Security Risk Management (Coursework Sample)

Security Risk Management
Name
Institution affiliation
Date
Threats posed by Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
One of the cyber-attacks that are rampant today in the e-Commerce business is denial of service attacks. It is a type of attack aimed at disrupting availability of business services to legitimate clients. This attack comes in various shapes, spreading from an attack on the physical IT environment to making use of an application's default settings. DoS mainly targets resources comprising of bandwidth (Abdelsayed, 2009), processing power, and storage capacities (Abadi, 2003). Both physical and remote attacks aim at ensuring legitimate users do not have access to services they require to use. Both TCP CYN and Smurf attack techniques work this way (Brustoloni, 2002). To curb these risks, processes, procedures, software, and hardware can be put in place that will protect systems from attacks and able to detect suspicious undertakings as it arises and support the organization in reacting appropriately as required. Actions that can be taken by organizations in their policies and strategic approach to managing the DoS threat are as follows: introducing DoS into organizational risk management, introducing security management framework, performing staff training and obtaining Insurance.
Some of the DOS attacks include, attack vectors, and communication layers. DoS and DDoS tools are available in a number of preferences, from simple single-target exploits to complex self-propagating DDoS bots, which are similar to Internet worms (Abadi, 2003). DoS vulnerabilities are being discovered regularly in even the most high-profile applications. Almost immediately upon discovery of these vulnerabilities, ‘point-and- click' tools are published to exploit them. An example of this is the Microsoft Windows Plug and Play Denial of Service Vulnerability. Originally, Distributed Denial of Service tools such as Trinoo were standalone applications created for the sole purpose of executing attacks. Such tools are no longer as prevalent as they once were.
Plan for handling contingencies in large bank with many branches in Canada
The National Bank of Canada (NBC) is one of the largest banks with many branches in Canada. NBC financial contingency, for instance, should be considered on a continuum with risk management in mind and take into the various stages of a potential crisis. A central program team was established to take responsibilities for the ongoing activities required to produce the RRP. Through the Enterprise-Wide Risk Management Committee, the central team is linked to the wider business and collects input from various parts of NBC. The central team is responsible for strong and effective communications with internal and external stakeholders of the framework (Abdelsayed, 2009). Material management information systems were undertaken where the bank centralizes its data and the management of it in an effort to secure and ensure better quality of available data and network.
Moreover, the Bank has processes in place to ensure needed data is available on a timely fashion. Each business line has a business continuity plan to make sure it can continue to operate in case of major unit, regional or corporate breakdown. Resolution strategy for Canadian banks is responsible for developing and maintaining credible resolution plans and processes for i...