SlideShare a Scribd company logo
Kasha 1
Brian Kasha
AP Literature
Mrs. Corbett
10/14/11

                                       Senior Project Paper


       Information Security is critical in the world of computing. Business must be able to trust

system administrators with keeping their vital information stored on network servers. However,

with the nature of the information that administrators are tasked with holding, comes many

entities willing to obtain these secrets through illegal or even unmoral methods. This coupled

with internal security issues creates a plethora of problems for security professionals. This paper

will now proceed to analyze current threats that major companies face while attempting to offer

solutions to these conundrums.

       Often issues arise from a lack of basic understanding of how to secure servers and

systems. Without this basic skill set, many company security structures are doomed to be

ineffective from their very inception. Physical security is of the utmost importance when

attempting to secure a server and is often overlooked (Dhar 1). If potential threats are allowed

direct access to a target system, only harm can ensue. For example one with direct access to a

computer could boot the system into single user administrative mode or even boot an entirely

different operating system in order to compromise the box. This catastrophe can be avoided

if, “Only authorized users have physical access to the hardware. This can typically be ensured by

the use of badges, cards, or other forms of ID” (Dhar 1).

       Systems that are improperly configured during installation of the OS are another basic

target for cyber criminals. A system without proper hard drive partitioning, boot loader security,

root password security, or one with unnecessary services running is often the target of malicious
Kasha 2
attacks (Dhar 4). Hard drive partitioning segments a system into different parts. This means that

if someone gains unauthorized access to one partition, they wont necessarily be able to access

other parts of the box. Boot loader security should be in place in order to prevent unintended

changes to a system on boot. Passwords are also critical. Easy passwords with very few

characters are easy pickings for hackers. Finally unnecessary services are never a good thing.

They provide yet another means of entry into a improperly configured system.

       In many cases, the very system set up to provide security is the reason that security never

improves. Big security companies are, by definition, reactive to their environment. This means

that they rarely attempt to proactively protect against future threats and instead focus of reacting

to threats that have already been identified (Utin 3). The time, energy, and resources spent

protecting from already known threats detract from preparation for the future.

       A modest proposal would be to equally focus on both spectrum: the present and the

future. If more resources were allotted for research into predicting future threats, the security

world would be better prepared to meet this threat. In fact, the decreasing impact that future

situations would have on companies would allow these companies to focus more on eradicating

existing threats. With this mode of operation, already practiced by some, security would greatly

improve in only a 5 year span (Utin 5). This is an ideal worth striving for.

       Another issue that needs discussing is that of business politics interfering in the

information security world. Hiring of security professionals is an act controlled by a business.

However, most of the decision makers have little to no knowledge of what characteristics to look

for in an adequate information security employee. Utin describes it this way, “If you look at a

typical job requirements list for a system administrator, you will see a laundry list of operating

systems, hardware, software, and so forth. If you compare that to the job requirements of a
Kasha 3
security specialist, you’ll see a similar if not identical laundry list. This identikit quality comes

from management’s lack of understanding of information security and its unique needs” (Utin 7).

This is a significant issue and employers need to be better educated about the positions they are

hiring.

          The very nature of big business also hinders security. An exuberant amount of legality

and protocol often interfere with securities day to day job. For example, a U.S. security

contractor found 60 systems with blank administrator passwords. This task should have taken

approximately 2 days to complete. However, due to the need to inform his superiors, ask for

permission, and provide a detailed explanation of the solution to this issue, these systems went

unsecured for 60 days. If the public had found out about the incident during this time period,

it could have been catastrophic to government sector he was tasked with protecting (Utin 5).

If security professionals were allowed to do there jobs without repercussion from business,

problems could be solved much more efficiently. The practice of chain of command however is

not likely to dissipate any time in the foreseeable future.

          Businesses also have a problem with keeping employees invested in the success of

the company. If a security breach takes place, how will it affect them? It will only harm the

company. How then can individuals, the most important part of any security system, be expected

to protect the company? One way is through the use of incentives. Pay people more to, in the

long run, save the company money. By connecting a persons livelihood to a job, these incentives

directly correlate with the loyalty one feels to a company and its success.

