Premium Essay

Information Security Article Evaluation

In: Computers and Technology

Submitted By RISE226
Words 898
Pages 4
Information Security Article Evaluation CMGT/441 July 10, 2013

Confidentiality

As I was looking on the internet trying to locate a website to write my paper about, an article from Consumerreports.org got my attention. The article was about social media privacy. In June 2012, Consumerreports.org posted an article called “Facebook & your privacy: (Who sees the data you share on the biggest social network”), which attempts to explain and give several reasons how your privacy is being violated by social media. The article has some great points but also had many facts that made me question its validity.
The article in Consumerreports.org talks a lot about how Facebook is sharing all of your information and how confusing its privacy controls are. For example, part of the article states that Facebook has many privacy controls, but good luck trying to understand them. A new study by (Siegel &Gale 2012), New York-based consultants, finds that Facebook’s and Google’s privacy policies are tougher to comprehend than the typical bank credit card agreement or government notice. There is some untruthfulness in that because I am an avid Facebook user. Finding the privacy controls are very easy but it does take a little time to decipher what you need to do to make your profile private. I think Facebook has done a nice job trying to protect the privacy of users with a new technology which never before has been used at this magnitude.
Most of the recent changes that this company has done the past few years seem pointless and unnecessary. But one of the biggest features of those recent changes was that users can stop the flood of the applications and invitation towards their account by a…...

Similar Documents

Premium Essay

Information Security

...Information Security White Paper Why Security? The security of business information is the most important piece of a businesses infrastructure. Even in small operations, sensitive information that is essential to the business operations must be protected. "A survey by the computer security institute showed that one-third of all data breaches in just one year came at the expense of businesses with one hundred employees or less" (National Institute of Standards and Technology, 2009). What happens if you lose the most important information critical to your business operation? What would it cost your company to recover from an attack? How would you recover? These are all important questions to ask. Most likely your company's reputation would suffer, along with profits. In turn, any legal costs in relation to this security breach would be detrimental to your company’s financial health. Every business is required to have insurance, which might help with the aftermath of an attack, but it won't prevent an attack. Only information security is proactive in protecting your company's reputation and well being. Threats and Vulnerabilities The concept of threats and vulnerabilities are mentioned often in regards to computer security. A vulnerability is a weakness, or flaw, in a computer network that could be exploited. A threat is something that has the potential to cause harm to a computer, a network, or any......

Words: 1024 - Pages: 5

Free Essay

Evaluation of the Paper “Why Information Security Is Hard” by Ross Anderson

...Security Evaluation Matthew Williams CMGT/441 1/21/2013 Shivie Bhagan Security Evaluation My evaluation is of the paper “Why Information Security is Hard” by Ross Anderson. This paper is an evaluation that covers an economic perspective of information security in the financial industry throughout the world. Simply summed up by the statement, “The more people use a typical network, the more valuable it becomes. The more people use the phone system - or the Internet - more people there are to talk to and so the more useful it is to each user.” (Anderson, 2001) In the first paragraph Denial of Service (DOS) attacks are described as one of the issues presented by the current security incentive structure. “As an example presented the author states, “While individual computer users might be happy to spend $100 on anti-virus software to protect themselves against attack, they are unlikely to spend even $1 on software to prevent their machines being used to attack Amazon or Microsoft.” (Anderson, 2001) The statement accurately describes what I’d like to call a failure to respond to an indirect threat. Simply because a user is not directly being attacked most assume they are safe and that the statistics are in their favor. Unfortunately, this is rarely the case, like the great library in Alexandria which was destroyed and affects us all even today though indirectly. In a typical connection, the user sends a message asking the server to authenticate it. The server returns......

Words: 495 - Pages: 2

Premium Essay

Information Security

...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or......

Words: 25969 - Pages: 104

Premium Essay

Information Security Article Evaluation

...Information Security Article Evaluation CMGT 441 August 12th, 2013 Information Security Article Evaluation In today’s era where technology is always improving and moving forward faster than most people realize one thing stand consistent, company assets. Of these assets none seem more important in the era of “information highway” or “instant media” than information. Protecting information can be the key to a failure or success of a company. A group of security experts from government, industry, and academia put together a list of the 20 most critical security threats on the Internet. Released in 2001 by the Bethesda, Md.-based System Administration, Networking, and Security Institute (SANS), the list is to help network administrators steer clear of the most exploited Internet security flaws (Savage, June 2000). According to (Savage, June 2000) "The main message we're trying to deliver is that there are a few vulnerabilities that are comprising the vast majority of attacks and attempted attacks that we're seeing," said Jim Magdych, research manager at PGP Security, a division of Network Associates Inc., Santa Clara, Calif., and a project participant.” This list is for network administrators who are inundated with the security......

Words: 975 - Pages: 4

Premium Essay

Information Security

...production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.” The Need for Security Our bad neighbor makes us early stirrers, Which is both healthful and good......

