The Global Economy: Security Policy Development Report (Research Paper Sample)
Security Policy Development
Imagine that you have just been appointed as a computer security consultant for a firm of independent computer security systems advisers, with an international base.
You have been tasked with compiling a report that investigates the current computer security threats for Energy utility suppliers working within the global economy and developing a generic top-level security policy document which could be used and developed upon by any energy enterprise as the basis of their main reference source for computer security manager’s and staff alike for such organisations.
The policy document must identify the major threats and vulnerabilities and these should indicate how they may need to be prioritised by the organisation to best meet their requirements to support business risks identified by them. The document must be logically structured to ensure quick and easy retrieval of specific information and guidance. You must also encourage internal standards for 'good practice' with these being clearly related to relevant external [United Kingdom, European and International] standards. (Please note that a student may identify their country of origin and then formulate their international standards within their development against that country)
Security Policy Development Report
Name of Student
Date of Submission
This essay identifies some of the most common computer risks and threats that organizations face. It also recommends effects and ways of combating each of the threats. The study was based on a firm that deals with energy utility supplies. The selection of the sector was because that is one of the sectors that face high computer threats and vulnerabilities. As such, it is critical to suggest ways through which the threats can be eliminated.
The essay has several sections. The first section of the essay presents a succinct sufficient depth of the organization and structure of the current security threats. That information was collected through investigation. It is important in this study because it gives an overview of the current state of affairs in the field of energy utility supplies regarding computer threats and vulnerabilities.
The section part of the essay presents an identification and prioritization of the most significant threats and vulnerabilities that are found in the systems. The threats and vulnerabilities are defined and explained. Their effects on the efficient operations on the energy firms are discussed. The information obtained in this stage was critical because it was used to make draft policies that can be used to combat the threats that were identified.
The next section of the essay shows some of the policies that were formulated. These policies help in eliminating the threats that were identified. The formulation of the policies also followed the security standards and guidelines. That was to ensure that they can be used in various organizations and setups as long as the threats detected are similar to the ones for each policy. Finally, the report has another section of recommendations and conclusion. The section highlights some of the recommendations that can be adopted by organizations to promote the ease of fighting computers threats. The list of works that were cited is also provided.
Security Policy Development report
Organization and Structure of the Current Security Threat
Energy utility suppliers are some of the organizations that face various forms of computer threats at different levels. There are cases where firms wake to the shock of virus attacks in their computer workstations. In such cases, firms opt to isolate their computer systems so that they are not accessible to the outside world. Most of the crimes and threat that are committed through the computer and cyber are well-organized and persistent, and so they end up successfully. It is also worth noting that some of these computer threats are impossible to detect because they disguise as legitimate activities.
The results of such threats are wide-ranging and profound. The financial impact of firms such as the energy utility suppliers could hit as high as millions because of the vast size of the firms. Other adverse effects that could result from computer threats include damaging of brands, erosion of the confidence of customers, violation of compliance mandates, and weakening of the revenue generation capabilities of the firm.
Computer threats on energy utility suppliers endanger the safety of the public and the country. That is because the provision of energy is one of the most crucial contributors to the economy of a country. Threats also disrupt communications, energy refining, exploration, power, and utility services (Bronk 2013, p. 88). The evolution and advancement of technology are responsible for the rise in computer threats and insecure environment. As such, there is a need to establish ways of meeting the requirements of the threats and minimizing their influence on the finances and operations of utility supplies. This essay presents a model that could be utilized by organizations to combat the effects of these threats and ensure that the firms are not exposed to such vulnerabilities in the future.
Significant Threats and Vulnerabilities for Systems
The primary aim of this study was to study the computer threats facing energy utility supplies firms. As such, the following were established as the most common computer threats that need to be addressed.
People: Increasingly and shockingly, people lead the way in the list of computer threats that most utility supply firms face today. It was found that in most cases, individuals use any method they can to access sensitive information that belongs to some of these organizations (Bronk 2013, p. 88). That has led to a significant rise in cyber-attacks. They also use other methods to obtain the targeted information that could be used to harm the operations of the firm. Examples of techniques that people use in this case include operations such as IP theft, attacks on the security and intelligence units, and espionage, and cyber intrusions are some of the threats to which the utility supplies firms are exposed. Most countries use cyber techniques and tools to gather the required technologies, information, and other forms of sensitive data.
