has not stayed aware of the mounting danger, so
associations must convey a hearty Guard Inside
and out arrangement making their frameworks ugly focuses on
would-be assailants. An association's cybersecurity system
ought to secure the advantages that it
regards basic to a fruitful activity. Lamentably, there are no
easy routes, basic arrangements, or "silver shot" usage to tackle
cybersecurity vulnerabilities inside basic
framework ICS. It requires a layered methodology known as
Protection Top to bottom (Bruijn, Janssen, 2017). Resistance
Inside and out as an idea started in military
technique to give obstructions to hinder the advancement of
gatecrashers from achieving their objectives while checking
their progress and creating and actualizing
reactions to the episode so as to repulse them. In the
cybersecurity worldview, Safeguard Inside and out associates to
an investigator and defensive estimates
intended to obstruct the advancement of a digital gatecrasher
while empowering an association to distinguish and react to the
interruption with the objective of
decreasing and relieving the results of a penetrate. References
Bruijn, Janssen, (2017). Building cybersecurity awareness: The
need for evidence-based Cyber-attacks: Protecting National
Infrastructure, 1st ed.
Chapter-10 Awareness and Chapter-6 Foltyn, (2018). US
government report highlights gaps in battle against botnets
framing strategies UC Library -Common
Cyber Threats: Indicators and Countermeasures
Wyman, (2017). Consider the consequences: A powerful
approach for reducing ICS cyber risk
8. 12
8
8
11
1
Student paper
Defense-In-Depth & Awareness 2
Original source
Awareness and Defense in Depth 2
2
Student paper
Research Paper - Defense-In-Depth &
Awareness
Original source
DEFENSE-IN-DEPTH &AWARENESS
4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-
BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-
de7b-4272-9f10-575e7c09e6… 3/4
9. Student paper 87%
Student paper 100%
Student paper 76%
Student paper 75%
Student paper 83%
Student paper 93%
Student paper 76%
Student paper 90%
Student paper 64%
Student paper 86%
Student paper 81%
3
Student paper
ITS-834 Emerging threats and
countermeasures
Original source
ITS – 834-03 Emerging Threats &
Countermeasures
4
10. Student paper
University of Cumberland’s
Original source
University of The Cumberland’s
5
Student paper
Basically, this exploration paper will
spread out some significant techniques
of mindfulness and the barrier inside
and out to recognize developing dangers
and reinforce countermeasures. In the
event that one considers it, the entire
simple space has moved into
computerized area in recent years, and
the start of this cutting-edge topic with
simulated intelligence (Man-made
consciousness) and propelled
conventions has indicated exponential
development.
Original source
This research paper will spread out some
significant techniques of the mindfulness
and the safeguard inside and out to
distinguish rising dangers and reinforce
countermeasures On the off chance that
one contemplates it, the entire simple
space has moved into computerized
11. space during recent years and the start
of this cutting-edge topic with AI and
propelled conventions has indicated
exponential development
6
Student paper
Be that as it may, we didn't figure the
expense of hazard and dangers joining
these trendsetting innovations of the
computerized world, which can be
alarming for the national foundation
(Yang, Wang, and Zhang, 2016).
Original source
Be that as it may, we didn't ascertain the
expense of hazard and dangers joining
these innovations of advanced world
which can be alarming for the national
framework
7
Student paper
As individuals don't have legitimate
familiarity with the dangers and
measures to recognize the cybersecurity
issues, they can't take proper activities to
manage it.
Original source
12. As individuals don't have legitimate
attention to the dangers and measures
to recognize cybersecurity issues, they
are not ready to take proper activities to
manage it
5
Student paper
Keeping this circumstance and some
disturbing digital assaults as a top
priority, this paper plans to make one
mindful of some basic dangers and
propelled procedures to watchful the
circumstance alongside conceivable
counter strides against the risk.
Original source
Keeping this circumstance and some
disturbing digital assaults as a top
priority, this paper plans to make one
mindful of some basic dangers and
propelled procedures to sagacious the
circumstance alongside conceivable
counter strides against the danger
1
Student paper
In this paper, I have introduced a review
of mindfulness and location procedures
alongside the safeguard top to bottom
like a typical system to ensure basic
13. assets on big business arranges just as
Supervisory Control and Information
Procurement (SCADA) and different
procedure control subnets.
Original source
In this paper I have exhibited a review of
mindfulness and location methods
alongside the guard top to bottom as a
typical technique to secure basic assets
on big business organizes just as
Supervisory Control and Data Acquisition
(SCADA) and different procedure control
subnets
4
Student paper
Moreover, there are some more
countermeasures which can be taken to
make arrangements for programming
vulnerabilities:
Original source
Moreover, there are some more
countermeasures which can be taken to
make preparations for programming
vulnerabilities
1
Student paper
14. rectangular malignant connections/IP
addresses, each useless port at the
Firewall and Host, remain contemporary
with all running framework
management/programming patches, by
no means proportion your secret phrase
comply with the measures for your
affiliation's methods, together with the
Innovation manipulate Plan (TCP), Lead
visit computer evaluations - In a super
world:
Original source
Block malignant connections/IP
addresses, every superfluous port at the
Firewall and Host, remain current with all
working framework
administration/programming patches,
NEVER share your secret phrase Comply
with the measures in your association's
approaches, including the Technology
Control Plan (TCP), Conduct visit PC
reviews - Ideally
8
Student paper
The idea of Barrier Top to bottom isn't
new-numerous associations as of now
utilize a large number of the Protection
Inside and out measures talked about in
this report inside their data innovation
(IT) frameworks; be that as it may, they
don't really apply it to their ICS activities.
15. Previously, most associations didn't see a
need to do as such. Inheritance ICSs
utilized cloud conventions and were
generally considered "hack-confirmation"
Original source
The idea of Defense in Depth isn't new—
numerous associations as of now utilize
a considerable lot of the Defense-in-
Depth measures talked about in this
archive inside their data innovation (IT)
foundations be that as it may, they don't
really apply it to their ICS activities
Previously, most associations didn't see a
need to do as such Inheritance ICSs
utilized darken conventions and were to
a great extent considered "hack
confirmation"
8
Student paper
Be that as it may, with its assembly and
ICS models, late prominent interruptions
have featured the potential hazard to
control frameworks.
Original source
In any case, with its assembly and ICS
models, later prominent interruptions
have featured the potential hazard to
control frameworks
17. The danger of an intrusion by pernicious
on-screen characters on basic
infrastructure using PC based adventures
has additionally developed
10
Student paper
Various ongoing prominent episodes
have expanded attention to this danger
and the people and gatherings who seek
after it with pernicious expectation. The
accessibility of ICS-explicit security
arrangements has not stayed aware of
the mounting danger, so associations
must convey a hearty Guard Inside and
out arrangement making their
frameworks ugly focuses on would-be
assailants.
Original source
Various ongoing prominent occurrences
have expanded consciousness of this
danger and the people and gatherings
who seek after it with noxious
expectation The accessibility of ICS-
explicit security arrangements has not
stayed aware of the mounting danger, so
associations must convey a strong
Defense-in-Depth arrangement—making
their frameworks ugly focuses to would-
be assailants
18. 11
Student paper
Building cybersecurity awareness:
Original source
Building cybersecurity awareness
12
Student paper
The need for evidence-based Cyber-
attacks:
Original source
The need for evidence-based framing
strategies Cyber-attacks
4
Student paper
Protecting National Infrastructure, 1st ed.
Chapter-10 Awareness and Chapter-6
Foltyn, (2018).
Original source
Protecting National Infrastructure, 1st ed
Chapter-10 Awareness and Chapter-6
Depth
19. 12
Student paper
US government report highlights gaps in
battle against botnets framing strategies
UC Library -Common Cyber Threats:
Original source
US government report highlights gaps in
battle against botnets
8
Student paper
Indicators and Countermeasures
Original source
Indicators and Countermeasures
8
Student paper
Consider the consequences: A powerful
approach for reducing ICS cyber risk
Original source
Consider the consequences A powerful
approach for reducing ICS cyber risk
11
20. Student paper
Cyber Threat Detection and Application
Analysis.
Original source
Cyber Threat Detection and Application
Analysis
Cyber Attacks
Protecting National Infrastructure
Student Edition
Edward G. Amoroso
2
Acquiring Editor: Pam Chester
Development Editor: David Bevans
Project Manager: Paul Gottehrer
Designer: Alisa Andreola
Butterworth-Heinemann is an imprint of Elsevier
22. to persons or property as a matter of products liability,
negligence or otherwise, or from any use or operation of any
methods, products,
instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Amoroso, Edward G.