Words: 24411 - Pages: 98

Premium Essay

Attack Prevention Article Evaluation

...Attack Prevention – Article Evaluation At every level of an organization’s structure there is a constant treat of attacks from numerous sources which can include but not limited to spyware, network policies, weak password, and personell lack of training. To analyze this attack rick prevention topic I chose an article from Information today by Phillip Britt titled “Data Security: an Ounce of Prevention”. This article captures the readers attention by using and example of a real incident in which a laptop was stolen from an individual who worked for Aetna and had about 38,000 personal files information from clients which included their social security numbers. With this example the author emphazises the need for stricter security measures and informs the readers how can they protect the information on their computers whether it is a personal computer or a laptop. The article highlight some of the major computer and system attack prevention methods in a condense but precise way from the top security experts. It advises the organizations to constanly educate the user about security issues with the machines and the information they manipulate on them. Recommends assigning security responsibility by someone in the firm or a third party vendor and establish and enforce user policies which include acceptable use of instant messaging, internet and other eqipment that may be available. A firewal it a must in the recommendation, since it will look for abnormal behavior in......

Words: 448 - Pages: 2

Premium Essay

Information Security

...Internet Information Security: The Problems and Solutions Chenlong Wu PRE-SESSIONAL COURSE July 2011 The Language Centre EFL Unit University of Glasgow Introduction: As a useful instrument in modern life, the internet has revolutionized life styles in recent years. Generally, the internet popularization over the world facilitates academic research, communication and entertainment. Nevertheless, problems exist in various aspects, such as misuse of the Internet, Internet addiction and information security, which includes individual privacy, business secrets and national information. According to the data provided by The World Bank (2011), 83.2% people have access to the Internet in the United Kingdom until 2009, but there was almost nobody surfing the Internet 20 years ago. Although increasing number of consumers are using the high technology, individual privacy and business secrets are exposed to potential risks. This essay aims to analyse the consequences of the problem and propose possible methods. Firstly, the essay will describe the major problems currently. Then discuss executable measures to address the problem. Finally, it will provide evaluation and conclusion. Problems: Internet information security is a new concept which for the purpose of protecting personal, commercial or national information on the internet, and guaranteeing privacy and business secrets not being destroyed or leaked out. Online privacy contains private information......

Words: 1376 - Pages: 6

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a......

Words: 5786 - Pages: 24

Premium Essay

Information Security

...Assessment Information Management Dovile Vebraite B00044098 Department of Business School of Business & Humanities Institute of Technology, Blanchardstown Dublin 15. Higher Certificate of Business Information Management 20/08/2014 Contents What is Information Security? ........................................................................ 3 What are the Goals of Information Systems Security? ….……………………………. 4 How big is the Security Problem? ………………………………………………………………. 5 Information Security Threats ……………………………………………………………………… 6 How to Secure the Information Systems? ………………………………………………….. 7 Conclusion …………………………………………………………………………………………………. 8 Bibliography ………………………………………………………………………………………………. 9 What is information security? ‘’Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.’’ (Whitman, Mattord, 2011). Information security is the protection of information and information systems from unauthorised access, modification, disruption, destruction, disclosure, or use. In other words it handles the risk management. The definition of information security is based on the concept that if there is a loss of CIA (confidentiality, integrity and availability) of information, then the person or business will suffer harm. What are the goals of......

Words: 1543 - Pages: 7

Premium Essay

Security Evaluation Report

...Information Security Article Evaluation Nelson Okubasu CMGT/441 12/3/2014 MARJORIE MARQUE Can We Sniff WI-Fi?: Implications of Joffe v. Google Google collected information between 2007 and 2010 both in us and oversees. In 2010 a law suit was filed against google for violating the federal wiretap act. Among the first of the cases to rule on intercepting unsecured Wi-Fi communications. As of today our society has become so dependent on using Wi-Fi communications for various aspects of our lives, there is a parallel expectation of privacy. At the same time there are so many people or users out there who don’t understand how Wi-Fi technology works, if their information is secure, whether there privacy is violated or if the government has the right law in place to protect them. The fact that users do not fully understand Wi-Fi technology and the shortcomings of current security mechanisms is not a justification to violate their privacy, but instead to call on the government to enact or amend the Federal Wiretap Act (FWA) to reflect their reasonable expectations. Clear statutory protections will allow for the continued progression of Wi-Fi technology. Society’s dependency on Wi-Fi networks and public hotspots both economically and personally requires expansion of the FWA to ensure national uniformity. Essentially, the court found that even though Wi-Fi networks do transmit data using radio waves, the uses of Wi-Fi......

Words: 1058 - Pages: 5

Premium Essay

Information Security Evaluation

...Information Security Evaluation CMGT 441 June 16, 2014 Information Security Evaluation Introduction In today's age where technology is constantly developing and shifting faster than most individuals can recognize, one feature stand dependable is company resources. Of these resources, none seems more significant in the age of instant media than information. Safeguarding information can be crucial to a failure or achievement of the company. Around 2008 to 2009, a consortium of security specialists from the United States government, private industry, and international organizations generate a list of the 20 most critical security controls against threats on the Internet. Transferred in 2013 by SANS Institute the list is to assist network administrators with the most developed Internet security faults (SANS Institute, 2000-2014). This list was intended for network administrators who are flooded with the security threats that are revealed day by day and not known where to begin. Some software defenselessness is because most effective strikes on computer systems because attackers are opportunistic, and take the simplest path by utilizing the most weaknesses in the systems with extensively accessible attack tools. Hackers rely on individuals and organizations not correcting the faults and frequently attack unsystematically by scanning the cyberspace for defenseless systems. According to SANS Institute (2000-2014), "the present 20 Critical......

