CSU - Dominguez hills
Popular in Course
verified elite notetaker
Popular in Department
This 12 page Study Guide was uploaded by smartwriter Notetaker on Monday November 16, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 39 views.
Reviews for sec_405_term_paper_chief_security_officer_computer_csi_-_original_2043_words__8_sources
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/16/15
Running head: CHIEF SECURITY OFFICER 1 Term Paper: Chief Security Officer. Student Name: Tutor Name: Course Code: Date of Submission: CHIEF SECURITY OFFICER 2 Chief Security Officer (Computer CSI) Crime Prevention Most of the higher learning institutions have adopted various measures to try and combat the effects of hacking. One of the measures developed so far is assessment of security threats and vulnerabilities. The higher learning institutions administrators (IT) are tasked with the responsibility of revisiting the security measures (network). The IT administrators are also supposed to review the computer usage policies so as to ensure that it is not exposing the computers to security threat. Security audits are vital to ensure all the possible risks are indentified and remedy developed. The IT department should make sure that in each and every month, there is a tabled report on weaknesses experienced in the security of information (Moore, 2005). The second criterion adopted is the reviewing and updating the security procedures and policies. Such a measure will assist in detecting an area that has technical hitch. The department will henceforth be in a position to take the appropriate measures to counter the problem. Reviewing and updating will also give the hacker a hard time in case the expected mechanism fails. That means that a hacker can expect to hack as usual but when new measures are developed, it means that the hacker will have a headache breaking into the database (Kenneth, Peter & Briana, 2003). The third measure is review of procedures and policies instituted for one to access the information. Most of the individuals who access information are the one who expose the CHIEF SECURITY OFFICER 3 information to threat. Careless practices and so on subject the system to risk. The measure adopted hence ensures that all individuals accessing the information take the appropriate measures. All the policies have to be observed hence security is guaranteed. The policies also limit the people who access the information. Another vital measure is scrutinizing third party (vendors) relationship. Most of the higher learning institutions happen to rely with other institutions for service. That applies mainly due to network and related concepts. The third party may be the same reason for security threat. For instance, network providers assist in connecting to the internet. Network providers may not have effective security measures hence hacking may be done from their end. It is therefore, vital to make sure that the relationship is evaluated to ensure that the engaged third party doesn’t have security flaws (Novak, 2007). Furthermore, institutions are taking the appropriate insurance policies in order to mitigate the risk. Some of the information under risk may be interpreted in terms of cash. Such loss may lead the institutions to financial predicament. To alleviate such scenario, it is vital to engage the services of insurance companies. Moreover, the institution can develop a rapid response move that will work to meet emergency cases. Such a team will be capable of developing appropriate strategies that will deal with such cases. With that made effective, it will be easy combat the effect of hacking before the situation becomes worse for the institution. The institution can also work jointly with other higher learning institutions. The joint move will develop mechanisms that will help in such cases. The coalition can develop policies that will be used to convict offenders. The union can also share experiences hence others will learn from that (Moore, 2005). How to lower Computer Threats Firewalls CHIEF SECURITY OFFICER 4 The first technical approach to computer security is the use firewall. Firewalls assist in setting the Access Control Lists (ACLs) that determine what traffic and service pass through a certain check point. A firewall is a hardware or softwarebased network system of security. It analyzes all data packets hence determine whether it should get access to the system. It develops a bridge between the computer and others that are trying to access it. The cost of firewalls will depend on the company that has developed it. They range between $500 to $50,000 depending on the kind of information to be protected and also personal preferences. For instance, Barracuda web filter 310 costs $535$ 2,586 and same time McAfee Firewall Enterprise s5032 goes for $32,362. It is thus advisable to seek for the assistance of IT specialist for the one adopt. The maintainance required for firewall is not to disenable them once