Review all the critical thinking assignments you have completed in this course. Prepare a critical review of what you learned about information security and how it will help you in your career.Directions:Your critical review should be one to two pages in length, not including the title page.Provide information from your readings and previous assignments to support your review.Your paper must follow Saudi Electronic University academic writing standards and APA style guidelines, as appropriate.Running Head: SECURITY IN COMPUTER SCIENCE
Security in Computer Science
Bader M Al Sulami
150002618
SEU2016
1
SECURITY IN COMPUTER SCIENCE
2
For a very long time, computer security has had its major concern in controlling access to
the physical computer itself. Advanced Research Projects Agency Network Machines were only
offered physical protection. This physical protection was provided using for instance keys or
facial recognition applications. However, computer data has become a necessity to almost each
and every person (Vacca, 2011). People store even the most private information in computers
and this has brought the need to have a mean through which to ensure confidentiality by
controlling the access to information. Information security today deals with who has access to
particular type of data.
The level of security goes beyond the kind of data that can be accessed through a single
computer, but also confidential data that can be accessed through a network. The need for
information security also arose from the necessity to prevent confidential information from being
leaked unnecessarily. This includes organizations’ data as well as information belonging to
individuals. In companies, information security ensures that those who are tasked with
processing particular type of data have access to it. Computer security has also evolved to
information security in order to avoid confidential information from being compromised. This
includes preventing information from being amended or deleted by unauthorized persons
(Bidgoli, 2016). This further helps in maintaining information that is up-to-date.
In order for a computer security team to be effective, it should be headed by a person who
has technical background in the operation of computers. This is someone who understands
clearly each and every detail in the security of computers and therefore cannot be mislead by any
member of the team. When a problem arises with the computer system, he or she knows the best
course of action to take even before the other members are engaged. The approach taken in
leading a security team should be one that is more technical other than being managerial.
SECURITY IN COMPUTER SCIENCE
3
The reason for having a technical system of managing a technical team is so that one can
lead by example. Technical background is very important in ensuring computer system security.
The person who heads such a team should always take time to listen to what the other members
of the team have to say about an issue. Having technical knowledge gives him the advantage of
putting all that has been presented on the table, make comparison and decide on the best action to
take depending on the evidence that has been presented (Vacca, 2011). The person should also
have the necessary skills in management in order to handle the team in the appropriate way.
There are various laws and regulations that apply when dealing with information security
issues. These laws and regulation serve the purpose of regulating the behavior of professionals in
information security. They are the ones that describe what behavior is acceptable in an
organization and what is not acceptable. These laws and regulations are also very useful in
promoting the security of user information. The laws and regulations describe clearly the
penalties that come with failure to abide and this helps maintain high level discipline among the
employees.
Apart from the laws and regulations, there are also professional organizations in
information security. Any person whose work entails security of information is required to be a
member of a professional body. These laws provide guidelines that should be followed regarding
the use of computers and the use of information. The bodies also give guidelines on the
professional ethics that the members are supposed to uphold while conducting their duties
(Axelrod, Bayuk and Schutzer, 2014). These ethics are outlined together with penalties that
befall members who are not adherent. Information security has become very crucial in this era
where technologies are being developed day in day out.
SECURITY IN COMPUTER SCIENCE
4
References
Axelrod, C. W., Bayuk, J. L., & Schutzer, D. (2014). Enterprise information security and
privacy. Boston: Artech House.
Bidgoli, H. (2016). Handbook of Information Security Volume 2. Hoboken: John Wiley & Sons.
Vacca, J. R. (2011). Computer and information security handbook. Amsterdam: Elsevier.
POLICIES
Running Head: ORGANIZATIONAL SECURITY
1
Organizational Policies
Bader M. Al-Sulami
150002618
SEU2016
ORGANIZATIONAL SECURITY POLICIES
2
Organizational Security Policies
Introduction
Organizational polices can be defined as guidelines that have been set to guide actions
within an organization. The policies can vary from one organization to the other. External laws
and guidelines are the one of the biggest source of organizational policies. They set guides for
how companies should behave and what should be put into consideration when setting of the
organizational policies. They have to conform to these laws and fall under them to ensure that
they are acceptable within the country (Sprung, 2015). Some of organizational policies might
include; recruitment, compensation, ethics, security and safety among others. The countries
always have laws that state how organizations should address these policies. The laws also vary
from one country to the other. The nature of the organization also contributes a lot to setting of
organizational policies to ensure that it addresses issues that might be of concern.
Changing Organizational Policies in a New Country or Geographical Region
An organization can change its policies so that they can adapt to a new country and also
meet the needs of the stakeholders. A stated earlier, laws contribute to the setting of
organizational policies. The laws are guidelines that guide the country and will at most satisfy all
the people. That means an organization has to meet those requirements so that the shareholders’
needs can be met (Sprung, 2015). Different geographical regions, such as in a different county,
might also differ. Stakeholders in the region will require different needs and, therefore, the
company should be flexible enough to ensure that it meets the needs as that’s the only way that
the business can progress.