Cyber attacks : protecting national infrastructure / Edward
Amoroso, John R. Vacca.–Student ed.
p. cm.
Summary: “Ten basic principles that will reduce the risk of
cyber attack to national infrastructure in a substantive manner”–
Provided by
publisher.
ISBN 978-0-12-391855-0 (hardback)
1. Cyberterrorism–United States–Prevention. 2. Computer
networks–Security measures. 3. Cyberspace–Security measures.
4. Computer
crimes–United States–Prevention. 5. National security–United
States. I. Vacca, John R. II. Title.
HV6773.2.A47 2012
363.325’90046780973–dc22
2012000035
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British
Library
ISBN: 978-0-12-391855-0
Printed in the United States of America
12 13 14 15 16 10 9 8 7 6 5 4 3 2 1
3
23. http://www.elsevier.com/permissions
For information on all BH publications visit our website at
www.elsevierdirect.com/security
4
http://www.elsevierdirect.com/security
Preface
Man did not enter into society to become worse than he was
before, nor to have fewer rights than he had
before, but to have those rights better secured.
Thomas Paine in Common Sense
Before you invest any of your time with this book, please take
a moment and look over the following
points. They outline my basic philosophy of national
infrastructure security. I think that your reaction to these
points will give you a pretty good idea of what your reaction
will be to the book.
1. Citizens of free nations cannot hope to express or enjoy their
freedoms if basic security protections are
24. not provided. Security does not suppress freedom—it makes
freedom possible.
2. In virtually every modern nation, computers and networks
power critical infrastructure elements. As a
result, cyber attackers can use computers and networks to
damage or ruin the infrastructures that
citizens rely on.
3. Security protections, such as those in security books, were
designed for small-scale environments such
as enterprise computing environments. These protections do not
extrapolate to the protection of
massively complex infrastructure.
4. Effective national cyber protections will be driven largely by
cooperation and coordination between
commercial, industrial, and government organizations. Thus,
organizational management issues will
be as important to national defense as technical issues.
5. Security is a process of risk reduction, not risk removal.
Therefore, concrete steps can and should be
taken to reduce, but not remove, the risk of cyber attack to
national infrastructure.
6. The current risk of catastrophic cyber attack to national
infrastructure must be viewed as extremely
high, by any realistic measure. Taking little or no action to
reduce this risk would be a foolish national
decision.
The chapters of this book are organized around 10 basic
principles that will reduce the risk of cyber
25. attack to national infrastructure in a substantive manner. They
are driven by experiences gained managing the
security of one of the largest, most complex infrastructures in
the world, by years of learning from various
commercial and government organizations, and by years of
interaction with students and academic researchers
in the security field. They are also driven by personal
experiences dealing with a wide range of successful and
unsuccessful cyber attacks, including ones directed at
infrastructure of considerable value. The implementation
of the 10 principles in this book will require national resolve
and changes to the way computing and
networking elements are designed, built, and operated in the
context of national infrastructure. My hope is
that the suggestions offered in these pages will make this
process easier.
5
6
Student Edition
To make it easier to teach these basic principles in the
classroom, Cyber Attacks Student Edition adds new
material developed by John R. Vacca, Editor-in-Chief of
Computer and Information Security Handbook
(Morgan Kaufmann Publishers) aimed specifically at enhancing
the student experience, making it appropriate
as a core textbook for instructors teaching courses in cyber
security, information security, digital security,
national security, intelligence studies, technology and
26. infrastructure protection and similar courses.
Cyber Attacks Student Edition features the addition of case
studies to illustrate actual implementation
scenarios discussed in the text. The Student Edition also adds a
host of new pedagogical elements to enhance
learning, including chapter outlines, chapter summaries,
learning checklists, chapter-by-chapter study
questions, and more.
Instructor Support for Cyber Attacks Student Edition includes
Test Bank, Lecture Slides, Lesson Plans,
and
Solution
s Manual available online at
http://textbooks.elsevier.com/web/Manuals.aspx?
isbn=9780123918550.
• Test Bank—Compose, customize, and deliver exams using an
online assessment package in a free
Windows-based authoring tool that makes it easy to build tests
using the unique multiple choice and
true or false questions created for Cyber Attacks Student
Edition. What’s more, this authoring tool
allows you to export customized exams directly to Blackboard,
WebCT, eCollege, Angel, and other
27. leading systems. All test bank files are also conveniently
offered in Word format.
• PowerPoint Lecture Slides—Reinforce key topics with
focused PowerPoints, which provide a perfect
visual outline with which to augment your lecture. Each
individual book chapter has its own dedicated
slideshow.
• Lesson Plans—Design your course around customized lesson
plans. Each individual lesson plan acts
as separate syllabi containing content synopses, key terms,
content synopses, directions to
supplementary websites, and more open-ended critical thinking
questions designed to spur class
discussion. These lesson plans also delineate and connect
chapter-based learning objectives to specific
teaching resources, making it easy to catalogue the resources at
your disposal.
7
http://textbooks.elsevier.com/web/Manuals.aspx?isbn=97801239
18550
28. Acknowledgments
The cyber security experts in the AT&T Chief Security Office,
my colleagues across AT&T Labs and the
AT&T Chief Technology Office, my colleagues across the entire
AT&T business, and my graduate and
undergraduate students in the Computer Science Department at
the Stevens Institute of Technology have had
a profound impact on my thinking and on the contents of this
book. In addition, many prominent enterprise
customers of AT&T with whom I’ve had the pleasure of
serving, especially those in the United States Federal
Government, have been great influencers in the preparation of
this material.
I’d also like to extend a great thanks to my wife Lee, daughter
Stephanie (17), son Matthew (15), and
daughter Alicia (9) for their collective patience with my busy
schedule.
8
31. Awareness
Response
Implementing the Principles Nationally
Protecting the Critical National Infrastructure Against Cyber
Attacks
Summary
Chapter Review Questions/Exercises
2. Deception
9
32. Scanning Stage
Deliberately Open Ports
Discovery Stage
Deceptive Documents
Exploitation Stage
Procurement Tricks
Exposing Stage
Interfaces Between Humans and Computers
33. National Deception Program
The Deception Planning Process Against Cyber Attacks
Summary
Chapter Review Questions/Exercises
3. Separation
What Is Separation?
Functional Separation
National Infrastructure Firewalls
34. DDOS Filtering
SCADA Separation Architecture
Physical Separation
Insider Separation
Asset Separation
Multilevel Security (MLS)
Protecting the Critical National Infrastructure Through Use of
Separation
Summary
35. Chapter Review Questions/Exercises
10
4. Diversity
Diversity and Worm Propagation
Desktop Computer System Diversity
Diversity Paradox of Cloud Computing
Network Technology Diversity
Physical Diversity
36. National Diversity Program
Critical Infrastructure Resilience and Diversity Initiative
Summary
Chapter Review Questions/Exercises
5. Commonality
Meaningful Best Practices for Infrastructure Protection
Locally Relevant and Appropriate Security Policy
Culture of Security Protection
37. Infrastructure Simplification
Certification and Education
Career Path and Reward Structure
Responsible Past Security Practice
National Commonality Program
How Critical National Infrastructure Systems Demonstrate
Commonality
Summary
Chapter Review Questions/Exercises
39. National Program of Depth
Practical Ways for Achieving Information Assurance in
Infrastructure Networked Environments
Summary
Chapter Review Questions/Exercises
7. Discretion
Trusted Computing Base
Security Through Obscurity
Information Sharing
40. Information Reconnaissance
Obscurity Layers
Organizational Compartments
National Discretion Program
Top-Down and Bottom-Up Sharing of Sensitive Information
Summary
Chapter Review Questions/Exercises
8. Collection
Collecting Network Data
41. Collecting System Data
Security Information and Event Management
Large-Scale Trending
Tracking a Worm
12
National Collection Program
Data Collection Efforts: Systems and Assets
Summary
42. Chapter Review Questions/Exercises
9. Correlation
Conventional Security Correlation Methods
Quality and Reliability Issues in Data Correlation
Correlating Data to Detect a Worm
Correlating Data to Detect a Botnet
Large-Scale Correlation Process
National Correlation Program
43. Correlation Rules for Critical National Infrastructure Cyber
Security
Summary
Chapter Review Questions/Exercises
10. Awareness
Detecting Infrastructure Attacks
Managing Vulnerability Information
Cyber Security Intelligence Reports
Risk Management Process
44. Security Operations Centers
National Awareness Program
Connecting Current Cyber Security Operation Centers to
Enhance Situational Awareness
Summary
Chapter Review Questions/Exercises
11. Response
13
Pre- Versus Post-Attack Response
45. Indications and Warning
Incident Response Teams
Forensic Analysis
Law Enforcement Issues
Disaster Recovery
National Response Program
The Critical National Infrastructure Incident Response
Framework
Transitioning from NIPP Steady State to Incident Response
48. 14
Case Study 2: Cyber Attacks on Critical Infrastructures—A Risk
to the Nation
Case Study 3: Department of Homeland Security Battle Insider
Threats and Maintain National
Cyber Security
Case Study 4: Cyber Security Development Life Cycle
Case Study 5
REVIEW. Answers to Review Questions/Exercises, Hands-On
Projects, Case Projects, and
Optional Team Case Projects by Chapter
50. Chapter 9: Correlation
Chapter 10: Awareness
Chapter 11: Response
Index
15
1
Introduction
Chapter Outline
National Cyber Threats, Vulnerabilities, and Attacks
Botnet Threat
51. National Cyber Security Methodology Components
Deception
Separation
Diversity
Consistency
Depth
Discretion
Collection
Correlation
Awareness
Response
Implementing the Principles Nationally
Protecting the Critical National Infrastructure Against Cyber
Attacks
Summary
Chapter Review Questions/Exercises
Somewhere in his writings—and I regret having forgotten
where—John Von Neumann draws attention to
what seemed to him a contrast. He remarked that for simple
mechanisms it is often easier to describe how they
work than what they do, while for more complicated
mechanisms it was usually the other way round.