on. The firewalls may detect security issue and one may assume it as nuisance hence disable it. Such a move gives the hacker a chance to access the information required. It also requires updates if possible so that it may be effective (Novak, 2007). Antivirus The second attempt to ensure security is the use of antivirus. Hackers sometimes do deposit virus into a database so that computers accessing the database will be attacked by virus. Antivirus are not expensive as firewalls and they also vary depending and the developer. It is also vital to seek for the services of IT specialist on the best software depending on the database. For instance, Symantec Norton Antivirus 2013 costs $ 18.00 and MacAfee Antivirus 2013 plus costs $13.00. The two prices are for one computer only. Antivirus like firewalls require to be replaced in case the duration is over hence it remains active (Newman, 2006). CHIEF SECURITY OFFICER 5 Cryptography Cryptography is the study and practice of employing appropriate techniques of communication that are secure. It eliminates the hazards related to third parties. The method encompasses construction and analyzing of the protocol that will hence assist in overcoming the influence of third parties. The information is encrypted via algorithm known as cipher hence only the allowed parties can access. Unauthorized parties can access the information but they will barely comprehend the meaning. The information will appear in meaningless manner. However, encryption is very costly hence most parties do not adopt it. It goes for $ 232 per user or anybody who requires the code to access. To maintain cryptography, all that is required is the person with the code to keep it secret. Exposing the code to the public endangers the threat of someone else accessing it (Oded, 2004). Counterterror social network analysis The method uses Terrorist Action Description Language otherwise known as TADL to simulate and model network attacks. The models are compiled from past attacks. The method is quite interactive to the user in order to investigate the user. All the information is gathered and compiled. Data is also derived from hypothetical scenarios through the use of computers. All the information gathered is weighted or presented in multiplex graph where types of links are defined with social network transactions. The different weights of the graphs are realized via context extraction algorithm. The final step is the intent recognition where potential threats are recognized. The aim of the method is just but to show the treats that a particular transaction may CHIEF SECURITY OFFICER 6 contain. The cost will depend on the firm requirements or the models developed. Experts should be engaged for such exercise to ensure its success (Weinstein, 2009). The University can adopt the counterterror social network analysis. The method is quite as it will assist in determining a security flaw. As explained in the discussion above, the hypothetical case analysis can assist the university IT department to develop corrective measures. The hypothetical data also help develop solutions and the IT will always be ready in case of anything. The method can be used to track unauthorized visitors who are making attempts to access the institution database. Current Laws and Government Agencies fighting the crime Some legal measures have been developed to assist in the attempt to combat the cyber crime (Kenneth, Peter & Briana, 2003). The computer Fraud and Abuse Act The Act was passed in the year 1986 though it has undergone a number of amendments. The Act criminalizes access to a protected computer via unauthorized means. The intention of access is to defraud damage or use the information for other gains. A protected computer is one used in foreign commerce or communicating or belongs to financial institution or the government of America. Hacking such computers is violating the requirement of the Act. USA patriotic Act It gives mandate to a law enforcement officer to access confidential information in the interest of national security it was passed in the year 2001. CHIEF SECURITY OFFICER 7 Teach Act It was passed in the year 2002. The Act relaxes some of the copy right restrictions. The law made it possible for nonprofit universities and colleges to make use of certain materials educational settings that are technology mediated. The law limits the users to certain restrictions. Gramm Leach Bliley Act It was passed in the year 1999. The law applies to the learning institutions and financial institutions to safeguard the consumer information. The information includes the names, account information, security numbers and addresses. The law stipulates that individual’s should be provided with the information (rules) on privacy. Identity Theft and Assumption Deterrence Act The Act criminalized the use of another person’s identity without prior knowledge of the owner. Criminals who use another person’s identity for unlawful activities