The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
For more course tutorials visit
www.tutorialrank.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
This Paper is Submitted to Fulfill The English 2 Task Study Program Software Engineering 4th Semester Buddhi Dharma University. Tangerang. Lecturer: Dra. Harisa Mardiana, M.Pd.
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
For more course tutorials visit
www.tutorialrank.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
This Paper is Submitted to Fulfill The English 2 Task Study Program Software Engineering 4th Semester Buddhi Dharma University. Tangerang. Lecturer: Dra. Harisa Mardiana, M.Pd.
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
The need for information security within small to mid-size companies is increasing. The risks of information security breach, data loss, and disaster are growing. The impact of IT outages and issues on the company are unacceptable to any size business and their clients. There are many ways to address the security for IT departments. The need to address risks of attacks as well as disasters is important to the IT security policies and procedures. The IT departments of small to medium companies have to address these security concerns within their budgets and other limited resources.Security planning, design, and employee training that is needed requires input and agreement from all levels of the company and management. This paper will discuss security needs and methods to implement them into a corporate infrastructure.
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
This report from the Security for Business Innovation Council (SBIC), sponsored by RSA, contends that keeping pace with cyber threats requires an overhaul of information-security processes and provides actionable guidance for change.
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
ScottMadden, Inc., one of North America’s leading energy consulting firms, has released a report on cybersecurity within the energy sector. This new report helps utilities understand how their cybersecurity practices and perceptions compare to those of industry peers. It is a resource for utility executives evaluating their cybersecurity capabilities. Additional industry cybersecurity information can be found on ScottMadden’s sponsored website: GridCyberSec.com.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Long-term care financial professionals need to be aware of two major technology trends in the healthcare industry: business intelligence and data security.
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.
Ce rapport produit par WhiteHat en mai 2013 offre une vision pertinente des menaces web et des paramètres à prendre en compte pour assurer sécurité et disponibilité.
Why security is the kidney not the tail of the dog v3Ernest Staats
Security is sometimes thought of being the tail that wags the Dog. A better analogy is that Cyber Security should be the Kidneys of the organization taking out the waste while allowing the useful information to pass.
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
The need for information security within small to mid-size companies is increasing. The risks of information security breach, data loss, and disaster are growing. The impact of IT outages and issues on the company are unacceptable to any size business and their clients. There are many ways to address the security for IT departments. The need to address risks of attacks as well as disasters is important to the IT security policies and procedures. The IT departments of small to medium companies have to address these security concerns within their budgets and other limited resources.Security planning, design, and employee training that is needed requires input and agreement from all levels of the company and management. This paper will discuss security needs and methods to implement them into a corporate infrastructure.
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
This report from the Security for Business Innovation Council (SBIC), sponsored by RSA, contends that keeping pace with cyber threats requires an overhaul of information-security processes and provides actionable guidance for change.
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
ScottMadden, Inc., one of North America’s leading energy consulting firms, has released a report on cybersecurity within the energy sector. This new report helps utilities understand how their cybersecurity practices and perceptions compare to those of industry peers. It is a resource for utility executives evaluating their cybersecurity capabilities. Additional industry cybersecurity information can be found on ScottMadden’s sponsored website: GridCyberSec.com.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Long-term care financial professionals need to be aware of two major technology trends in the healthcare industry: business intelligence and data security.
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.
Ce rapport produit par WhiteHat en mai 2013 offre une vision pertinente des menaces web et des paramètres à prendre en compte pour assurer sécurité et disponibilité.
Why security is the kidney not the tail of the dog v3Ernest Staats
Security is sometimes thought of being the tail that wags the Dog. A better analogy is that Cyber Security should be the Kidneys of the organization taking out the waste while allowing the useful information to pass.
Discussion 300 wordsSearch scholar.google.com or your textbookhuttenangela
Discussion 300 words
Search "scholar.google.com" or your textbook. Discuss how organizations have faced the challenges that incident handlers are challenged with in identifying incidents when resources have been moved to a cloud environment.