52. Edsger W. Dijkstra1
National infrastructure refers to the complex, underlying
delivery and support systems for all large-scale
services considered absolutely essential to a nation. These
services include emergency response, law
enforcement databases, supervisory control and data acquisition
(SCADA) systems, power control networks,
military support services, consumer entertainment systems,
financial applications, and mobile
telecommunications. Some national services are provided
directly by government, but most are provided by
commercial groups such as Internet service providers, airlines,
and banks. In addition, certain services
considered essential to one nation might include infrastructure
support that is controlled by organizations
from another nation. This global interdependency is consistent
with the trends referred to collectively by
Thomas Friedman as a “flat world.”2
16
53. National infrastructure, especially in the United States, has
always been vulnerable to malicious physical
attacks such as equipment tampering, cable cuts, facility
bombing, and asset theft. The events of September
11, 2001, for example, are the most prominent and recent
instance of a massive physical attack directed at
national infrastructure. During the past couple of decades,
however, vast portions of national infrastructure
have become reliant on software, computers, and networks. This
reliance typically includes remote access,
often over the Internet, to the systems that control national
services. Adversaries thus can initiate cyber attacks
on infrastructure using worms, viruses, leaks, and the like.
These attacks indirectly target national
infrastructure through their associated automated controls
systems (see Figure 1.1).
Figure 1.1 National infrastructure cyber and physical attacks.
A seemingly obvious approach to dealing with this national
cyber threat would involve the use of well-
54. known computer security techniques. After all, computer
security has matured substantially in the past couple
of decades, and considerable expertise now exists on how to
protect software, computers, and networks. In
such a national scheme, safeguards such as firewalls, intrusion
detection systems, antivirus software,
passwords, scanners, audit trails, and encryption would be
directly embedded into infrastructure, just as they
are currently in small-scale environments. These national
security systems would be connected to a centralized
threat management system, and incident response would follow
a familiar sort of enterprise process.
Furthermore, to ensure security policy compliance, one would
expect the usual programs of end-user
awareness, security training, and third-party audit to be directed
toward the people building and operating
national infrastructure. Virtually every national infrastructure
protection initiative proposed to date has
followed this seemingly straightforward path.3
While well-known computer security techniques will certainly
be useful for national infrastructure, most
practical experience to date suggests that this conventional
approach will not be sufficient. A primary reason is
55. the size, scale, and scope inherent in complex national
infrastructure. For example, where an enterprise might
involve manageably sized assets, national infrastructure will
require unusually powerful computing support
with the ability to handle enormous volumes of data. Such
volumes will easily exceed the storage and
processing capacity of typical enterprise security tools such as a
commercial threat management system.
Unfortunately, this incompatibility conflicts with current
initiatives in government and industry to reduce
costs through the use of common commercial off-the-shelf
products.
National infrastructure databases far exceed the size of even the
largest commercial databases.
In addition, whereas enterprise systems can rely on manual
intervention by a local expert during a
17
security disaster, large-scale national infrastructure generally
56. requires a carefully orchestrated response by
teams of security experts using predetermined processes. These
teams of experts will often work in different
groups, organizations, or even countries. In the worst cases,
they will cooperate only if forced by government,
often sharing just the minimum amount of information to avoid
legal consequences. An additional problem is
that the complexity associated with national infrastructure leads
to the bizarre situation where response teams
often have partial or incorrect understanding about how the
underlying systems work. For these reasons,
seemingly convenient attempts to apply existing small-scale
security processes to large-scale infrastructure
attacks will ultimately fail (see Figure 1.2).
Figure 1.2 Differences between small- and large-scale cyber
security.
As a result, a brand-new type of national infrastructure
protection methodology is required—one that
combines the best elements of existing computer and network
security techniques with the unique and
57. difficult challenges associated with complex, large-scale
national services. This book offers just such a
protection methodology for national infrastructure. It is based
on a quarter century of practical experience
designing, building, and operating cyber security systems for
government, commercial, and consumer
infrastructure. It is represented as a series of protection
principles that can be applied to new or existing
systems. Because of the unique needs of national infrastructure,
especially its massive size, scale, and scope,
some aspects of the methodology will be unfamiliar to the
computer security community. In fact, certain
elements of the approach, such as our favorable view of
“security through obscurity,” might appear in direct
conflict with conventional views of how computers and
networks should be protected.
18
National Cyber Threats, Vulnerabilities, and Attacks
Conventional computer security is based on the oft-repeated
taxonomy of security threats which includes
58. confidentiality, integrity, availability, and theft. In the broadest
sense, all four diverse threat types will have
applicability in national infrastructure. For example, protections
are required equally to deal with sensitive
information leaks (confidentiality), worms affecting the
operation of some critical application (integrity),
botnets knocking out an important system (availability), or
citizens having their identities compromised
(theft). Certainly, the availability threat to national services
must be viewed as particularly important, given
the nature of the threat and its relation to national assets. One
should thus expect particular attention to
availability threats to national infrastructure. Nevertheless, it
makes sense to acknowledge that all four types of
security threats in the conventional taxonomy of computer
security must be addressed in any national
infrastructure protection methodology.
Any of the most common security concern—confidentiality,
integrity, availability, and theft—threaten our
national infrastructure.
Vulnerabilities are more difficult to associate with any
59. taxonomy. Obviously, national infrastructure must
address well-known problems such as improperly configured
equipment, poorly designed local area networks,
unpatched system software, exploitable bugs in application
code, and locally disgruntled employees. The
problem is that the most fundamental vulnerability in national
infrastructure involves the staggering
complexity inherent in the underlying systems. This complexity
is so pervasive that many times security
incidents uncover aspects of computing functionality that were
previously unknown to anyone, including
sometimes the system designers. Furthermore, in certain cases,
the optimal security solution involves
simplifying and cleaning up poorly conceived infrastructure.
This is bad news, because most large
organizations are inept at simplifying much of anything.
The best one can do for a comprehensive view of the
vulnerabilities associated with national
infrastructure is to address their relative exploitation points.
This can be done with an abstract national
infrastructure cyber security model that includes three types of
malicious adversaries: external adversary
(hackers on the Internet), internal adversary (trusted insiders),
60. and supplier adversary (vendors and partners).
Using this model, three exploitation points emerge for national
infrastructure: remote access (Internet and
telework), system administration and normal usage
(management and use of software, computers, and
networks), and supply chain (procurement and outsourcing) (see
Figure 1.3).
19
Figure 1.3 Adversaries and exploitation points in national
infrastructure.
These three exploitation points and three types of adversaries
can be associated with a variety of possible
motivations for initiating either a full or test attack on national
infrastructure.
Five Possible Motivations for an Infrastructure Attack
• Country-sponsored warfare—National infrastructure attacks
sponsored and funded by enemy countries
61. must be considered the most significant potential motivation,
because the intensity of adversary
capability and willingness to attack is potentially unlimited.
• Terrorist attack—The terrorist motivation is also signifi cant,
especially because groups driven by terror
can easily obtain sufficient capability and funding to perform
significant attacks on infrastructure.
• Commercially motivated attack—When one company chooses
to utilize cyber attacks to gain a
commercial advantage, it becomes a national infrastructure
incident if the target company is a purveyor
of some national asset.