ORGANIZATIONAL SECURITY POLICIES
3
Organizations are guided by a policy governance structure which they use to set the
policies and govern them. The organization will use this in the new environment so that they can
have policies that are in line with it. There are recommendations that are made on the policies
and the company can follow the same using the policy governance structure. SLS should ensure
that its policies are under the governance system. The company must ensure that they are in line
and that it does not go out of course in setting the new policies in the new country.
The main consideration that should be made is if the policies meet the laws of the country
or the region. The second consideration is the organization and the nature of people in the region
or country especially the employees. Policies cannot be formed prior as a lot of research should
be done. Favorable policies can then be sketched and analyzed to see how they meet the needs of
the stakeholders. How they are received within the organization is also very important as it will
ensure that all people are ready to accept them (Weimer & Vining, 2015). Policies cannot be
made by just thinking of what is right to govern an organization but rather of how they affect the
organization. After that has been done, the next step is to get to understand if there are any
contradictions with the state law or the federal law. Other policies can also be developed with
time to ensure that they are meeting the needs of the stakeholders.
Different countries might also have restrictions especially when it comes to foreign
companies. There might be some set requirements that should be met in setting the policies to
ensure that they are acceptable within the area (Wilensky, 2015). The restrictions can act as
guidelines through which people will be able to understand what the state or country wants
before they set up. Most organizations will choose countries that have favorable to similar
policies to what their mother countries offer. They can still change others where it is allowed as
some countries place restrictions on how the policies should be.
ORGANIZATIONAL SECURITY POLICIES
4
As long as a company follows the laws and requirements in a foreign country, they can
always be allowed to change their policies so that they can meet the needs of the stakeholders.
Policies are important within organizations and are taken seriously. Organizations cannot be run
without policies hence the importance of stressing on them. The policies are of high importance
and where change is applicable then the same should be done for the benefit of every person
within that organization. They may include employees to even the consumers who need to have
policies that would favor them.
Conclusion
It is possible to change policies in different countries based on restrictions and policies
that have been set. Some countries might decline while others might be willing to accept any
policies that they deem to be favorable and follow the constitution. During the change, the
organizations also need to ensure that they also meet their needs. Some policies might show a
bad image of the company and end up making losses. This is why it’s important to consider
business laws in any country before setting up the business. The companies can the draft some of
the policies it might wish to bring out. If they do not go in line, other alternatives can be chosen
to ensure that the company follows all the rules and regulations. Change can affect the
organization too and needs to be done with preciseness using the policy governance system.
ORGANIZATIONAL SECURITY POLICIES
References
Sprung, J. M.,, R. A. (2015). Family-Friendly Organizational Policies, Practices, and Benefits
through the Gender Lens. In Gender and the Work-Family Experience (pp. 227-249).
Springer International Publishing.
Weimer, D. L., & Vining, A. R. (2015). Policy analysis: Concepts and practice. Routledge.
Wilensky, H. L. (2015). Organizational intelligence: Knowledge and policy in government and
industry (Vol. 19). Quid Pro Books.
5
Running Head: CYBER ATTACK: UNITED STATES DATA BREACH
CYBER ATTACK: UNITED STATES DATA BREACH
Bader M Al-Sulami
150002618
SEU 2016
CYBER ATTACK: UNITED STATES DATA BREACH
2
Cyber Attacks: United States Data Brach
THE US OFFICE of Personnel Management operates much like a human resources
department for the federal government, hired and promoted, as well as overseeing and manages
benefits and pensions for millions of governmental employees (KOERNER, 2016). Facilitating
the storage of information, data is housed within servers through their Washington D.C. location.
THE US OFFICE of Personnel Management shares and stores data and information regarding
US policy development, identifiable information collected from 3 dozen federal agencies, and is
equipped with a financial database, thus, making it a target of opportunity. THE US OFFICE of
Personnel Management may lack the evaluation values of risk management strategies and
methods.
Describe the Occurrence
April 15, 2015, THE US OFFICE of Personnel Management security engineer Brendan
Saulsbury decrypt a portion of the Secure Sockets Layer (SSL) of outbound traffic and
discovered that hackers attacked the networking system under a cloaking script similar to online
vendors and the method of shielding credit card numbers in transit (KOERNER, 2016). Brendan
Saulsbury perplexing uncovered the suspicious mcutil.dll file and realized that mcutil.dll was
hiding a piece of malware allowing a backdoor entrance into the OMP servers and databases.
The attacker compromised the email account of an OPM employee and embedded a .dll file that
had generated elevated privileges for the attacker.
What could have been done to prevent the situation or lessen its impact?
In addition to having the ability for monitoring traversing data, additional hardware and
software applications, techniques, and strategies can be implemented to help reduce further
CYBER ATTACK: UNITED STATES DATA BREACH
3
intrusive behaviors (Changyun Wen, 2016, pp. 1458-1468). Adaptive cyber-physical system
attack detection and reconstruction with application to power systems outline the essential
components that facilitate achieving confidentiality, integrity, and availability of traversing data
and stored information. By implementing intrusion detection and prevention systems within the
already robust infrastructure, OPM information technology personnel can increase traffic
monitoring for anomalies, provide additional investigative measures, as well as deploy a scalable
networking solution.
