computer security
TRANSCRIPT
INTRODUCTION
The presentation is being carried out to lay down a solution
to a problem arising related to computer security. Various
security strategies are being discussed in this
presentation. These strategies would help in successfully
coping up with the computer security issues. The security
strategies recommended to address the issue and the
effectiveness of mitigation strategy in controlling the issue
are also discussed in the presentation.
OVERVIEW
The computer security is the protection of assets from unauthorized access, alteration, use or destruction. Therefore, for such protection an effective strategies is must needed.
COMPUTER SECURITY ISSUESThere are some computer security issues which are normally faced
by the organization or by an individual as well. Following are
some of the issues:
Computer security issues
Internet and
network attacks
Information theft
System failure
Hardware and
software theft
Unauthorized
access and use
SECURITY STRATEGIES
• To cope up with the computer security issues, the
organization or an individual can use the following
security strategies to prevent the security of their system
and data or information.
• These strategies will help the organization to improve
the level of security and safety of data.
PROACTIVE STRATEGY This strategy includes a set of predefined steps that can be
taken to prevent the computer systems from the attacks
before they occur.
This includes identifying how an attack could possibly affect
or damage the system and the vulnerabilities it exploits.
This pattern may help in determining the areas of
vulnerability that pose the greatest risk to the enterprise.
The proactive strategy has basically three steps:
Determining the damage that the attack will cause
Determining the vulnerabilities and weaknesses that the
attack will exploit (Klöti.et.al. 2013).
Minimizing the vulnerabilities and weaknesses that are
determined to be weak points in the system for that specific
type of attack.
KEY FINDINGS OF PROACTIVE STRATEGY
Use of policies for data security
Understanding about the sensitive data
It goes beyond the technology implementation
Take initiative for data security
Use of data centric security
REACTIVE STRATEGY
The reactive strategies defines the steps that must be taken
after or during an attack.
It identifies the damage that was caused and the
vulnerabilities that were exploited in the attack.
This strategy will determine the why it took place, repair
the damage that was caused by it and implement a
contingency plan (Easttom II, 2016).
BENEFITS OF REACTIVE STRATEGY
Following are the key benefits of strategy:
Provides control over the use of computer system
Improve the accountability
Determine the level of threat
Anticipate the future changes
Help to assess the amount of damage and install
SECURITY BY DESIGN STRATEGY
• A software is designed from the ground up to be
secure.
• It includes code reviews and unit testing are
used to make modules more secure.
• Audit trails tracking system activity for
determining the extent of the breach.
BENEFITS OF SECURITY BY DESIGN STRATEGY
Following are the major benefits of using the particular
strategy:
Integration of methodologies
Detecting and resolving problems
Improve flexibility and adaptable architecture
Integration of application for better security
APPLICATION WHITE LISTING
It is an effective means of ensuring the security, stability and
consistency of a computing environment.
Proper planning and pre-deployment activities are required for a
successful deployment of application white listing technology.
It can be deployed in support of policy which defines applications
which users are allowed to run or can run in the course of their
duties.
MINIMIZING ADMINISTRATIVE PRIVILEGES
• Administrative privileges are designed to allow access of only
trusted personnel.
• Accounts with administrative privileges to a window domain
typically have the ability to effect changes or to see such
information from any system on that domain (Goldman.et.al, 2011).
• These privileges introduce a number of potential points of weakness
into that system.
PASSWORDS AND APPROPRIATE USER AUTHENTICATION STRATEGY
The best strategy for protecting the data from being accessed by an unauthorized
user.
The user authorization can be verified in any security system via piece of
information like password, something possessed by an individual like ID, credit
and a biometric characteristic of the individual like finger print (White, 2015).
Through this the important and relevant information can be safe from the
authorized users.
DISASTER RECOVERY PLANNING
A proper planning is a best strategy to overcome from the
problems related to eventuality of hardware failure or loss
and data loss or corruption.
Depending on the types of threats, disaster recover plans
may rely on one of a mix of strategies (Cichonski.et.al.
2012).
INFORMING USERS ABOUT THE SUSPICIOUS E-MAILS
The user using the computer system are require to
inform under this strategy to be careful of any
suspicious e-mails.
According to this, the user are should be careful when
the email is from the known source, caution should be
exercised when opening attachments or clicking on
links in emails.
IMPLEMENTATION OF A VULNERABILITY MANAGEMENT PROGRAM
The most of the worms and viruses try to exploit bugs and
vulnerabilities within the operating system and applications.
The vulnerabilities can be introduced in network everyday
(Song, 2010). It is important to regularly review the network
and applications running on it for new vulnerabilities.
After this, a proper plan is then prepare for proper
management of vulnerabilities.
The vulnerabilities can be managed by through patching,
upgrading, or managing the vulnerabilities using tools like
firewalls and Intrusion Detection Systems.
The discovered vulnerabilities should also be rated and
prioritized regarding their criticality and their impact (Rid &
McBurney, 2012).
MAINTAINING BACKUPS AND MONITORING LOGS AND SYSTEM
The critical data or information should be daily or periodically
must be regularly backup.
It is useful when a network gets infected with a computer virus or
system or hardware crash.
These backups must be stored safely in the offsite location .
Regular monitoring of network and system logs assist in
indentifying the computer virus or other criminal attacks.
Log files for the backups should be checked regularly in
order to insure that the backups succeeded.
Log files for anti-virus software deployed should be
regularly checked to ensure that PC are running the latest
version of antivirus.
These strategies ensure that the chances of attacks and
their impact is reduced and minimized to a greater
extend.
DEVELOPMENT OF INCIDENT RESPONSE PLAN
The incident response plan outlines the roles and
responsibilities that people may have in the event of a
computer virus infecting the network or indeed any
other type of security breach (Hsiao.et.al. 2014).
The plan is prepared and drawn up by the agreed
relevant parties before an incident occurs.
CRYPTOGRAPHY STRATEGY
This strategy is best when the confidentiality and security of data
and information is to be maintained.
The modern cryptography exists at the intersection of the disciplines
computer science, mathematics and electrical engineering.
It is conversion of the information from a readable state to apparent
nonsense (Kahate, 2013)
Only the authorized user can be decodes such encrypted data or
information.
RECOMMENDED SECURITY STRATEGIES
To address the current issue the best strategy that would be
recommended is a proactive and reactive strategy.
These strategy is best because it provides a suitable way to
identify and reduced the affects of the security issues
before their cause.
It the impacts and core area of infection are not identified
before then the reactive strategy would help in repairing the
damage caused through an implemented contingency plan.
ACTIVITIES FOR IMPROVING COMPUTER SECURITY
Using the following recommendation the security of computer
could be improved:
Use of Linux
Disable add-ons
Deploy a hardware based firewall
Enforce Strict password policies
Use of content filter
EFFECTIVENESS OF MITIGATION STRATEGY
The mitigation strategy would be effective in controlling the issues with
respect to other strategies in the following ways:
Ensures that the identified issues before their cause are removed to the
best possible way.
The damage occurred after their cause are repaired to the best possible
way as suggested in the contingency plan.
The organization is always ready to fight against the computer security
issues with the proactive and reactive plans without causing any
disturbance in the operations of the organization.