• Financially driven criminal attack—Identify theft is the most
common example of a fi nancially driven
attack by criminal groups, but other cases exist, such as
companies being extorted to avoid a cyber
incident.
• Hacking—One must not forget that many types of attacks are
still driven by the motivation of hackers,
who are often just mischievous youths trying to learn or to build
62. a reputation within the hacking
community. This is much less a sinister motivation, and national
leaders should try to identify better
ways to tap this boundless capability and energy.
Each of the three exploitation points might be utilized in a
cyber attack on national infrastructure. For
example, a supplier might use a poorly designed supply chain to
insert Trojan horse code into a software
component that controls some national asset, or a hacker on the
Internet might take advantage of some
unprotected Internet access point to break into a vulnerable
service. Similarly, an insider might use trusted
access for either system administration or normal system usage
to create an attack. The potential also exists for
an external adversary to gain valuable insider access through
patient, measured means, such as gaining
employment in an infrastructure-supporting organization and
then becoming trusted through a long process
of work performance. In each case, the possibility exists that a
limited type of engagement might be
performed as part of a planned test or exercise. This seems
especially likely if the attack is country or terrorist
sponsored, because it is consistent with past practice.
63. When to issue a vulnerability risk advisory and when to keep
the risk confidential must be determined on a
case-by-case basis, depending on the threat.
At each exploitation point, the vulnerability being used might
be a well-known problem previously reported in
an authoritative public advisory, or it could be a proprietary
issue kept hidden by a local organization. It is
entirely appropriate for a recognized authority to make a
detailed public vulnerability advisory if the benefits
20
of notifying the good guys outweigh the risks of alerting the bad
guys. This cost–benefit result usually occurs
when many organizations can directly benefit from the
information and can thus take immediate action.
When the reported vulnerability is unique and isolated,
however, then reporting the details might be
irresponsible, especially if the notification process does not
enable a more timely fix. This is a key issue,
64. because many government authorities continue to consider new
rules for mandatory reporting. If the
information being demanded is not properly protected, then the
reporting process might result in more harm
than good.
21
Botnet Threat
Perhaps the most insidious type of attack that exists today is the
botnet.4 In short, a botnet involves remote
control of a collection of compromised end-user machines,
usually broadband-connected PCs. The controlled
end-user machines, which are referred to as bots, are
programmed to attack some target that is designated by
the botnet controller. The attack is tough to stop because end-
user machines are typically administered in an
ineffective manner. Furthermore, once the attack begins, it
occurs from sources potentially scattered across
geographic, political, and service provider boundaries. Perhaps
worse, bots are programmed to take commands
65. from multiple controller systems, so any attempts to destroy a
given controller result in the bots simply
homing to another one.
The Five Entities That Comprise a Botnet Attack
• Botnet operator—This is the individual, group, or country
that creates the botnet, including its setup
and operation.When the botnet is used for financial gain, it is
the operator who will benefit. Law
enforcement and cyber security initiatives have found it very
difficult to identify the operators. The
press, in particular, has done a poor job reporting on the
presumed identity of botnet operators, often
suggesting sponsorship by some country when little supporting
evidence exists.
• Botnet controller—This is the set of servers that command
and control the operation of a botnet.
Usually these servers have been maliciously compromised for
this purpose. Many times, the real owner
of a server that has been compromised will not even realize
what has occurred. The type of activity
directed by a controller includes all recruitment, setup,
66. communication, and attack activity. Typical
botnets include a handful of controllers, usually distributed
across the globe in a non-obvious manner.
• Collection of bots—These are the end-user, broadband-
connected PCs infected with botnet malware.
They are usually owned and operated by normal citizens, who
become unwitting and unknowing
dupes in a botnet attack. When a botnet includes a concentration
of PCs in a given region, observers
often incorrectly attribute the attack to that region. The use of
smart mobile devices in a botnet will
grow as upstream capacity and device processing power
increase.
• Botnet software drop—Most botnets include servers designed
to store software that might be useful for
the botnets during their lifecycle. Military personnel might refer
to this as an arsenal. Like controllers,
botnet software drop points are usually servers compromised for
this purpose, often unknown to the
normal server operator.
• Botnet target—This is the location that is targeted in the
attack. Usually, it is a website, but it can
67. really be any device, system, or network that is visible to the
bots. In most cases, botnets target
prominent and often controversial websites, simply because they
are visible via the Internet and
generally have a great deal at stake in terms of their
availability. This increases gain and leverage for
the attacker. Logically, however, botnets can target anything
visible.
The way a botnet works is that the controller is set up to
communicate with the bots via some designated
protocol, most often Internet Relay Chat (IRC). This is done via
malware inserted into the end-user PCs that
22
comprise the bots. A great challenge in this regard is that home
PCs and laptops are so poorly administered.
Amazingly, over time, the day-to-day system and security
administration task for home computers has
gravitated to the end user. This obligation results in both a poor
user experience and general dissatisfaction
68. with the security task. For example, when a typical computer
buyer brings a new machine home, it has
probably been preloaded with security software by the retailer.
From this point onward, however, that home
buyer is then tasked with all responsibility for protecting the
machine. This includes keeping firewall,
intrusion detection, antivirus, and antispam software up to date,
as well as ensuring that all software patches
are current. When these tasks are not well attended, the result is
a more vulnerable machine that is easily
turned into a bot. (Sadly, even if a machine is properly
managed, expert bot software designers might find a
way to install the malware anyway.)
Home PC users may never know they are being used for a botnet
scheme.
Once a group of PCs has been compromised into bots, attacks
can thus be launched by the controller via
a command to the bots, which would then do as they are
instructed. This might not occur instantaneously
with the infection; in fact, experience suggests that many
botnets lay dormant for a great deal of time.
Nevertheless, all sorts of attacks are possible in a botnet
69. arrangement, including the now-familiar distributed
denial of service attack (DDOS). In such a case, the bots create
more inbound traffic than the target gateway
can handle. For example, if some theoretical gateway allows for
1 Gbps of inbound traffic, and the botnet
creates an inbound stream larger than 1 Gbps, then a logjam
results at the inbound gateway, and a denial of
service condition occurs (see Figure 1.4).
A DDOS attack is like a cyber traffic jam.
Figure 1.4 Sample DDOS attack from a botnet.
Any serious present study of cyber security must acknowledge
the unique threat posed by botnets.
Virtually any Internet-connected system is vulnerable to major
outages from a botnet-originated DDOS
attack. The physics of the situation are especially depressing;
that is, a botnet that might steal 500 Kbps of
upstream capacity from each bot (which would generally allow
for concurrent normal computing and
networking) would only need three bots to collapse a target T1
70. connection. Following this logic, only 16,000
bots would be required theoretically to fill up a 10-Gbps
connection. Because most of the thousands of
23
botnets that have been observed on the Internet are at least this
size, the threat is obvious; however, many
recent and prominent botnets such as Storm and Conficker are
much larger, comprising as many as several
million bots, so the threat to national infrastructure is severe
and immediate.
24
National Cyber Security Methodology Components
Our proposed methodology for protecting national infrastructure
is presented as a series of ten basic design
and operation principles. The implication is that, by using these
71. principles as a guide for either improving
existing infrastructure components or building new ones, the
security result will be desirable, including a
reduced risk from botnets. The methodology addresses all four
types of security threats to national
infrastructure; it also deals with all three types of adversaries to
national infrastructure, as well as the three
exploitation points detailed in the infrastructure model. The list
of principles in the methodology serves as a
guide to the remainder of this chapter, as well as an outline for
the remaining chapters of the book:
• Chapter 2: Deception—The openly advertised use of
deception creates uncertainty for adversaries
because they will not know if a discovered problem is real or a
trap. The more common hidden use of
deception allows for real-time behavioral analysis if an intruder
is caught in a trap. Programs of
national infrastructure protection must include the appropriate
use of deception, especially to reduce
the malicious partner and supplier risk.
• Chapter 3: Separation—Network separation is currently
accomplished using firewalls, but programs of
national infrastructure protection will require three specific
72. changes. Specifically, national
infrastructure must include network-based firewalls on high-
capacity backbones to throttle DDOS
attacks, internal firewalls to segregate infrastructure and reduce
the risk of sabotage, and better
tailoring of firewall features for specific applications such as
SCADA protocols.5
• Chapter 4: Diversity—Maintaining diversity in the products,
services, and technologies supporting
national infrastructure reduces the chances that one common
weakness can be exploited to produce a
cascading attack. A massive program of coordinated
procurement and supplier management is required
to achieve a desired level of national diversity across all assets.
This will be tough, because it conflicts
with most cost-motivated information technology procurement
initiatives designed to minimize
diversity in infrastructure.