          A companies profit motive also directly affects their security decisions. The most

numerous security breaches are going to cost very little in damages to the company, therefore

they just are not going to pay for a fix that may cost more money. This practice is not damaging
Kasha 4
to a company in the short run yet small security breaches in the past can grow into big problems

for the future.

        A correlation has also been shown between information security breaches and a

companies market value. “While some studies have shown a statistically significant negative

correlation between information security breaches and the stock market returns of firms, other

studies have found no significant relation. In a similar vein, the empirical results of studies

examining the relation between specific types of information security breaches (e.g., breaches

of confidentiality) and the stock market returns of firms have also been mixed” (Gordon 2). This

conflicting data has caused many businesses to not take this threat as a serious attack on their

profits. They have in many cases just learned to deal with it and do not even try to prevent it.

This backing off by business has in itself fueled the growth of cyber crime since it is, for the first

time since the Internet’s inception, once again proving to be very profitable.

        This profitability of cyber crime is supplying a constant stream of new recruits to the

underground world. Record levels of cyber crime, both large and small, is being committed. This

increase in attacks has proved strenuous on the security community. For example, companies

such as Sony, Pay pal, Visa, and Bank of America have been targeted for political, moral, and

financial reasons.

        The threat of political and moral hackers, known as “Hacktavists”, has proved difficult

for security professionals. This transformation from profit motivation to political motivation

has in many cases strengthened the hacking movement. Hackers are no longer fighting uneven

battles against super wealthy corporations. Hacktavists are gaining significant monetary support

from supporters of their various causes. This has allowed them to grow in strength.

        The media attention that hackers have been receiving, though negative, is actually
Kasha 5
supporting the movement. Hacking groups such as the now infamous LulzSec or segments of

the collective called Anonymous have been ingrained in television media due to their humorous,

though illegal, exploits. The younger viewers of such TV see them as hero’s of a sort for taking

on the all powerful corporate world. This media attention is unknowingly fueling there exploits.

       In conclusion, The security industry has a long way to go. The list of problems

encountered seems to never end and is constantly growing. These problems, both internal and

external, are just a few in a violent information war going on around the world everyday. Due

to the nature of what information security experts must protect, this industry in quickly going to

become one of the most important in the world.

More Related Content

What's hot

Websense
WebsenseWebsense
Websense
CMR WORLD TECH
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.
Universidad Cenfotec
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
Mike McMillan
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
Colleen Beck-Domanico
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Tripwire
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
karlhennessy
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
ShareDocView.com
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?
touchdown777a
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
EMC
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 

What's hot (20)

Websense
WebsenseWebsense
Websense
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 

Viewers also liked

Speech
SpeechSpeech
Speech
Brian Kasha
 
Mastering social media for PR campaigns
Mastering social media for PR campaignsMastering social media for PR campaigns
Mastering social media for PR campaigns
Teri Cooper
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
Brian Kasha
 
Projeto ic
Projeto icProjeto ic
Projeto ic
felipenw
 
Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1nistryan
 
3 angi hicheel
3 angi hicheel3 angi hicheel
3 angi hicheelDegi Ham
 
3 r doloo honog
3 r doloo honog3 r doloo honog
3 r doloo honogDegi Ham
 
Cera sldshare part 1
Cera sldshare part 1Cera sldshare part 1
Cera sldshare part 1
juliebelanger2011
 
Sote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenneSote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenne
Ossi Stenholm
 
Adm procesos
Adm procesosAdm procesos
Adm procesos
Gonzalo Miranda
 
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versioLiiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versioOssi Stenholm
 
Verotuskoulutus 20091103
Verotuskoulutus 20091103Verotuskoulutus 20091103
Verotuskoulutus 20091103
Ossi Stenholm
 

Viewers also liked (16)