Reply to classmate 1: 275 words
Incident Handlers Challenges
The cloud computer helps the people to share their distributed resources which are related to different business organizations. Cloud computing helps business organizations in managing their business around the globe. The cloud computing application helps business organizations in expanding their business at a large level. It can be assessed on web devices from anywhere. Nowadays cloud computing helps the business organizations in meeting the demands of their customers more efficiently. The malicious cloud system has been noticed by the incident handlers which is a core concern for the business organization. Nowadays every business organization is using cloud computing in order to manage their important data and information of the business. The business organization is facing many incidents in their organization which can directly affect the working of their business. The main challenge that has been faced by the incident handlers is the accuracy in identification (John W. Rittinghouse, 2017).
The number of challenges that faced in the cloud environment are as follows:-
1. Challenge of denial of services: - The first main challenge that has been faced by the incident handler is the denial of services. There are various incidents of service attacks which can create a bogus request for preventing the system within the stipulated time. Such physical attack creates a challenge of service denial for the system.
2. Challenge of malicious code: - The second main challenge which can be faced by the incident handler is the challenge of malicious code. It can quickly affect the number of workstations in the business organization. It effects the working of the business organization.
3. Challenge of unauthorized access:- The third main challenge which is being faced by the incident handler is the unauthorized access of the system by the third party in the business organization. It can affect important data and information about the business. The attackers can access the system by the unauthorized way and steal the important data of the business organization.
4. Challenge of inappropriate use:- The fourth main challenge which may be faced by the incident handlers is the challenge of inappropriate use of the system. In the business organization, any employee can provide the illegal copies of the software to the other company employees. They can take advantage of the data and can misuse it.
5. Cloud service provider challenge:- The fifth main challenge that can be faced by the incident handler is the cloud service providers. This situation occurs when there is no control over the actions provided by cloud service provid ...
1
Running Header: ORGANIZATIONAL SECURITY
4
ORGANIZATIONAL SECURITY
ORGANIZATIONAL SECURITY
Student’s Name
Tutor’s Name
Course Title
Date
Introduction
The security of the world is currently increasing in a simultaneous manner. Many countries all around the world try harder to cater to its citizens despite having huge numbers of citizens. Business is the core factor that gives out people a way to a better life. Organizations have emerged and that they all try as much as possible to be successful, despite having many challenges in the market square. The exchange of goods and services is the main core issue that led to the emergence of business globally. In general terms there are different products that are produced all around the world, researchers have proven that for the business to be rated in a successful level the security status of the business must also be considered. Security generally protects the product and services of the organization. It is very important to keep the security of the of the company high, this is based on the fact that all the product and services produced by the company will be secured from competitors and the ill motive individuals who might want to bring down the business. Employers and employees are the ones who are responsible for keeping the security in an organization to be at a high level.
Background information
In today’s world, everything that is tangible is always stored in a digital form. When the business lacks a form to defend its digital assets generally the business is lost, thus the potential loss of the business will grow bigger every day. (Gupta, Rees, Chaturvedi & Chi, 2006) The need of having legal security in the organization literally existed ever since the introduction of the first computer in the business environment. Recently the paradigm has greatly shifted over the years, nevertheless from the client-server systems and terminal server mainframe systems.
Despite the security system being very important, in many terms it has not always been set aside to be critical in organizational success. With the existence of the mainframe system being in the place, many organizations manage to protect their own systems from the abuse of the resources, for instances having unauthorized user gaining access to the organizational system and also the act of authorized user hogging company’s resources. Such types of abuse were considered to be more damaging based on the fact that the system had a higher cost during the early mainframes days. As time goes by, the technology techniques developed and increased to some level, hence the cost of the systems resources decreases, this issue apparently becomes less important to the business environment. (Gupta, Rees, Chaturvedi & Chi, 2006)The evolving act of having remote access outside the organizational networks was also considered to be non-existence. Furthermore, only the underground community had higher tools and knowledge that is rightfully needed.
Security SolutionThe weekly assignment for the course is a compreh.docxkaylee7wsfdubill
Security
Solution
The weekly assignment for the course is a comprehensive assignment. Each week, you will be completing part of this assignment based on the content covered in the week. You will add new content to the report each week to build a comprehensive security solution for an organization.