• Chapter 5: Commonality—The consistent use of security best
practices in the administration of
national infrastructure ensures that no infrastructure component
is either poorly managed or left
73. completely unguarded. National programs of standards selection
and audit validation, especially with
an emphasis on uniform programs of simplification, are thus
required. This can certainly include
citizen end users, but one should never rely on high levels of
security compliance in the broad
population.
• Chapter 6: Depth—The use of defense in depth in national
infrastructure ensures that no critical asset
is reliant on a single security layer; thus, if any layer should
fail, an additional layer is always present to
mitigate an attack. Analysis is required at the national level to
ensure that all critical assets are
protected by at least two layers, preferably more.
• Chapter 7: Discretion—The use of personal discretion in the
sharing of information about national
assets is a practical technique that many computer security
experts find difficult to accept because it
conflicts with popular views on “security through obscurity.”
Nevertheless, large-scale infrastructure
protection cannot be done properly unless a national culture of
discretion and secrecy is nurtured. It
74. 25
goes without saying that such discretion should never be put in
place to obscure illegal or unethical
practices.
• Chapter 8: Collection—The collection of audit log
information is a necessary component of an
infrastructure security scheme, but it introduces privacy, size,
and scale issues not seen in smaller
computer and network settings. National infrastructure
protection will require a data collection
approach that is acceptable to the citizenry and provides the
requisite level of detail for security
analysis.
• Chapter 9: Correlation—Correlation is the most fundamental
of all analysis techniques for cyber
security, but modern attack methods such as botnets greatly
complicate its use for attack-related
indicators. National-level correlation must be performed using
all available sources and the best
available technology and algorithms. Correlating information
75. around a botnet attack is one of the
more challenging present tasks in cyber security.
• Chapter 10: Awareness—Maintaining situational awareness
is more important in large-scale
infrastructure protection than in traditional computer and
network security because it helps to
coordinate the real-time aspect of multiple infrastructure
components. A program of national
situational awareness must be in place to ensure proper
management decision-making for national
assets.
• Chapter 11: Response—Incident response for national
infrastructure protection is especially difficult
because it generally involves complex dependencies and
interactions between disparate government
and commercial groups. It is best accomplished at the national
level when it focuses on early
indications, rather than on incidents that have already begun to
damage national assets.
The balance of this chapter will introduce each principle, with
discussion on its current use in computer
76. and network security, as well as its expected benefits for
national infrastructure protection.
26
Deception
The principle of deception involves the deliberate introduction
of misleading functionality or misinformation
into national infrastructure for the purpose of tricking an
adversary. The idea is that an adversary would be
presented with a view of national infrastructure functionality
that might include services or interface
components that are present for the sole purpose of fakery.
Computer scientists refer to this functionality as a
honey pot, but the use of deception for national infrastructure
could go far beyond this conventional view.
Specifically, deception can be used to protect against certain
types of cyber attacks that no other security
method will handle. Law enforcement agencies have been using
deception effectively for many years, often
catching cyber stalkers and criminals by spoofing the reported
77. identity of an end point. Even in the presence
of such obvious success, however, the cyber security community
has yet to embrace deception as a mainstream
protection measure.
Deception is an oft-used tool by law enforcement agencies to
catch cyber stalkers and predators.
Deception in computing typically involves a layer of cleverly
designed trap functionality strategically
embedded into the internal and external interfaces for services.
Stated more simply, deception involves fake
functionality embedded into real interfaces. An example might
be a deliberately planted trap link on a website
that would lead potential intruders into an environment
designed to highlight adversary behavior. When the
deception is open and not secret, it might introduce uncertainty
for adversaries in the exploitation of real
vulnerabilities, because the adversary might suspect that the
discovered entry point is a trap. When it is hidden
and stealth, which is the more common situation, it serves as the
basis for real-time forensic analysis of
78. adversary behavior. In either case, the result is a public
interface that includes real services, deliberate honey
pot traps, and the inevitable exploitable vulnerabilities that
unfortunately will be present in all nontrivial
interfaces (see Figure 1.5).
Figure 1.5 Components of an interface with deception.
Only relatively minor tests of honey pot technology have been
reported to date, usually in the context of a
research effort. Almost no reports are available on the day-to-
day use of deception as a structural component
of a real enterprise security program. In fact, the vast majority
of security programs for companies,
government agencies, and national infrastructure would include
no such functionality. Academic computer
scientists have shown little interest in this type of security, as
evidenced by the relatively thin body of literature
on the subject. This lack of interest might stem from the
discomfort associated with using computing to
27
79. mislead. Another explanation might be the relative
ineffectiveness of deception against the botnet threat,
which is clearly the most important security issue on the
Internet today. Regardless of the cause, this tendency
to avoid the use of deception is unfortunate, because many
cyber attacks, such as subtle break-ins by trusted
insiders and Trojan horses being maliciously inserted by
suppliers into delivered software, cannot be easily
remedied by any other means.
Deception is less effective against botnets than other types of
attack methods.
The most direct benefit of deception is that it enables forensic
analysis of intruder activity. By using a
honey pot, unique insights into attack methods can be gained by
watching what is occurring in real time. Such
deception obviously works best in a hidden, stealth mode,
unknown to the intruder, because if the intruder
realizes that some vulnerable exploitation point is a fake, then
no exploitation will occur. Honey pot pioneers
80. Cliff Stoll, Bill Cheswick, and Lance Spitzner have provided a
majority of the reported experience in real-
time forensics using honey pots. They have all suggested that
the most difficult task involves creating
believability in the trap. It is worth noting that connecting a
honey pot to real assets is a terrible idea.
Do not connect honey pots to real assets!
An additional potential benefit of deception is that it can
introduce the clever idea that some discovered
vulnerability might instead be a deliberately placed trap.
Obviously, such an approach is only effective if the
use of deception is not hidden; that is, the adversary must know
that deception is an approved and accepted
technique used for protection. It should therefore be obvious
that the major advantage here is that an
accidental vulnerability, one that might previously have been an
open door for an intruder, will suddenly look
like a possible trap. A further profound notion, perhaps for open
discussion, is whether just the implied
statement that deception might be present (perhaps without real
justification) would actually reduce risk.
Suppliers, for example, might be less willing to take the risk of
81. Trojan horse insertion if the procuring
organization advertises an open research and development
program of detailed software test and inspection
against this type of attack.
28
Separation
The principle of separation involves enforcement of access
policy restrictions on the users and resources in a
computing environment. Access policy restrictions result in
separation domains, which are arguably the most
common security architectural concept in use today. This is
good news, because the creation of access-policy-
based separation domains will be essential in the protection of
national infrastructure. Most companies today
will typically use firewalls to create perimeters around their
presumed enterprise, and access decisions are
embedded in the associated rules sets. This use of enterprise
firewalls for separation is complemented by
several other common access techniques:
82. • Authentication and identity management—These methods
are used to validate and manage the
identities on which separation decisions are made. They are
essential in every enterprise but cannot be
relied upon solely for infrastructure security. Malicious
insiders, for example, will be authorized under
such systems. In addition, external attacks such as DDOS are
unaffected by authentication and
identity management.
• Logical access controls—The access controls inherent in
operating systems and applications provide
some degree of separation, but they are also weak in the
presence of compromised insiders.
Furthermore, underlying vulnerabilities in applications and
operating systems can often be used to
subvert these methods.
• LAN controls—Access control lists on local area network
(LAN) components can provide separation
based on information such as Internet Protocol (IP) or media
access control (MAC) address. In this
regard, they are very much like firewalls but typically do not
extend their scope beyond an isolated
segment.
83. • Firewalls—For large-scale infrastructure, firewalls are
particularly useful, because they separate one
network from another. Today, every Internet-based connection
is almost certainly protected by some
sort of firewall functionality. This approach worked especially
well in the early years of the Internet,
when the number of Internet connections to the enterprise was
small. Firewalls do remain useful,
however, even with the massive connectivity of most groups to
the Internet. As a result, national
infrastructure should continue to include the use of firewalls to
protect known perimeter gateways to
the Internet.
Given the massive scale and complexity associated with
national infrastructure, three specific separation
enhancements are required, and all are extensions of the
firewall concept.
Required Separation Enhancements for National Infrastructure
Protection
1. The use of network-based firewalls is absolutely required for
84. many national infrastructure applications,
especially ones vulnerable to DDOS attacks from the Internet.
This use of network-based mediation
can take advantage of high-capacity network backbones if the
service provider is involved in running
the firewalls.
2. The use of firewalls to segregate and isolate internal
infrastructure components from one another is a
mandatory technique for simplifying the implementation of
access control policies in an organization.
29
When insiders have malicious intent, any exploit they might
attempt should be explicitly contained by
internal firewalls.