violate the Act. The criminals are liable to a maximum fine of $ 250,000 or a term of 15years. Internet Spyware Act The Act prohibits the use of adware and spyware. The Act also has a provision of installing unwanted software in a computer. It was passed in the year 2005. The Stored Communications Act It was passed in the year 1986. The Act emphasized on confidentiality, availability of communication (electronic) stored electronically and integrity of information. The law served to CHIEF SECURITY OFFICER 8 protect electronic mails or any other means of electronic communication (Kenneth, Peter & Briana, 2003). Government Agencies fighting cyber crime Federal Bureau of Investigation The agency focuses on software piracy, computer intrusions, online predators and fraud. It also deals with issues of electronically delivered threats, identity theft and scams. It works in conjunction with Internet Crime Complainant Center (Newman, 2006). Internet Crime Complainant Center The agency plays the role of clear house on issues of internet based crimes. Crimes such as phishing where criminals steal email spam or private online information are dealt comprehensively. It works jointly with FBI, Bureau of Justice Assistance and National White collar crime center (Newman, 2006). United States Secret Service The agency has a task force to deal with electronic crime. It works in collaboration with other forces such as FBI to prosecute criminals after investigation (Newman, 2006). Others There are other agencies that have engaged themselves in the fight against crime. They include: Federal trade commission, Bureau of Alcohol, United States Postal service among others. They investigate cyber crimes so that they can use them in their jurisdiction. Such CHIEF SECURITY OFFICER 9 agencies gather information on cyber crimes and after investigation; they invite assistance of federal agency (Newman, 2006). Evidence Gathering Information from mobile phones is quite confidential as it ranges from confidential to complex information. Mobile phone sensors can be used to gather the information from handsets with ease. The sensors are used by intelligence gathering agencies to obtain data from mobile phones. The sensors cost around $29.25 and they are very efficient. The sensors use GreenObs system and mobile sink in the data gathering (Cartel Working Group, 2010). There are other devices as well as softwares that can be used to gather intelligence from computers. The softwares assist in obtaining information from hard drives without altering it. That means therefore that one can gather vital data without making any change to what was originally stored there. Boot software that is used in starting the computers without altering with the computer hard drives. Forensic software that is vital in analyzing the digital information. Hash Authentication software that validates that a copy produced of certain digital information is identical to the original copy. Analysis software extracts digital information and analyzes it and the information is derived from PDAs or even cell phones. CHIEF SECURITY OFFICER 10 Intelligence Analysis Software. Creates a link chart, theme line and timeline via computer graphic software. Backup Software. Retrieves digital information or otherwise creates a copy. Cell phone Analysis Software. For reading the sim cards. Drive copier. Copies the original hard drives to other different copies for the purpose forensics The intelligence gathering softwares range from $300$1000. They range in duration with some expiring after a duration of may be a year or so. Others permanent and they may last for a long period of time (Cartel Working Group, 2010). CHIEF SECURITY OFFICER 11 References Cartel Working Group: AntiCartel Enforcement Manual Enforcement Techniques, Chapter 3: Digital Evidence Gathering. (2010). Retrieved on June 6 from www.internationalcompetitionnetwork.org Kenneth D., Peter C., Briana E. (2003). IT Security for Higher Education: A Legal Perspective Washington: Dow, Lohnes & Albertson, And PLLC Loibl, T. (2005). Identity Theft, Spyware, and the Law. Proceedings of the 2nd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 119. Moore, R. (2005). Cybercrime: Investigating HighTechnology Computer Crime. Cleveland, Mississippi: Anderson Publishing. CHIEF SECURITY OFFICER 12 Newman, R. (2006). Cybercrime, Identity Theft, and Fraud: Practicing Safe Internet – Network Security Threats and Vulnerabilities. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 69. Novak, C. (2007). Investigative response: After the breach. Computers & Security. v. 26, n. 2, p. 183. Oded G. (2004). Foundations of Cryptography, in two volumes, Cambridge: Cambridge University Press. Weinstein, C., et al. (2009). Modeling and Detection Techniques for CounterTerror Social Network Analysis and Intent Recognition. Proceedings from the Aerospace Conference. Piscataway, NJ: IEEE. p. 2.
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'