Scenario
A tire manufacturing company, who wishes to be called ABC, Inc. to protect its privacy, has recently fallen victim to a cybercrime. The customer information and some of its proprietary technology were compromised in the attack. This company has been in the business for pretty long and enjoys a big market share. If its identity is disclosed, the attack has the potential to cause it to lose customer confidence. Also, some of its competitors are constantly looking for opportunities to hack the company's important strategic and functional information.
The company's head, Dermot Reed, is very concerned about the situation because a recent study shows that some of its competitors have started using its techniques. The source of the attack remains unknown. It could be that an internal, disgruntled, or greedy employee has been involved in the attack or has been revealing important information to its competitors. Moreover, there have been several attempts of hacking in the past that have been unsuccessful, prior to the incident. Ed Young, the network administrator, has requested a budget for a system overhaul to rebuild the infrastructure of the organization with an emphasis on security.
The company does not have anything currently in terms of true security measures. Young is competent but has limited understanding of attack methodologies. The attacks were thwarted mainly due to automated antivirus programs installed on the servers. ABC, Inc. has a network with four servers that cater to around 450 employees. ABC, Inc. keeps track of its data using a MySQL database. However, some of the data is found to be incorrect in its database since somebody has modified it outside of normal business operation hours.
The database server is used for updating the inventory records. The database contains information about quantity of raw materials available, quantity of finished products, price of finished products, etc. Users from across the organization use the database to access different information. Therefore, availability of the server is critical. Young would like a recommendation from you on the fault-tolerance mechanism that can ensure uninterrupted business and security on the database to prevent unauthorized modifications.
Ken Burton, the sales and marketing head is worried about the security of the laptops that the sales and marketing personnel carry with them while traveling. Burton has previously reported that data on these laptops has been leaked or hacked when these laptops are outside the organization network. Burton wants a system by which these computers can be secured while they move out of the organizational network and still maintain a secure.
ServiceNow SecOps enables faster response to urgent IT security concerns, as well as the detection and management of deep-seated IT security threats. ServiceNow offers full-stack Security Operations (SecOps) services to assist companies in accurately and effectively handling security activities.
To implement data-centric security, while simultaneously empowering your business to compete and win in today’s nano-second world, you need to understand your data flows and your business needs from your data. Begin by answering some important questions:
•
What does your organization need from your data in order to extract the maximum business value and gain a competitive advantage?
•
What opportunities might be leveraged by improving the security posture of the data?
•
What risks exist based upon your current security posture? What would the impact of a data breach be on the organization? Be specific!
•
Have you clearly defined which data (both structured and unstructured) residing across your extended enterprise is most important to your business? Where is it?
•
What people, processes and technology are currently employed to protect your business sensitive information?
•
Who in your organization requires access to data and for what specific purposes?
•
What time constraints exist upon the organization that might affect the technical infrastructure?
•
What must you do to comply with the myriad government and industry regulations relevant to your business?
Finally, ask yourself what a successful data-centric protection program should look like in your organization. What’s most appropriate for your organization?
The answers to these and other related questions would provide you with a clearer picture of your enterprise’s “data attack surface,” which in turn will provide you with a well-documented risk profile. By answering these questions and thinking holistically about where your data is, how it’s being used and by whom, you’ll be well positioned to design and implement a robust, business-enabling data-centric protection plan that is tailored to the unique requirements of your organization.
Want to know how to secure your web apps from cyber-attacks? Looking to know the Best Web Application Security Best Practices? Check this article, we delve into six essential web application security best practices that are important for safeguarding your web applications and preserving the sanctity of your valuable data.
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdfEnterprise Insider
For the past few years, cybersecurity has been among the most talked-about subjects across the globe. Enterprises have witnessed a considerable number of data breaches and heinous cyber-attacks that it’s nearly impossible to deny the notion that individuals need to pay greater attention to cybersecurity.