3. The use of commercial off-the-shelf firewalls, especially for
SCADA usage, will require tailoring of
the firewall to the unique protocol needs of the application. It is
not acceptable for national
85. infrastructure protection to retrofi t the use of a generic,
commercial, off-the-shelf tool that is not
optimized for its specific use (see Figure 1.6 )
Figure 1.6 Firewall enhancements for national infrastructure.
With the advent of cloud computing, many enterprise and
government agency security managers have
come to acknowledge the benefits of network-based firewall
processing. The approach scales well and helps to
deal with the uncontrolled complexity one typically finds in
national infrastructure. That said, the reality is
that most national assets are still secured by placing a firewall
at each of the hundreds or thousands of
presumed choke points. This approach does not scale and leads
to a false sense of security. It should also be
recognized that the firewall is not the only device subjected to
such scale problems. Intrusion detection
systems, antivirus filtering, threat management, and denial of
service filtering also require a network-based
approach to function properly in national infrastructure.
86. An additional problem that exists in current national
infrastructure is the relative lack of architectural
separation used in an internal, trusted network. Most security
engineers know that large systems are best
protected by dividing them into smaller systems. Firewalls or
packet filtering routers can be used to segregate
an enterprise network into manageable domains. Unfortunately,
the current state of the practice in
infrastructure protection rarely includes a disciplined approach
to separating internal assets. This is
unfortunate, because it allows an intruder in one domain to have
access to a more expansive view of the
organizational infrastructure. The threat increases when the
firewall has not been optimized for applications
such as SCADA that require specialized protocol support.
Parceling a network into manageable smaller domains creates an
environment that is easier to protect.
30
31
87. Diversity
The principle of diversity involves the selection and use of
technology and systems that are intentionally
different in substantive ways. These differences can include
technology source, programming language,
computing platform, physical location, and product vendor. For
national infrastructure, realizing such
diversity requires a coordinated program of procurement to
ensure a proper mix of technologies and vendors.
The purpose of introducing these differences is to deliberately
create a measure of non-interoperability so that
an attack cannot easily cascade from one component to another
through exploitation of some common
vulnerability. Certainly, it would be possible, even in a diverse
environment, for an exploit to cascade, but the
likelihood is reduced as the diversity profile increases.
This concept is somewhat controversial, because so much of
computer science theory and information
technology practice in the past couple of decades has been
focused on maximizing interoperability of
88. technologies. This might help explain the relative lack of
attentiveness that diversity considerations receive in
these fields. By way of analogy, however, cyber attacks on
national infrastructure are mitigated by diversity
technology just as disease propagation is reduced by a diverse
biological ecosystem. That is, a problem that
originates in one area of infrastructure with the intention of
automatic propagation will only succeed in the
presence of some degree of interoperability. If the technologies
are sufficiently diverse, then the attack
propagation will be reduced or even stopped. As such, national
asset managers are obliged to consider means
for introducing diversity in a cost-effective manner to realize its
security benefits (see Figure 1.7).
Figure 1.7 Introducing diversity to national infrastructure.
Diversity is especially tough to implement in national
infrastructure for several reasons. First, it must be
acknowledged that a single, major software vendor tends to
currently dominate the personal computer (PC)
operating system business landscape in most government and
enterprise settings. This is not likely to change,
89. so national infrastructure security initiatives must simply accept
an ecosystem lacking in diversity in the PC
landscape. The profile for operating system software on
computer servers is slightly better from a diversity
perspective, but the choices remain limited to a very small
number of available sources. Mobile operating
systems currently offer considerable diversity, but one cannot
help but expect to see a trend toward greater
consolidation.
Second, diversity conflicts with the often-found organizational
goal of simplifying supplier and vendor
relationships; that is, when a common technology is used
throughout an organization, day-to-day
maintenance, administration, and training costs are minimized.
Furthermore, by purchasing in bulk, better
32
terms are often available from a vendor. In contrast, the use of
diversity could result in a reduction in the level
of service provided in an organization. For example, suppose
that an Internet service provider offers
90. particularly secure and reliable network services to an
organization. Perhaps the reliability is even measured to
some impressive quantitative availability metric. If the
organization is committed to diversity, then one might
be forced to actually introduce a second provider with lower
levels of reliability.
Enforcing diversity of products and services might seem
counterintuitive if you have a reliable provider.
In spite of these drawbacks, diversity carries benefits that are
indisputable for large-scale infrastructure.
One of the great challenges in national infrastructure protection
will thus involve finding ways to diversify
technology products and services without increasing costs and
losing business leverage with vendors.
33
Consistency
The principle of consistency involves uniform attention to
91. security best practices across national infrastructure
components. Determining which best practices are relevant for
which national asset requires a combination of
local knowledge about the asset, as well as broader knowledge
of security vulnerabilities in generic
infrastructure protection. Thus, the most mature approach to
consistency will combine compliance with
relevant standards such as the Sarbanes–Oxley controls in the
United States, with locally derived security
policies that are tailored to the organizational mission. This
implies that every organization charged with the
design or operation of national infrastructure must have a local
security policy. Amazingly, some large groups
do not have such a policy today.
The types of best practices that are likely to be relevant for
national infrastructure include well-defined
software lifecycle methodologies, timely processes for patching
software and systems, segregation of duty
controls in system administration, threat management of all
collected security information, security awareness
training for all system administrators, operational
configurations for infrastructure management, and use of
software security tools to ensure proper integrity management.
Most security experts agree on which best
92. practices to include in a generic set of security requirements, as
evidenced by the inclusion of a common core
set of practices in every security standard. Attentiveness to
consistency is thus one of the less controversial of
our recommended principles.
The greatest challenge in implementing best practice
consistency across infrastructure involves auditing.
The typical audit process is performed by an independent third-
party entity doing an analysis of target
infrastructure to determine consistency with a desired standard.
The result of the audit is usually a numeric
score, which is then reported widely and used for management
decisions. In the United States, agencies of the
federal government are audited against a cyber security standard
known as FISMA (Federal Information
Security Management Act). While auditing does lead to
improved best practice coverage, there are often
problems. For example, many audits are done poorly, which
results in confusion and improper management
decisions. In addition, with all the emphasis on numeric ratings,
many agencies focus more on their score than
on good security practice.
A good audit score is important but should not replace good
93. security practices.
Today, organizations charged with protecting national
infrastructure are subjected to several types of
security audits. Streamlining these standards would certainly be
a good idea, but some additional items for
consideration include improving the types of common training
provided to security administrators, as well as
including past practice in infrastructure protection in common
audit standards. The most obvious practical
consideration for national infrastructure, however, would be
national-level agreement on which standard or
standards would be used to determine competence to protect
national assets. While this is a straightforward
concept, it could be tough to obtain wide concurrence among all
national participants. A related issue involves
commonality in national infrastructure operational
configurations; this reduces the chances that a rogue
configuration installed for malicious purposes, perhaps by
compromised insiders.
34
94. A national standard of competence for protecting our assets is
needed.
35
Depth
The principle of depth involves the use of multiple security
layers of protection for national infrastructure
assets. These layers protect assets from both internal and
external attacks via the familiar “defense in depth”
approach; that is, multiple layers reduce the risk of attack by
increasing the chances that at least one layer will
be effective. This should appear to be a somewhat sketchy
situation, however, from the perspective of
traditional engineering. Civil engineers, for example, would
never be comfortable designing a structure with
multiple flawed supports in the hopes that one of them will hold
the load. Unfortunately, cyber security
experts have no choice but to rely on this flawed notion,
perhaps highlighting the relative immaturity of
95. security as an engineering discipline.
One hint as to why depth is such an important requirement is
that national infrastructure components
are currently controlled by software, and everyone knows that
the current state of software engineering is
abysmal. Compared to other types of engineering, software
stands out as the only one that accepts the creation
of knowingly flawed products as acceptable. The result is that
all nontrivial software has exploitable
vulnerabilities, so the idea that one should create multiple
layers of security defense is unavoidable. It is worth
mentioning that the degree of diversity in these layers will also
have a direct impact on their effectiveness (see
Figure 1.8).
Software engineering standards do not contain the same level of
quality as civil and other engineering
standards.
Figure 1.8 National infrastructure security through defense in
depth.
96. To maximize the usefulness of defense layers in national
infrastructure, it is recommended that a
combination of functional and procedural controls be included.
For example, a common first layer of defense
is to install an access control mechanism for the admission of
devices to the local area network. This could
involve router controls in a small network or firewall access
rules in an enterprise. In either case, this first line
of defense is clearly functional. As such, a good choice for a
second layer of defense might involve something
procedural, such as the deployment of scanning to determine if
inappropriate devices have gotten through the
first layer. Such diversity will increase the chances that the
cause of failure in one layer is unlikely to cause a
similar failure in another layer.
