Cyber Attack (Essay Sample)

CYBER ATTACK SECURITY NAME OF STUDENT COURSE NAME OF SCHOOL SUBMITTED TO DATE Cyber-attack security Introduction Cyber security is a critical aspect within organization as it prevents and eliminate possibilities of data exposure, modification and access by unauthorized access. The rising technology exposes organizations to different types of cyber-attacks thus calling for time to time review and restructuring of organizational patterns to suit this need. "The cornerstone of an organization’s security lies in designing, developing and implementing proper information systems’ security policy that balances security goals with the organization’s needs." Erlich & Zviran (2012). The attacks come in a variety of forms which requires firms to develop different approaches towards each type. Poor knowledge is usually associated with poor planning on cyber-crimes among firms leading to inadequate preparedness threats as the firms have no understanding of the risks to which they are exposed. According to Daya, (2013). "An effective network security plan is developed with the understanding of security issues, potential attackers, needed level of security, and factors that make a network vulnerable to attack." For successful security conformance, organization will structure their security measures in consideration of a number of goals and the services required in achievement of these goals. Information security goals Information security is usually strategized under three major goals which include: confidentiality, integrity and availability. Others include assurance and accountability. Security measures are therefore developed to address either one of the five issues and to some extent two or more. Securing an organization for confidentiality ensures that an organizational data remains unexposed to outside threats. That is, information is not released to unauthorized parties without consent from within the organization. Files will therefore require to be controlled for access thus developing limits against which different parties will gain access. This process requires configuration for the system or even the products and critical definition of parameters. Integrity ensures version control in that the right individuals have the authority to make change documents or allow for access. In cases where the changes appear detrimental, integrity will call for audit trails and a fallback position thus enhancing the right procedures within organizations. The systems are shaped in such ways that they show who and when the document was changed. This approach prevents modification by unauthorized parties, improper or wrong modification by authorized individuals and also ensure consistency in maintenance of internal and external programs and data. Availability ensure relevant information is always available within organizations when required. This include taking into consideration such aspects as back-ups, standby facilities and bandwidth. Standby facilities ensures that data and information for organization can still be modified and implementation conducted without influencing the normal functioning within organizations. Availability models ensures that data and resources are kept available for use by authorized individuals especially during emergencies and disasters. Such challenges that are addressed under this service include denial of service (DOS), loss of information system due to natural disasters as fires, earthquakes, stroms and flooding or even human actions such as strikes and bombing. It also ensures that data and resources are available during system failures. Accountability in information security assumes that every individual who works with an information system has specify responsibilities within the organization. Securing for accountability involves developing organizational approaches that ensuring every action such as data entry, modification and deletion has been by the right parties through control and record keeping on such issues as who, where, when and how the data has been modified. Assurance in information security involves the management from risks associated with the transmission, use, storage and processing of data and information. This concept ensures that information is available to authorized users only and that data is transferred or processed in the right form as required. It concerns information operations that defend and protect information by ensuring integrity, confidentiality, availability, and nonrepudiation. Categories of services Organizations achieve security goals in availability of a number of services that enhance better achievement of these security goals. The information security process is conducted under a number of processes which include: prevention, detection, recovery and support. Prevention of cybercrimes requires prior careful planning and analysis of the security threats an organization’s or individual’s data and information could be exposed to. During prevention, security policies, processes and controls should be implemented and appropriate designs made. Detection ensure that possible threats are discovered so as...