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
How Can Enterprise App Development Help Your Business Growth.pdfXDuce Corporation
Enterprise application development is the process of creating and deploying scalable and
reliable apps to help enterprises streamline their business operations, improve productivity,
lower costs, and so on. Enterprise app development is possible to develop for both internal
and external use. Enterprise app development helps a business in many ways. The significant
advantage of enterprise app development services is that it provides the ability to store a
massive amount of informatio
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
2. Executive Summary
XYZ isan organizationwhichisinto ecommerce domainandhasloadsof confidential data pertaining to
the customersand employees.The organization has more than 5000 employees across the locations in
the country and today there have been intrinsic issues which have shown signs of cyber security issue
that could come up.
As an appointed manager of cyber security systems to devise the incident response plan for the
organization for cyber security, in this report an attempt has been made to understand the intrinsic
factors of cyber security issues and the challenges that are encountered by the Apache and the IIS
webservers which the organization use for hosting their web applications.
Reviewof datafromacademicand industrial journals and studies has been taken up to understand the
intrinsic factors of cyber threat and the description have been given in this report and the
recommendations that could help the organization have been indicated at the end of the report.
Few measures like DR tests, department oriented recovery plan development, controlled access,
monitoringandauditof servers,limitingthe remote access,termination of few unnecessary services in
the operating systems are few of the recommendations that have been made as a part of the plan to
incident response to cyber security threats to the organization.
3. Table of Contents
Executive Summary ............................................................................................................................2
Table of Contents ...............................................................................................................................3
Introduction.......................................................................................................................................4
Cyber Security and disaster recovery an intrinsic need for Organizations...............................................5
Conclusion .........................................................................................................................................7
Recommendations..............................................................................................................................8
References.......................................................................................................................................10
4. Introduction
XYZ is an organization which is in to ecommerce based business and has its employee base across
several locationsinthe country. Around 5000 employees of the organization always carry out their job
responsibilitiesfromthe systemandthe organizationhas huge datatransactionsthatkeep taking place.
One of the critical factorsfor the organization is the sensitivity of the data, as the data which is getting
transactedinthe data serversof the companyholdslotof confidentialinformationlike medical records,
financial data of the customers and various other kind of sensitive data which if leaked could incur a
financial loss to the customers and also it could turn out to be a legal issue for the company and also
shall result in breach of trust of the customers and the business eventually.
In the current scenario, the organization has its server only in one location and all the systems are
getting connected to one central server where all the records of the customers and the other data are
stored.There are conglomerate systemswhere the employeesuse as Microsoft Windows 8, Windows 7
and fewpeople use MacPro.Alsothe otherinterface for the servers is thru the Blackberry and iPhone.
The rapid development of technology is facilitating the growth factor for the organization but also the
negative shadesof technologicaladvancementsare impacting the organization in a significant manner.
(Bertino&Ravi Sandhu,2005) Numerouswebserversare gettinghackedandcurrentlythisisturningout
to be a growingconcernforXYZ as theircurrentdata serversare combination of Apache Servers and IIS
serversandisaccessedfrommultiple locationsandmultiple interfaces.Insucha context,ensuringcyber
securitymeasuresinplace isveryessential andthisreportisanincidentresponse planforcybersecurity
measure to the organization. (Farm, 2011)
Prevention is better than cure and ensuring that in the organization we adapt the scenario where the
focusis more on establishingcybersecurityforthe organizationalsystemsandinformation.However,at
times,despiteof ourrepeatedattemptsif there isanykindof disasterthathitsourcyber securityhaving
an incident response plan for the disaster management is very essential. Having a right disaster
managementplansthatcan have specifics for RPO and RTO is very vital for the organization. There are
5. manytechniquesthatcould help us recover from the disasters of cyber security breach and one has to
ensure that adequate systems have to be in place for the same.
The challenges, the threat factors and the disaster management techniques have been reviewed and
detailed inthisreportforcybersecurityissuesfrom various operating system perspectives and also on
the Apache and IISservers’basis.The cybersecurityplan fordisaster recovery incident plans that could
be put inplace to secure the servers and the data systems has been discussed in this report along with
the conclusive notes.