A great complication in national infrastructure protection is that
many layers of defense assume the
36
existence of a defined network perimeter. For example, the
97. presence of many flaws in enterprise security found
by auditors is mitigated by the recognition that intruders would
have to penetrate the enterprise perimeter to
exploit these weaknesses. Unfortunately, for most national
assets, finding a perimeter is no longer possible.
The assets of a country, for example, are almost impossible to
define within some geographic or political
boundary, much less a network one. Security managers must
therefore be creative in identifying controls that
will be meaningful for complex assets whose properties are not
always evident. The risk of getting this wrong
is that in providing multiple layers of defense, one might
misapply the protections and leave some portion of
the asset base with no layers in place.
37
Discretion
The principle of discretion involves individuals and groups
making good decisions to obscure sensitive
information about national infrastructure. This is done by
combining formal mandatory information
98. protection programs with informal discretionary behavior.
Formal mandatory programs have been in place for
many years in the U.S. federal government, where documents
are associated with classifications, and policy
enforcement is based on clearances granted to individuals. In
the most intense environments, such as top-
secret compartments in the intelligence community, violations
of access policies could be interpreted as
espionage, with all of the associated criminal implications. For
this reason, prominent breaches of highly
classified government information are not common.
Naturally, top-secret information within the intelligence
community is at great risk for attack or infiltration.
In commercial settings, formal information protection programs
are gaining wider acceptance because of
the increased need to protect personally identifiable information
(PII) such as credit card numbers. Employees
of companies around the world are starting to understand the
importance of obscuring certain aspects of
corporate activity, and this is healthy for national infrastructure
99. protection. In fact, programs of discretion for
national infrastructure protection will require a combination of
corporate and government security policy
enforcement, perhaps with custom-designed information
markings for national assets. The resultant
discretionary policy serves as a layer of protection to prevent
national infrastructure-related information from
reaching individuals who have no need to know such
information.
A barrier in our recommended application of discretion is the
maligned notion of “security through
obscurity.” Security experts, especially cryptographers, have
long complained that obscurity is an unacceptable
protection approach. They correctly reference the problems of
trying to secure a system by hiding its
underlying detail. Inevitably, an adversary discovers the hidden
design secrets and the security protection is
lost. For this reason, conventional computer security correctly
dictates an open approach to software, design,
and algorithms. An advantage of this open approach is the
social review that comes with widespread
advertisement; for example, the likelihood is low of software
ever being correct without a significant amount
of intense review by experts. So, the general computer security
100. argument against “security through obscurity”
is largely valid in most cases.
“Security through obscurity” may actually leave assets more
vulnerable to attack than an open approach would.
Nevertheless, any manager charged with the protection of
nontrivial, large-scale infrastructure will tell
you that discretion and, yes, obscurity are indispensable
components in a protection program. Obscuring
details around technology used, software deployed, systems
purchased, and configurations managed will help
to avoid or at least slow down certain types of attacks. Hackers
often claim that by discovering this type of
information about a company and then advertising the
weaknesses they are actually doing the local security
team a favor. They suggest that such advertisement is required
to motivate a security team toward a solution,
but this is actually nonsense. Programs around proper discretion
and obscurity for infrastructure information
38
101. are indispensable and must be coordinated at the national level.
39
Collection
The principle of collection involves automated gathering of
system-related information about national
infrastructure to enable security analysis. Such collection is
usually done in real time and involves probes or
hooks in applications, system software, network elements, or
hardware devices that gather information of
interest. The use of audit trails in small-scale computer security
is an example of a long-standing collection
practice that introduces very little controversy among experts as
to its utility. Security devices such as firewalls
produce log files, and systems purported to have some degree of
security usefulness will also generate an audit
trail output. The practice is so common that a new type of
product, called a security information management
system (SIMS), has been developed to process all this data.
102. The primary operational challenge in setting up the right type
of collection process for computers and
networks has been twofold: First, decisions must be made about
what types of information are to be collected.
If this decision is made correctly, then the information collected
should correspond to exactly the type of data
required for security analysis, and nothing else. Second,
decisions must be made about how much information
is actually collected. This might involve the use of existing
system functions, such as enabling the automatic
generation of statistics on a router; or it could involve the
introduction of some new type of function that
deliberately gathers the desired information. Once these
considerations are handled, appropriate mechanisms
for collecting data from national infrastructure can be embedded
into the security architecture (see Figure 1.9).
Figure 1.9 Collecting national infrastructure-related security
information.
The technical and operational challenges associated with the
collection of logs and audit trails are
heightened in the protection of national assets. Because national
103. infrastructure is so complex, determining
what information should be collected turns out to be a difficult
exercise. In particular, the potential arises with
large-scale collection to intrude on the privacy of individuals
and groups within a nation. As such, any
initiative to protect infrastructure through the collection of data
must include at least some measure of privacy
policy determination. Similarly, the volumes of data collected
from large infrastructure can exceed practical
limits. Telecommunications collection systems designed to
protect the integrity of a service provider
backbone, for example, can easily generate many terabytes of
data in hours of processing.
What and how much data to collect is an operational challenge.
40
In both cases, technical and operational expertise must be
applied to ensure that the appropriate data is
collected in the proper amounts. The good news is that virtually
104. all security protection algorithms require no
deep, probing information of the type that might generate
privacy or volumetric issues. The challenge arises
instead when collection is done without proper advance analysis
which often results in the collection of more
data than is needed. This can easily lead to privacy problems in
some national collection repositories, so
planning is particularly necessary. In any event, a national
strategy of data collection is required, with the usual
sorts of legal and policy guidance on who collects what and
under which circumstances. As we suggested
above, this exercise must be guided by the requirements for
security analysis—and nothing else.
Only collect as much data as is necessary for security purposes.
41
Correlation
The principle of correlation involves a specific type of analysis
that can be performed on factors related to
105. national infrastructure protection. The goal of correlation is to
identify whether security-related indicators
might emerge from the analysis. For example, if some national
computing asset begins operating in a sluggish
manner, then other factors would be examined for a possible
correlative relationship. One could imagine the
local and wide area networks being analyzed for traffic that
might be of an attack nature. In addition, similar
computing assets might be examined to determine if they are
experiencing a similar functional problem. Also,
all software and services embedded in the national asset might
be analyzed for known vulnerabilities. In each
case, the purpose of the correlation is to combine and compare
factors to help explain a given security issue.
This type of comparison-oriented analysis is indispensable for
national infrastructure because of its
complexity.
Monitoring and analyzing networks and data collection may
reveal a hidden or emerging security threat.
Interestingly, almost every major national infrastructure
protection initiative attempted to date has
106. included a fusion center for real-time correlation of data. A
fusion center is a physical security operations
center with means for collecting and analyzing multiple sources
of ingress data. It is not uncommon for such a
center to include massive display screens with colorful,
visualized representations, nor is it uncommon to find
such centers in the military with teams of enlisted people
performing the manual chores. This is an important
point, because, while such automated fusion is certainly
promising, best practice in correlation for national
infrastructure protection must include the requirement that
human judgment be included in the analysis.
Thus, regardless of whether resources are centralized into one
physical location, the reality is that human
beings will need to be included in the processing (see Figure
1.10).
Figure 1.10 National infrastructure high-level correlation
approach.
In practice, fusion centers and the associated processes and
correlation algorithms have been tough to
107. implement, even in small-scale environments. Botnets, for
example, involve the use of source systems that are
selected almost arbitrarily. As such, the use of correlation to
determine where and why the attack is occurring
has been useless. In fact, correlating geographic information
with the sources of botnet activity has even led to
many false conclusions about who is attacking whom. Countless
hours have been spent by security teams
poring through botnet information trying to determine the
source, and the best one can hope for might be
42
information about controllers or software drops. In the end,
current correlation approaches fall short.
What is needed to improve present correlation capabilities for
national infrastructure protection involves
multiple steps.
Three Steps to Improve Current CorrelationCapabilities
1. The actual computer science around correlation algorithms
needs to be better investigated. Little
108. attention has been placed in academic computer science and
applied mathematics departments to
multifactor correlation of real-time security data. This could be
changed with appropriate funding and
grant emphasis from the government.
2. The ability to identify reliable data feeds needs to be greatly
improved. Too much attention has been
placed on ad hoc collection of volunteered feeds, and this
complicates the ability for analysis to perform
meaningful correlation.
3. The design and operation of a national-level fusion center
must be given serious consideration. Some
means must be identified for putting aside political and funding
problems in order to accomplish this
important objective.