How might risk management have been used to lessen the impact?
Risk management techniques, methods, and strategies would allow administrators to
evaluate values associated with the cost of claims and liability, labor strikes, weather or political
change, and management changes or loss of reputation within the cost of risk evaluation (Yang,
2016, pp. 1-8). Financial risks, operational risks, perimeter risks, and strategic risks are areas of
observation which can make events more predictable, control risk management functions, and
reduce overall organizational cost. By deploying risk management, OPM can forecast, identify,
and evaluate procedures to avoid, minimize, and/or reduce risk associated factors encompassing
cyber-attacks and data breaches.
CYBER ATTACK: UNITED STATES DATA BREACH
Conclusion
Risk management can help reduce the cost associated with many types of modern day
exploits, however, nothing can supplement the due diligence and awareness to signs of a
potential exploit. Policies encompassing information technology and employee behaviors
regarding any suspicious activity within the networking system. Risk management is vital to
managing risk, reducing exploited cost, and protecting internal resources from unauthorized
access.
4
CYBER ATTACK: UNITED STATES DATA BREACH
References
Changyun Wen, Y. S. (2016, August 1st). Adaptive cyber-physical system attack detection and
reconstruction with application to power systems. Ebsco Host, pp. 1458-1468.
KOERNER, .. B. (2016, November 9th). Inside the Cyberattack That Shocked the US Government.
Retrieved from Wired: https://www.wired.com/2016/10/inside-cyberattack-shocked-usgovernment/
Yang, G. a. (2016, July 31). Uncertain Risk Assessment of Knowledge Management: Based on Set Pair
Analysis. Ebsco Host, pp. 1-8.
5
Running Head: PHYSICAL SECURITY
1
Physical Security
Bader M Al-Sulami
150002618
PHYSICAL SECURITY
2
In essence, physical security is one of the most critical and vital parts of the modern day
life despite that there has been no much concern on the same. In essence, physical security is
even more than what has been seen as the important as protecting against issues of malware and
hacking among other issues related to cyber security issues. There has been reported cases
normal crimes such as stealing of items including the destruction of properties and like. This is
part of the whole thing of the physical security as it might and must be a part of concern in every
organization.
In essence, physical security is the protection of the actually physical items available in
an organization. Physical security is a part of the security that requires access control as well as
issues of surveillance as well as testing of the systems in a way of ensuring that everything works
well and as designated to do and has been left to be as much secure as possible.
Physical security is therefore related to the protection and control of the physical
environment against issues of accidents as well as attacks. It is an important aspect of security
that ensures that there is no physical access to the environment. The environmental disasters, as
well as the matters to do with accidents, can be common but with the enactment and the usage of
physical security, it can be quite simpler to handle them in a way or the other (Fennelly, 2012).
In computing physical security is concerned much concerned with the physical security protocol
that requires the chief officers in charge of security to look into issues of security managements
together with ensuring the agencies or personnel mandated to do so are able to fulfill their
obligations and mandate as far as the security is concerned.
Actually, physical security involves everyone in the organization. It requires every
member to understand the threats and be able to look into this fears so as to avert the issues of
PHYSICAL SECURITY
3
security beforehand. In essence, there are different kinds of threats that the organization is prone
to in a way or the other. There are those threats which are known to be primary and that are the
point of concern to every organization and others that can be addressed even without much
considerations (Allsopp, 2009). There are the threats from the physical environment which
include natural hazards. There are also issues of civil disturbance that can affect the organization
including issues such as protests as well as riots that can affect the smooth flow of functioning of
every organization. There is also the risk of workplace assault or violence including issues of
harassment and revenge.
More so, there are other kinds of issues that can be taken to be primary in terms of the
scope of coverage they affect the organization. In essence issues of crime such as stealing of the
personal and property belongs to companies are part of the extreme crimes that needs to be
addressed as this crime is faced off.
The physical security threats can be manifested in attracts against premises in different
ways. One, if there is a breach of principles or failure to comply with rules and regulations, it
means there are issues with the physical security (Purpura, 2013). Mores so there can be issues
with the security if there are gaps in terms of following the requirements and there are no enough
reasons for not following them. More so, when there is no justification of a matter as well as
there is no consideration of some risk in the normal strategy it means there is issue with
controlling the physical security of the organization.
4
PHYSICAL SECURITY
References
Allsopp, W. (2009). Unauthorised access: Physical penetration testing for IT security teams.
Chichester, West Sussex, U.K: Wiley.
Fennelly, L. J. (2012). Effective physical security. Place of publication not identified:
Butterworth-Heinemann.
Purpura, P. P. (2013). Security and loss prevention: An introduction.
Purchase answer to see full
attachment
Why Choose Us
- 100% non-plagiarized Papers
- 24/7 /365 Service Available
- Affordable Prices
- Any Paper, Urgency, and Subject
- Will complete your papers in 6 hours
- On-time Delivery
- Money-back and Privacy guarantees
- Unlimited Amendments upon request
- Satisfaction guarantee
How it Works
- Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
- Fill in your paper’s requirements in the "PAPER DETAILS" section.
- Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
- Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
- From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.