Cyber Security and disaster recovery an intrinsic need for Organizations
Cyber security has become an increasingly an issue of concern for the organizations. In the present
trend, organizations have deployed special teams to monitor the cyber security systems of the
organization.Inthe rapidlygrowingtechnological environment,majorityof the factorsare relatedtothe
organizational informationsecurity.There are manyaspectslike enterprise application designs, system
and network architecture, information architecture and the servers where the database is stored and
many more factors have intrinsic security layers that have to be adapted. (Chhikara & Arun K. Patel,
2013)
If the organizational data systems are vulnerable and prone to security issues, it could lead to more
complicationsforthe organizationintermsof compromising the security of the data, and so much that
functionalityandthe entire businessdynamicsof the organization mightgetaffected.Contingencyplans
are always essential in order to ensure that there is appropriate disaster recovery plans in the
organizationif there isanykindof cybersecurityissues.Because,if the disaster recovery is not handled
effectively,itcouldbe amajor catastrophe tothe organization.The extentof implicationscouldbe more
severe that there shall be kind of legal complications too that could arise out of the scenario.
Numerous studies reflect that every day many webservers are hacked thru malicious software
inducementorthirdpartyaccess into the systems. One of the key factors that the organization should
ensure isthat theirserversare notprone to suchattacks, for whichthere are manymeasuresthathas to
be adapted by the organization. (Grimes, 2007) And also there should be enough techniques and
6. measuresinplace toadapt effectivedisasterrecoverykeepinginmindthe scope both the conditions of
Recover Time Objective and Recover Point Objective.
There are variouskindsof threats that affect the webservers. Research reports indicated that majority
of the times;the datasecurityisbecomingaconcern due to the third party access to the servers. When
the webserversare notsostrong,effectivelyorganizationssufferthe impact of such attacks. In the case
of XYZ,there iscombinationof webserverslike Apache andIISservers.Research reports indicate that in
mostof the instancesthe Apache serversare more vulnerable toattackscompared to IIS servers. (Woo,
HyunChul Joh, Omar H. Alhazmi, & Yashwant K. Malaiya, 2011)
It iscertainthat Apache serverscanhost more active websitesandhasa dynamicstructure comparedto
the IIS servers. But the crux is that IIS servers are in a way, better secured compared to the Apache
servers. There could be many technical and intrinsic reasons for the same. (Grimes, 2007)
In a considerable note it can be stated that both Apache and IIS are relatively secured, however the
challenge isthe accuracyof the serverinstallationandmaintenance.The Apache webserver is currently
one of the preferredwebserversinthe organizations,keepinginview the complexities associated with
Microsoft’s Internet Information Server (IIS). It is perceived in common that Apache servers are more
easyto be securedwhencompared to the IIS which is true to an extent, however even Apache is not a
securedwebservers.The majorchallenge for the webserver security lies in creating secure scripts that
run on our webservers; this applies to any of the webservers which we might be using. (Balakumar,
Rangarajan, & Ragavi, 2014)
The major challenges for the organization are to ensure during disaster recovery plans and incident
response systemis thatSQLinjection exploits are mitigated. Because the prevalent methods by which
the organizations face the threat in the webservers are based upon the SQL injections of malicious
software totrack and leakcritical informationlike Financial data, personal data of the organization and
many other such intrinsic factors that could affect the organizational effectiveness and the breach of
trust of the customers.Attimesthe cross-site scriptingcouldalsobe usedbythe trickusers towards the
information leakage, and by uploading the malicious scripts to vulnerable servers, the hackers could
developamockloginareawhere visitorsmightendupgivingtheirconfidentialinformation. (Balakumar,
Rangarajan, & Ragavi, 2014)
7. According to a website Applicure which reflects on the intensity of threat to webservers, “Being
flagged as malicious by search engines: various vulnerabilities found in many web sites allow
attackers to upload spam links to a site. Sites vulnerable to Cross-Site Scripting can also be
exploited so that attackers can upload malicious scripts like Trojan horses, keystroke loggers,
adware, spyware, and other malware. Once the search engines become aware of sites serving
spam or malware, they are flagged as malicious and their page ranking drops” (Applicure)
In the conditions of such malware attacks, the disaster recovery plans has significant role and by
ensuring that we have suitable system the recovery of the servers could be handled effectively.