43
Awareness
109. The principle of awareness involves an organization
understanding the differences, in real time and at all
times, between observed and normal status in national
infrastructure. This status can include risks,
vulnerabilities, and behavior in the target infrastructure.
Behavior refers here to the mix of user activity, system
processing, network traffic, and computing volumes in the
software, computers, and systems that comprise
infrastructure. The implication is that the organization can
somehow characterize a given situation as being
either normal or abnormal. Furthermore, the organization must
have the ability to detect and measure
differences between these two behavioral states. Correlation
analysis is usually inherent in such
determinations, but the real challenge is less the algorithms and
more the processes that must be in place to
ensure situational awareness every hour of every day. For
example, if a new vulnerability arises that has impact
on the local infrastructure, then this knowledge must be
obtained and factored into management decisions
immediately.
Awareness builds on collection and correlation, but is not
110. limited to those areas alone.
Managers of national infrastructure generally do not have to be
convinced that situational awareness is
important. The big issue instead is how to achieve this goal. In
practice, real-time awareness requires
attentiveness and vigilance rarely found in normal computer
security. Data must first be collected and enabled
to flow into a fusion center at all times so correlation can take
place. The results of the correlation must be
used to establish a profiled baseline of behavior so differences
can be measured. This sounds easier than it is,
because so many odd situations have the ability to mimic
normal behavior (when it is really a problem) or a
problem (when it really is nothing). Nevertheless, national
infrastructure protection demands that managers of
assets create a locally relevant means for being able to comment
accurately on the state of security at all times.
This allows for proper management decisions about security
(see Figure 1.11).
Figure 1.11 Real-time situation awareness process flow.
111. Interestingly, situational awareness has not been considered a
major component of the computer security
equation to date. The concept plays no substantive role in small-
scale security, such as in a home network,
because when the computing base to be protected is simple
enough, characterizing real-time situational status
is just not necessary. Similarly, when a security manager puts in
place security controls for a small enterprise,
situational awareness is not the highest priority. Generally, the
closest one might expect to some degree of
44
real-time awareness for a small system might be an occasional
review of system log files. So, the transition
from small-scale to large-scale infrastructure protection does
require a new attentiveness to situational
awareness that is not well developed. It is also worth noting that
the general notion of “user awareness” of
security is also not the principle specified here. While it is
112. helpful for end users to have knowledge of security,
any professionally designed program of national infrastructure
security must presume that a high percentage of
end users will always make the wrong sorts of security
decisions if allowed. The implication is that national
infrastructure protection must never rely on the decision-making
of end users through programs of awareness.
Large-scale infrastructure protection requires a higher level of
awareness than most groups currently employ.
A further advance that is necessary for situational awareness
involves enhancements in approaches to
security metrics reporting. Where the non-cyber national
intelligence community has done a great job
developing means for delivering daily intelligence briefs to
senior government officials, the cyber security
community has rarely considered this approach. The reality is
that, for situation awareness to become a
structural component of national infrastructure protection, valid
metrics must be developed to accurately
portray status, and these must be codified into a suitable type of
regular intelligence report that senior officials
can use to determine security status. It would not be
113. unreasonable to expect this cyber security intelligence to
flow from a central point such as a fusion center, but in general
this is not a requirement.
45
Response
The principle of response involves assurance that processes are
in place to react to any security-related indicator
that becomes available. These indicators should flow into the
response process primarily from the situational
awareness layer. National infrastructure response should
emphasize indicators rather than incidents. In most
current computer security applications, the response team waits
for serious problems to occur, usually
including complaints from users, applications running poorly,
and networks operating in a sluggish manner.
Once this occurs, the response team springs into action, even
though by this time the security game has
already been lost. For essential national infrastructure services,
the idea of waiting for the service to degrade
before responding does not make logical sense.
114. An additional response-related change for national
infrastructure protection is that the maligned concept
of “false positive” must be reconsidered. In current small-scale
environments, a major goal of the computer
security team is to minimize the number of response cases that
are initiated only to find that nothing was
wrong after all. This is an easy goal to reach by simply waiting
for disasters to be confirmed beyond a shadow
of a doubt before response is initiated. For national
infrastructure, however, this is obviously unacceptable.
Instead, response must follow indicators, and the concept of
minimizing false positives must not be part of the
approach. The only quantitative metric that must be minimized
in national-level response is risk (see Figure
1.12).
Figure 1.12 National infrastructure security response approach.
A challenge that must be considered in establishing response
functions for national asset protection is
that relevant indicators often arise long before any harmful
effects are seen. This suggests that infrastructure
115. protecting must have accurate situational awareness that
considers much more than just visible impacts such as
users having trouble, networks being down, or services being
unavailable. Instead, often subtle indicators must
be analyzed carefully, which is where the challenges arise with
false positives. When response teams agree to
consider such indicators, it becomes more likely that such
indicators are benign. A great secret to proper
incident response for national infrastructure is that higher false
positive rates might actually be a good sign.
A higher rate of false positives must be tolerated for national
infrastructure protection.
It is worth noting that the principles of collection, correlation,
awareness, and response are all consistent
46
with the implementation of a national fusion center. Clearly,
response activities are often dependent on a real-
116. time, ubiquitous operations center to coordinate activities,
contact key individuals, collect data as it becomes
available, and document progress in the response activities. As
such, it should not be unexpected that
national-level response for cyber security should include some
sort of centralized national center. The creation
of such a facility should be the centerpiece of any national
infrastructure protection program and should
involve the active participation of all organizations with
responsibility for national services.
47
Implementing the Principles Nationally
To effectively apply this full set of security principles in
practice for national infrastructure protection, several
practical implementation considerations emerge:
• Commissions and groups—Numerous commissions and
groups have been created over the years with
the purpose of national infrastructure protection. Most have had
some minor positive impact on
117. infrastructure security, but none has had sufficient impact to
reduce present national risk to acceptable
levels. An observation here is that many of these commissions
and groups have become the end rather
than the means toward a cyber security solution. When this
occurs, their likelihood of success
diminishes considerably. Future commissions and groups should
take this into consideration.
• Information sharing—Too much attention is placed on
information sharing between government and
industry, perhaps because information sharing would seem on
the surface to carry much benefit to
both parties. The advice here is that a comprehensive
information sharing program is not easy to
implement simply because organizations prefer to maintain a
low profile when fighting a vulnerability
or attack. In addition, the presumption that some organization—
government or commercial—might
have some nugget of information that could solve a cyber attack
or reduce risk is not generally
consistent with practice. Thus, the motivation for a commercial
entity to share vulnerability or
incident-related information with the government is low; very
little value generally comes from such
118. sharing.
• International cooperation—National initiatives focused on
creating government cyber security
legislation must acknowledge that the Internet is global, as are
the shared services such as the domain
name system (DNS) that all national and global assets are so
dependent upon. Thus, any program of
national infrastructure protection must include provisions for
international cooperation, and such
cooperation implies agreements between participants that will
be followed as long as everyone
perceives benefit.
• Technical and operational costs—To implement the
principles described above, considerable technical
and operational costs will need to be covered across government
and commercial environments. While
it is tempting to presume that the purveyors of national
infrastructure can simply absorb these costs
into normal business budgets, this has not been the case in the
past. Instead, the emphasis should be
on rewards and incentives for organizations that make the
decision to implement these principles. This
point is critical because it suggests that the best possible use of
119. government funds might be as
straightforward as helping to directly fund initiatives that will
help to secure national assets.
The bulk of our discussion in the ensuing chapters is technical
in nature; that is, programmatic and
political issues are conveniently ignored. This does not diminish
their importance, but rather is driven by our
decision to separate our concerns and focus in this book on the
details of “what” must be done, rather than
“how.”
Finally, let’s look at how the ever-changing policy of the United
States helps prevent or minimize
disruptions to the critical national infrastructure. The
implementation of the policy is crucial in order to
protect the public, the economy, government services, and the
national security of the United States.
48
120. 49
Protecting the Critical National Infrastructure Against Cyber
Attacks
Information technology has grown to provide both government
and the private sector with an efficient and
timely means of delivering essential services around the world.
As a result, these critical systems remain at risk
from potential attacks via the Internet. It is the policy of the
United States to prevent or minimize disruptions
to the critical information infrastructure in order to protect the
public, the economy, government services, and
the national security of the United States.
The federal government is continually increasing capabilities to
address cyber risk associated with critical
networks and information systems. On January 8, 2008,
President Bush approved the National Security
Presidential Directive 54/Homeland Security Presidential
Directive 23, which formalized a series of
continuous efforts designed to further safeguard federal
government systems and reduce potential