Inside The National Infrastructure
Marvin Phillips Jr.
Professor David Belva
SEC 310 Homeland Security Organization and Administration
A computer attack may be defined as actions directed against computer systems to disrupt equipment operations, change processing control, or corrupt stored data. Different attack methods target different vulnerabilities and involve different types of weapons, and several may be within the current capabilities of some hacker groups. A general overview of these attacks can be categorized into a physical, electronic, or computer network attack. These attacks could actually prove more damaging because they involve disruptive technologies that ...view middle of the document...
Computer systems, environments, and organizational policies are different, making each computer security services and strategy unique. However, the principles
of good security remain the same. In order to help security professionals develop a strategy to protect the availability, integrity, and confidentiality of data in an organization's information technology system. Confidentiality is where the system contains information that requires protection from unauthorized disclosure and this can include personal information and proprietary business information. The system contains information that must be protected from unauthorized, unanticipated, or unintentional modification which is integrity. Also availability contains information or provides services that must be available on a timely basis to meet mission requirements or to avoid substantial losses. These supplements are all a part of the plan for dealing with risk management. Risk treatment also known as risk control, is that part of the risk management where decisions are made about how to deal with risks either in the external or internal environment with various options like risk reduction, risk avoidance, risk acceptance and risk transfer. Using risk analysis, risk mitigation and risk monitoring make up the process. The acceptance is where you have to be ready to deal with risks when they occur and understanding to when they happen, mitigation is the plan for what to do about the risks identified by Risk Analysis, avoidance is to minimize the potential for those risks to materialize, and assignment is basically knowing and being aware of your task at hand.
Common risks should be constantly be reviewed throughout the project as they're likely to increase in risk or even decrease or disappear all together. In order to gain full awareness, your Controls must be restraining and directive influences upon the overall system. General principles of control are applied in business organizations and internal controls assure that all transactions are authorized, all transactions are recorded, and as well access to assets will be allowed only for authorized purposes. We can use many different tools towards our
administrative controls designed to protect like a separation of duties, proper hiring practices, processing of terminations, security reviews, audits, and background investigations. These terms mostly fall under being detective and preventive for unwanted behaviors. We can use corrective security controls in order to respond and fix these security incidents as well limit or reduce further damage from an attack. Corrective controls involve the need for procedures to react to incidents to take corrective actions on a timely basis. Many rely on human judgment but planning and preparation are important. Businesses are focused on Information Technology and security risks like never before. How do organizations large and small deal with risk and technical...