Conclusion
Despite the fact that the organizations take up secured webservers from IIS or Apache kind of secured
servers,there isalwaysanelement of risk factors associated with the systems, if appropriate methods
are notincorporatedtowardsaddressingthe challenges.Twomajorkindsof threats to the data security
in the webservers are thru SQL injection of malicious software to collect various kinds of information.
(Osborne, 2013)
The secondary channel of threat is thru the unauthorized access which the hackers or attackers do on
the system. The access control could be gained by hacking the passwords of the employees thru
phishing techniques when they try to access the database from the external or private locations like
home or publiclocationswhichmightnotbe securedenough. Whenthe organizationsdonotsecure the
systemthese kindsof vulnerablethreatsare encountered.Keepinginview the detailsof variouskindsof
threats that are discussed in the above sections, the recommendations are made in the following
sections that could support our organization XYZ in having a strong disaster recovery plans in place for
the organizationinorderto ensure thatif there isany kind of breach and also the preventive measures
that could be adapted as a part of the cyber security techniques. (Lane, 2009)
8. Recommendations
Despite the fact that securing a web server can be a daunting issue and needs domain expertise, the
task is not impossible provided if we take certain measures to incorporate security features in the
operational aspectof the webservers.The securityof the webserver is critical irrespective of what kind
of servers we adapt; if we are opting for any kind of out of the box configuration it could be very
insecure.Fewof the factors that could help the organization in building an effective disaster recovery
and security for the webservers are as follows. (Applicure)
One of the critical factorsis that whenthe managementtakesintoaccount the business continuity and
alsothe plansfor disasterrecovery,itisveryessential thatdisruptionsdue tomajorinformationsecurity
failureshave tobe takento considerationandunlessthere are significantmeasuresthatare adaptedfor
business continuity organizational dynamics and goals might suffer.
One of the key factors for incident response to be effective is that ensuring that Business Continuity
Plansare inplace and isdynamic. The BCP document is a very crucial document that has to be updated
withnew versions and strategies, regularly after periodical tests and audit of the existing plans to the
ongoing cyber security scenario and also external sources of information related to the cyber security
issues. If the documented plan is very effective, even by using the external sources that don’t have
intrinsicknowledgeondisasterrecoveryalsocouldbe usedeffectivelytohandle the businesscontinuity
process. Ensuring that the DR tests are conducted on the prototypes is very important in order to
evaluate the critical aspects that could prove vital to the business continuity. (Vijayan, 2005)
.
9. Removal of Unnecessary Services
Ensuringthat anykindof defaultserviceorconfigurationinstallationslike remote registry services, RAS
or any kindof printregistryserviceshastobe eliminate from the server, which are not usually used for
webserversconfiguration. If these kinds of services are allowed to run in the server more opportunity
for malicious users to exploit gets high due to the open ports in the server. Hence disabling the
unnecessary services from back end run or auto start with the system has to be avoided.
Restricting Remote Access
During the disaster recovery periods, despite the fact that it may not be a practical approach, it is
alwaysbeneficial thatthe server administrators login to the webservers local, and unless there is very
critical need,encouragingthe remote accessisnotadvisable,andinthe conditionswhere such access is
veryessential,usingthe techniques like tunneling or encryption protocols are very much essential for
the organization. Also if the access to remote locations can be restricted to fewer IP’s or specific
accounts thru security tokens measures, it can improve the overall security level for the webservers.
(Osborne, 2013)
Creating a plan for individual departments
When we have such a huge employee base of 5000 employees working in various departments and
locations,itisessential thatthe recoveryplansare designed in such a way that individual departments
are also having the plans that align with the enterprise plan in order to curtail any kind of gaps that
couldtake place in followingthe enterpriseplans,andthiscouldbe developed in consultation with the
respective department heads and also by conducting DR tests at the department levels too which can
increase the overall awareness and establishing a robust incident response plans for disaster recovery
and also prevention of cyber security issues. (Magalhaes, 2005)
Issuingof Permissionsto users
While issuingthe permissions and privileges, organization has to ensure that there is no kind of threat
factor and alwaysensure thatthe permissionsare issued only to the extent to which it is required. File
and network services permissions play a vital role in web server security. If a web server engine it is
also very important to assign minimum privileges to the anonymous user which is needed to access
the website, web application files and also backend data and databases. (Acunetix)
.
