Information security management
Information security management
Question 1
A spyware is any kind of technology that helps to gather data about an individual or an organization without their knowledge and consent. Spybots and tracking software, spread via the Internet, secretly gathers data, stored at a user’s computer to convey it to advertisers and interested third parties (e.g., business competitors). A Trojan horse is a term, used to address computer program that pretends to be interesting and useful to a user, but appears to contain a virus. Trojans are most commonly spread via emails and drive-by downloads. Trojans can be used for different purposes, such as destructive (destroying a device and deleting files), using infected computers for illegal purposes (e.g., mining cryptocurrencies), as well as money and data theft.
Root kits represent the combinations of malicious computer software tools that help a perpetrator (e.g., an unauthorized user) to get access to a computer as whole or specific areas of its software. A computer worm is a type of software that is capable of replicating itself in order to spread to other computers, belonging to a network. Sometimes worms can be very quick, significantly harming large-scale computer networks. A virus is a malicious program that replicates itself into data files, computer programs and possibly the hardware drive, causing the infection of specific areas. As opposed to many of the above malicious programs (e.g., Trojan horses), viruses are primarily used for destructive purposes.
2) As nowadays the functioning of companies is ever more dependent on computer technologies, insiders start to serve as important sources of threat. According to Biyle&Panko (2015), insiders (employees and ex-employees) can pose most dangerous information security threats due to a number of reasons (p.9). Firstly, they have developed knowledge about the system, as well as access to the sensitive parts of the system. Knowing corporate control mechanisms, they can also avoid being detected. Finally, companies trust employees and tend not to view them a s a source of danger. Ex-employees can be especially dangerous, because they are likely to have already established links with competitors.
3) According to the Software Engineering Institute (2012), a set of practices is to be implemented to counter insider information security threats (p.4). They include considering insider threats in enterprise-wide risk assessments, incorporating insider threat awareness to security training for employees, anticipating negative issues in the work environment, developing strict account and password management policies, restricting the use of cloud services etc (SEI, 2012, pp.8-28). It is also advised to use security information and even management system (SIEM) to monitor and audit employee actions (SEI, 2012, p.56). The development of secure employee termination procedure is essential to counter ex-employee threat. Regular update of security systems, restriction of downloads and visiting suspicious websites, as well as SIEM are also useful to combat external attacks.
4) Defense in depth is a concept, providing for the use of multilayer of security control in terms of an information technology system. Nowadays the defense in depth includes a range of basic levels, such as physical security, strict account and password policies, anti-virus software, biometrics, multi-factor authentication of a use etc.
5) An untrained employee can pose various threats to a computer. For instance, he/she can bring untested devices from home, containing malicious programs, and use them at work. An untrained employee can pass his account details to a third person, use cloud computing technologies and social networks, as well as download files from insecure Internet resources.
References
Boyle, R.J., Panko, R.P. (2015). Corporate computer Security. 4th edition. New Jersey: Pearson Education
Software Engineering Institute (2012). Common sense guide to mitigating insider threats. Retrieved 21 March 2016 from http://resources.sei.cmu.edu/asset_files/TechnicalReport/2012_005_001_34033.pdf