Words: 615 - Pages: 3

Premium Essay

Information Security

...implementing the information security management standards, plus potential metrics for measuring and reporting the status of information security, both referenced against the ISO/IEC standards. Scope This guidance covers all 39 control objectives listed in sections 5 through 15 of ISO/IEC 27002 plus, for completeness, the preceding section 4 on risk assessment and treatment.  Purpose This document is meant to help others who are implementing or planning to implement the ISO/IEC information security management standards.  Like the ISO/IEC standards, it is generic and needs to be tailored to your specific requirements. Copyright This work is copyright © 2010, ISO27k Forum, some rights reserved.  It is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.  You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k Forum at www.ISO27001security.com, and (c) derivative works are shared under the same terms as this. Ref. | Subject | Implementation tips | Potential metrics | 4. Risk assessment and treatment | 4.1 | Assessing security risks | Can use any information security risk management method, with a preference for documented, structured and generally accepted methods such as OCTAVE, MEHARI, ISO TR 13335 or BS 7799 Part 3. See ISO/IEC 27005 for general advice. | Information security risk......

Words: 4537 - Pages: 19

Premium Essay

Article Evaluation

...Article: The Study of Hotel Customer Behavior and the Methods Applied to Achieve Their Satisfaction By Chanamon Niyomdej 1. Structure This paper aims to help hospitality management executives and students in this filed to understand hotel customer behavior and the methods which can be applied to achieve their satisfaction. 2. Main feature of the article This article is trying to provide the basic consumer behavior and their decision making process. Using data collected, the findings indicate that a good relationship with customers and quality performance of housekeeping, reception, food and beverage, value for money is positively correlated to customer loyalty. 3. Methodology and Results The methodologies issues and consideration involved in obtaining and handling the data used in the study has been divided into two. One is investigation/ direct work experience and the other is interview. This study proved that customers go through a five-stage decision making process in any purchase whether it is a product or service. Because the decision making is a cognitive one, it’s more psychological in nature. * Need recognition and awareness: in this phase, the customer recognizes and becomes aware that he/she has a need. * Searching for information: in this phase, the customer begins to search for information regarding for the solution for the need that was identified. The industry of the search depends on whether the purchase is a big deal to the......

Words: 533 - Pages: 3

Premium Essay

Information Security

...COM656 Group Project Security Plan Chunlin Yang Yunzhen Li Peng Yu Yun-Chen Tsao Coleman University COM656 Group Project Security Plan A brief description of the company Company size, employees numbers, Customers Canon Inc is a multinational corporation specialized in the manufacture of imaging and optical products, including cameras, camcorders, photocopiers, computer printers and medical equipment. It has about 190,000 employees worldwide by end of 2015. Canon has Personal, Office, Professional, Industry business sectors, provide products and services to many millions of customers in each sector globally. History Summary From its humble beginnings in a 1933 Tokyo apartment, Canon has grown to become a monolith in the field of imaging. Once only a maker of high-quality cameras, Canon now produces personal as well as multifunction copy machines, laser and inkjet printers, toner and canon ink cartridges, and calculators— all in addition to their high-quality cameras. Canon began under the name Precision Optical Instruments Laboratory with the goal of developing a high-end Japanese camera to compete with the European brands flooding the market. That first camera was named Kwanon after the Buddhist Goddess of mercy. Just a short time later, Precision Optical Instruments Laboratory created the first-ever 35mm focal-plane shutter camera called the Hansa Canon—and thus the Canon brand was born. But it wasn't until 1947 that the company officially changed......

Words: 3908 - Pages: 16

Premium Essay

Information Security Article

...Nadja D. Maravi Information Security Article Evaluation Abstract When people think about security they think about things like additional locks on doors, alarms, security guards at the entrance gate, and so on. Others believe that they should not have any sense of security. Technology has advanced so much that if a company does not secure its documents, it may be vulnerable to attacks from a simple code to injected attacks by someone who has the credentials and privileges to complete the attack. When people think about security they think about things like additional locks on doors, alarms, security guards at the entrance gate, and so on. Others believe that they should not have any sense of security. Technology has advanced so much that if a company does not secure its documents, it may be vulnerable to attacks from a simple code to injected attacks by someone who has the credentials and privileges to complete the attack. Recently, Oracle addressed a security issue in its database server that a researcher disclosed at the Black Hat Briefings. The database would be vulnerable to SQL injection attack if the attacker would have the credentials needed to pull it off. The description of the Oracle Security Alert states that the vulnerability is not remotely exploitable without authentication (Oracle Security Alert for CVE-2012-3132). David Litchfield, a database security consultant, showed at Black Hat some attacks that target the database management server. He...

Words: 413 - Pages: 2