Bichih 3
Bichih 3Bichih 3
Bichih 3
 
Speech
SpeechSpeech
Speech
 
Ayalal 1
Ayalal  1Ayalal  1
Ayalal 1
 
Mastering social media for PR campaigns
Mastering social media for PR campaignsMastering social media for PR campaigns
Mastering social media for PR campaigns
 
1,2주
1,2주1,2주
1,2주
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
Projeto ic
Projeto icProjeto ic
Projeto ic
 
Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1Верхньопетровецька ЗОШ І-ІІІ ступенів №1
Верхньопетровецька ЗОШ І-ІІІ ступенів №1
 
3 angi hicheel
3 angi hicheel3 angi hicheel
3 angi hicheel
 
3 r doloo honog
3 r doloo honog3 r doloo honog
3 r doloo honog
 
Ayalal 5
Ayalal 5Ayalal 5
Ayalal 5
 
Cera sldshare part 1
Cera sldshare part 1Cera sldshare part 1
Cera sldshare part 1
 
Sote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenneSote-integraatio ja palvelurakenne
Sote-integraatio ja palvelurakenne
 
Adm procesos
Adm procesosAdm procesos
Adm procesos
 
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versioLiiketoiminnan analysointi ja_prosessointi_lyhyt_versio
Liiketoiminnan analysointi ja_prosessointi_lyhyt_versio
 
Verotuskoulutus 20091103
Verotuskoulutus 20091103Verotuskoulutus 20091103
Verotuskoulutus 20091103
 

Similar to Research Paper

Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
Enterprise Technology Management (ETM)
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
GFI Software
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
Ban Selvakumar
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
EMC
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
AnastaciaShadelb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
ChantellPantoja184
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
Strategy&, a member of the PwC network
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
Torrid Networks Private Limited
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
Spark Security
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdf
rohit219406
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_Hill
Dennis Hill
 
Retail
Retail Retail

Similar to Research Paper (20)

Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdf
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_Hill
 
Retail
Retail Retail
Retail
 

Recently uploaded

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 

Recently uploaded (20)