10. There are manyothersuch securityfeatureslike auditcontrol of the servers, user account verifications
regularly and also usage of scanners that could help the organization in developing a robust secured
webserverenvironmentforthe employeesof XYZtoperformtheir operations without any glitches that
could affect the business continuity whilst of disaster recovery incidents.
References
Acunetix.(n.d.). Web ServerSecurityand DatabaseServerSecurity. RetrievedOct14, 2014, from
Acunetix:https://www.acunetix.com/websitesecurity/webserver-security/
Applicure.(n.d.). Web Application Firewall. RetrievedOct14, 2014, from Applicure:
http://www.applicure.com/solutions/web-application-firewall
Balakumar,N.,Rangarajan,C.,& Ragavi,M. (2014). Investigate the Use of HoneypotsforIntrusion
DetectionDefense. IJARCSSE,355-359.
Bertino,E.,& Ravi Sandhu.(2005). Database Security—ConceptsApproaches,andChallenges. IEEE
TRANSACTIONSON DEPENDABLEANDSECURECOMPUTING,,1-19.
Chhikara,P.,& ArunK. Patel.(2013). EnhancingNetworkSecurityusingAntColonyOptimization. Global
Journalof ComputerScienceand Technology Network,Web & Security.
Farm, M. (2011, June 28). Growing Business. RetrievedOct04, 2014, fromThe MarketingFarm:
http://themarketingfarm.co.uk/cms/2011/06/28/improving-database-security/
Grimes,R.(2007, Sep07). Continuing theWeb ServerSecurity Wars:Is IISor ApacheMoreSecure?
RetrievedOct14, 2014, fromINFOWORLD:
http://www.infoworld.com/article/2649431/security/continuing-the-web-server-security-wars--
is-iis-or-apache-more-secure-.html
Kulkarn,S.,& SiddhalingUrolagin.(2012).Review of AttacksonDatabasesandDatabase Security
Techniques.InternationalJournalof Emerging Technology and Advanced Engineering,253-263.
Lane,D. (2009). Why are you notrunningApache?New IISholesshouldmake yourethinkyourweb
server. Linux Journal.
Magalhaes,R. M. (2005, Jan 11). Security Series: Disaster Recovery Tactics thatEnsureBusiness
Continuity. RetrievedOct14, 2014, fromwindowsecurity.com:
11. http://www.windowsecurity.com/articles-tutorials/misc_network_security/Disaster-Recovery-
Tactics-Part1.html
Murray, M. C. (2010). Database Security:What StudentsNeedtoKnow . Journalof Information
Technology Education:Innovationsin Practice,62-77.
Olzak,T. (n.d.). PhysicalSecurity:ManagingtheIntruder. RetrievedSep20,2014, from InfosecInstitute:
http://resources.infosecinstitute.com/physical-security-managing-intruder/
Osborne,C.(2013, June 26). The top ten mostcommon databasesecurity vulnerabilities. RetrievedOct
04, 2014, fromZD Net:http://www.zdnet.com/the-top-ten-most-common-database-security-
vulnerabilities-7000017320/
Vijayan,J.(2005, Oct 10). The scopeof contingency programsneedsto beexpanded,execssay. Retrieved
Oct 14, 2014, fromCOMPUTERWORLD:
http://www.computerworld.com/article/2559183/security0/data-security-risks-missing-from-
disaster-recovery-plans.html
Woo, S.-W.,HyunChul Joh,OmarH.Alhazmi,&YashwantK. Malaiya.(2011). Modelingvulnerability
discoveryprocessinApache andIISHTTP servers. ScienceDirect, 50-62.
#CyberSecurityAssignment
#AssignmentHelp
#ManagementAssignmentHelp
#AssignmentsHelp
#ProjectsHelp
#HomeworkHelp
#DissertationsHelp
#ThesisHelp
#AcademicAvenue
#AcademicsHelp
#FrustratedWithAssignments