Some employees, trusted partners or consultants have access to some of the sensitive information about a firm. The study established that they have the potential to use the information at their disposal to destroy the organization. Additionally, there is also the threat of hacktivists (Rudner 2013, p. 470). Their primary aim is to access some computer files from the firm through illegal channels. As such, they can use it to influence the finances of the company. As such, there is a need for the organization to upgrade the VPN that they use. It is recommendable to use IPv6 instead of IPv4. That ensures that the VPN systems are complicated for hackers to access the IP address and other forms of sensitive information that should be kept to the firm only.
Virus: A virus refers to a piece of software that is capable of undergoing self-replication and infecting a computer without being permitted by the owner or user (Wueest 2014, n.p.). Viruses only spread after they have been transmitted by an individual over the Internet of the network. It was found that the danger level of computer viruses is high, but the prevalence is also extremely high.
The worst form of damage that a virus does to a utility supplies firm is deletion of files, reformatting the hard disks of the computers, and loss of critical data and information, among other damages (Wueest 2014, n.p.). As such, that is disastrous to the firm because it may end up losing information on financial or data statements. Additionally, some viruses replicate and take up some space in the memories, preventing storage of otherwise critical information such as order requests placed by clients.
SPAM / SPIM / SPIT: SPAM refers to junk that is in the form of an electronic email. The number of spam that spreads through email today has increased significantly (Sovacool and Brown 2010, p. 95). Email addresses to which the spam messages are sent are extracted from websites, chat rooms, and via Trojans. The Trojans have the capacity to harvest the address book of the user such as the firms. On the other hand, SPIM refers to spam that is sent through systems of instant messaging such as ICQ, MSN, and Yahoo Messenger. SPIT is spam that is spread through Internet Telephony. However, the danger level of these threats is low. Additionally, there is an extremely high prevalence level.
They were found to cause clog in the mailbox, leading to an overload in the mail servers and slowing down the efficiency of the performance of the network. One of the ways of controlling spam is using filters. Unfortunately, this is a risky method in the energy utilities supply firms. That is because genuine emails from new customers could be filtered from the email box. These spams are spread by spammers who take control of computers using a botnet (Sovacool and Brown 2010, p. 95). Compromising computers in a firm could easily lead to comprise of the information of the firm. As such, the firms stand the risk of been controlled by spammers and hackers who might have ill motives.
SPOOFING, PHARMING, AND PHISHING: Spoofing refers to an attack whereby a program is masqueraded by another. An example is the use of a URL of the website, popularly referred to as phishing (Newman 2010, p. 34). As such, phishing is defined as a type of spoofing that is the most common. In this case, a duplicate, phony web page that looks like the legitimate one is produced. The duplicate is normally controlled by an attacker.
It is a form of threat whereby firms are tricked about the safety of a web page. The research established that in the process, the attackers harvest passwords, user names and sensitive information that belong to the firms. That lands firms in trouble because the hackers can take control of the operations of the firms. For instance, they can lure customers into sending money to them. That is also dangerous because it could lead to the damaging of the image of the firm, as well as loss of trust.
On the other hand, Pharming refers to attack where the hacker makes effortless attempts to direct the traffic of a website to another website, referred to as a bogus website (Newman 2010, p. 34). The hacker changes the host files or exploits DSN server software that is vulnerable on the computer of the victim. DNS servers refer to the computers that are used to resolve Internet names into IP addresses that are real.
In this case, these threats have a high danger value to the firm. It could end up losing millions of cash, customers, brand image, and customer trust and loyalty, among other losses. Additionally, the prevalence rate is extremely high. That calls for the need to establish ways through which energy supply firms and other related organizations could protect themselves from such threats and vulnerabi...
- Comparing two Operating SystemsDescription: The sample compares between the features of Windows XP and Ubuntu...19 pages/≈5225 words| Harvard | Technology | Research Paper |
- Mobile Cloud Computing SecurityDescription: The cloud portents a fresh era of computing where there is unlimited providence of application services within the network...6 pages/≈1650 words| 9 Sources | Harvard | Technology | Research Paper |
- The Global Economy: Security Policy Development ReportDescription: Security Policy Development Report: This essay identifies some of the most common computer risks and threats that organizations face...1 page/≈275 words| 7 Sources | Harvard | Technology | Research Paper |