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 

Research Paper

  • 1. Kasha 1 Brian Kasha AP Literature Mrs. Corbett 10/14/11 Senior Project Paper Information Security is critical in the world of computing. Business must be able to trust system administrators with keeping their vital information stored on network servers. However, with the nature of the information that administrators are tasked with holding, comes many entities willing to obtain these secrets through illegal or even unmoral methods. This coupled with internal security issues creates a plethora of problems for security professionals. This paper will now proceed to analyze current threats that major companies face while attempting to offer solutions to these conundrums. Often issues arise from a lack of basic understanding of how to secure servers and systems. Without this basic skill set, many company security structures are doomed to be ineffective from their very inception. Physical security is of the utmost importance when attempting to secure a server and is often overlooked (Dhar 1). If potential threats are allowed direct access to a target system, only harm can ensue. For example one with direct access to a computer could boot the system into single user administrative mode or even boot an entirely different operating system in order to compromise the box. This catastrophe can be avoided if, “Only authorized users have physical access to the hardware. This can typically be ensured by the use of badges, cards, or other forms of ID” (Dhar 1). Systems that are improperly configured during installation of the OS are another basic target for cyber criminals. A system without proper hard drive partitioning, boot loader security, root password security, or one with unnecessary services running is often the target of malicious
  • 2. Kasha 2 attacks (Dhar 4). Hard drive partitioning segments a system into different parts. This means that if someone gains unauthorized access to one partition, they wont necessarily be able to access other parts of the box. Boot loader security should be in place in order to prevent unintended changes to a system on boot. Passwords are also critical. Easy passwords with very few characters are easy pickings for hackers. Finally unnecessary services are never a good thing. They provide yet another means of entry into a improperly configured system. In many cases, the very system set up to provide security is the reason that security never improves. Big security companies are, by definition, reactive to their environment. This means that they rarely attempt to proactively protect against future threats and instead focus of reacting to threats that have already been identified (Utin 3). The time, energy, and resources spent protecting from already known threats detract from preparation for the future. A modest proposal would be to equally focus on both spectrum: the present and the future. If more resources were allotted for research into predicting future threats, the security world would be better prepared to meet this threat. In fact, the decreasing impact that future situations would have on companies would allow these companies to focus more on eradicating existing threats. With this mode of operation, already practiced by some, security would greatly improve in only a 5 year span (Utin 5). This is an ideal worth striving for. Another issue that needs discussing is that of business politics interfering in the information security world. Hiring of security professionals is an act controlled by a business. However, most of the decision makers have little to no knowledge of what characteristics to look for in an adequate information security employee. Utin describes it this way, “If you look at a typical job requirements list for a system administrator, you will see a laundry list of operating systems, hardware, software, and so forth. If you compare that to the job requirements of a
  • 3. Kasha 3 security specialist, you’ll see a similar if not identical laundry list. This identikit quality comes from management’s lack of understanding of information security and its unique needs” (Utin 7). This is a significant issue and employers need to be better educated about the positions they are hiring. The very nature of big business also hinders security. An exuberant amount of legality and protocol often interfere with securities day to day job. For example, a U.S. security contractor found 60 systems with blank administrator passwords. This task should have taken approximately 2 days to complete. However, due to the need to inform his superiors, ask for permission, and provide a detailed explanation of the solution to this issue, these systems went unsecured for 60 days. If the public had found out about the incident during this time period, it could have been catastrophic to government sector he was tasked with protecting (Utin 5). If security professionals were allowed to do there jobs without repercussion from business, problems could be solved much more efficiently. The practice of chain of command however is not likely to dissipate any time in the foreseeable future. Businesses also have a problem with keeping employees invested in the success of the company. If a security breach takes place, how will it affect them? It will only harm the company. How then can individuals, the most important part of any security system, be expected to protect the company? One way is through the use of incentives. Pay people more to, in the long run, save the company money. By connecting a persons livelihood to a job, these incentives directly correlate with the loyalty one feels to a company and its success. A companies profit motive also directly affects their security decisions. The most numerous security breaches are going to cost very little in damages to the company, therefore they just are not going to pay for a fix that may cost more money. This practice is not damaging
  • 4. Kasha 4 to a company in the short run yet small security breaches in the past can grow into big problems for the future. A correlation has also been shown between information security breaches and a companies market value. “While some studies have shown a statistically significant negative correlation between information security breaches and the stock market returns of firms, other studies have found no significant relation. In a similar vein, the empirical results of studies examining the relation between specific types of information security breaches (e.g., breaches of confidentiality) and the stock market returns of firms have also been mixed” (Gordon 2). This conflicting data has caused many businesses to not take this threat as a serious attack on their profits. They have in many cases just learned to deal with it and do not even try to prevent it. This backing off by business has in itself fueled the growth of cyber crime since it is, for the first time since the Internet’s inception, once again proving to be very profitable. This profitability of cyber crime is supplying a constant stream of new recruits to the underground world. Record levels of cyber crime, both large and small, is being committed. This increase in attacks has proved strenuous on the security community. For example, companies such as Sony, Pay pal, Visa, and Bank of America have been targeted for political, moral, and financial reasons. The threat of political and moral hackers, known as “Hacktavists”, has proved difficult for security professionals. This transformation from profit motivation to political motivation has in many cases strengthened the hacking movement. Hackers are no longer fighting uneven battles against super wealthy corporations. Hacktavists are gaining significant monetary support from supporters of their various causes. This has allowed them to grow in strength. The media attention that hackers have been receiving, though negative, is actually
  • 5. Kasha 5 supporting the movement. Hacking groups such as the now infamous LulzSec or segments of the collective called Anonymous have been ingrained in television media due to their humorous, though illegal, exploits. The younger viewers of such TV see them as hero’s of a sort for taking on the all powerful corporate world. This media attention is unknowingly fueling there exploits. In conclusion, The security industry has a long way to go. The list of problems encountered seems to never end and is constantly growing. These problems, both internal and external, are just a few in a violent information war going on around the world everyday. Due to the nature of what information security experts must protect, this industry in quickly going to become one of the most important in the world.