User Account

All Pages

What means the most in information security

Assignment Help Management Information Sys
Reference no: EM131808448

Please reply one paragraph of your thoughts of the below research:

During my research, I came across a sentence that resounded with me. "Information security is the assurance and reality that information systems can operate as intended in a hostile environment" (Shostack, 2012, p.8). This now lends itself to the question, what means the most to me in Information Security?

I could dive into how the early security protocols of computers back to the ARPANET was to secure the data at each end of the transmission. But that wouldn't really sum up what Information Security means to me. Yes, information needs to be secured while in transit, but it only transitions at certain times. So there isn't a constant ingress or egress of information across the network.

But the information still exists. It spends most of the time in stasis on the systems that hold the information, whether it is Amazon, or my bank, or even at my doctor's office.

While thinking about this, I read about a Paul Karger, and was astounded to realize he actually performed the first Penetration Testing on the Multics military Operating System in 1974. This was the most secure Operating System in the world, and he was able to exploit it very easily.

He made some observations that the true weakness of security was at the Operating System (OS) level more than when the data was transmitted. Granted, this doesn't mean that network security is not risky, it is simply observing that data at the OS level is more susceptible to attacks by malicious software such as Trojan Horses.

His efforts pioneered things like implementing mandatory access controls and a utilizing a secure kernel. Paul Karger's paper Thirty Years Later: Lessons from the Multics Security Evaluation is a great read on how he was able to identify weaknesses on a Computer System that, even more 30 years later, are still causing issues with computing systems. His observations, in my honest opinion, are almost prophetic, and I am baffled how his recommendations have not been more closely followed.

Dealing with the multitude of systems and networks I have seen in my time, the division of power between roles in IT was imminent. It was dangerous to have someone that had access to accounts and roles, have access to network security as well.

A division of power allowing one team to handle network health/data reliability in transit must be different than the team to handle roles and access-control to systems and services, which must also be different than the team to manage intrusion detection and emergency response. Segmenting the roles greatly improves the ability to mitigate the risk. This also allows the best use of least privilege.

I personally was called in to counter a series of attacks on a network that originated from a computer system that had a weak password.

In that instance, the person had administrative rights to the network with the exact same password used on a system. That allowed the intruder access to systems and network administrative rights. Dividing the roles makes everything easier, even though it requires the user to have two logins to perform two different roles.

While I am on the topic of weak passwords, the latest thing I dealt with in Information Security was the implementations of passphrases as a replacement for the password. It is hard to get people to deviate from the password requirements that have been used for so many years, but the use of a passphrase is exponentially more secure than a password. I say this for two reasons:

1.) People will always be the weakest link to Information Security. The purposefully use easily identifiable passwords to make their logins easier, which makes them easier to crack. and

2.) if a more strict password requirement is needed, people have a tendency to write them down and keep them in easily discovered location or right out in the open.

I have even seen the more difficult passwords are given to others a s a way to mitigate "getting locked out" which now means passwords are shared to any number of people, thereby reducing the effectiveness of the password. In fact, just recently, the National Institute of Science and Technology (NIST) has agreed that passwords should be replaced.

This can also be referenced in NIST Update: Passphrases In, Complex Passwords Out by Thu Pham. Having dealt with this personally, I can see this being one of the biggest changes in the Cybersecurity front in the foreseeable future.

Reference no: EM131808448

Questions Cloud

Explain the importance of todays technological advances : Express your opinion on the importance of today´s technological advances.
Changes in both the in-state and out-of-state : How much will revenue change with changes in both the in-state and out-of-state tuition?
Draw a histogram indicating the average and median values : Draw a histogram indicating the average and median values, and briefly comment on their relationship. Are they the same? Why or why not?
Marginal cost of providing a blackberry : The Smith School is distributing Blackberry devices to full-time MBA students and faculty. The marginal cost of providing a Blackberry is $200.
What means the most in information security : A division of power allowing one team to handle network health/data reliability in transit must be different than the team to handle roles and access-control.
Discuss the requirements of the combined code : The roles of Chairman and Chief Executive, although held by separate individuals and hence in accordance with the requirements of the Combined Code
Prepare the potential journal entries for the given events : J & J is considering replacing some of their older computers. Required: Prepare the potential journal entries for the above events
Derive the demand equation : a) Derive the demand equation. b) What will happen to weekly consumption as price increases to $4?
Percentage of people who happy with the accommodation : From a list of the 729 people who went on a cruise, 130 were randomly selected for interview. Of these, 112 said that they were very happy.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Analyze the leadership teams reaction to the failure

Determine the key factors contributing to the failure in question. Next, analyze how the failure impacted both the organization's operations and patient information protection and privacy. Analyze the leadership team's reaction to the failure, an..

  What achievements you accomplished in this module

Reflect on all the material covered (e.g. readings, learning activities, etc.) throughout this module. Explain your thoughts on which learning experiences influenced your perspectives on IT and why. Additionally, explain what achievements you acco..

  What is your business justification for the big data project

What is your business justification for the big data project? What were some of the challenges you experienced in locating big data within the database silos?

  Tell us why is this qbe implementation is so effective

Tell us why is this QBE implementation is so effective (what appeals to you about its use)?

  Explanation to management information systems

Detailed Explanation to Management Information Systems

  Develop the violations of policy section of isp

You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5 Million who provides fiber cable.

  Evaluate it while preparing due deligence report

Evaluate IT While Preparing Due Deligence Report - How important technology due diligence is to a company and what the results mean are also explained.

  How your management practices characteristic will impact

Explain how this characteristic will impact: The skill level required for your employees, The number of employees you will need,  Your management practices and Your criteria for hiring employees.

  What technologies have been used in online advertising

Please research on the Internet and identify what technologies have been used in online advertising. Then discuss how these technologies have impacted your life and your views of any social, ethical, and political issues involved in the applicati..

  Explain the current practice among federal

Describe five applicable federal, state, and local laws, regulations, or statutes that relate to cybersecurity - Analyze the objectives and challenges of enforcing federal state and local cybersecurity laws, regulations, or statutes.

  Explain rationale for physical topographical layout

Project Assignment: Infrastructure and Security. Explain the rationale for the logical and physical topographical layout of the planned network.

  How process functioned before application was implemented

Write a 1,400- to 1,750-word paper on the evolution of software application. Explain how the process functioned before the software application was implemented.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd