Information Security Term Paper

Open, View, and/or
Download this Document

Total Length: 2352 words ( 8 double-spaced pages)

Total Sources: 6

Page 1 of 8

Security

An institution of higher learning is one of the most vulnerable places to cyber-attacks available to hackers due to the number of units operating, lackadaisical security measures and the ability of hackers to hide in plain sight. The fact that these are vulnerable systems and individuals has made it a top priority of most institutions to ensure that the people who attend the school at least have a policy in place. Because ensuring security for all residents of a school would be very costly, most schools have a policy regarding their own equipment, but assume that students will guard their own equipment while they are at school. The problem with this is that there is a lot of file sharing between students and between individual students and others using flash drives and the school's computer systems. Therefore, it is very simple to inadvertently introduce a deadly pest into the system.

To combat internet security issues in a larger sense, many companies offer individual and systems-wide software that will help combat breaches, and federal and state governments have tried to curtail the problem by enacting laws which will protect individuals and their private information. As can be seen from the almost daily report of breach information, these efforts are only partially successful. Regardless, agencies always try to stay either even or only slightly behind new attack capabilities. This paper examines recent attacks at institutions of higher learning, processes designed to stop the attacks, laws which are supposed to protect individual information and hardware designs that are helping the cause.

Recent Attacks at Universities

Attacks against institutions of higher education have increased over the past few years, but they are nothing new. It would probably amaze people to realize that the first documented bug placed in an electronic system was an actual bug (hence the name). In 1945, "Rear Admiral Grace Murray Hopper discovers a moth trapped between relays

in a Navy computer. She calls it a "bug,"…Murray Hopper also coined the term "debugging" to describe efforts to fix computer problems" (Krebs, 2003). Of course, now they are much more serious, cause more widespread damage, and can cost billions of dollars to search out and repair. It is a constant warfare between the people who wish to damage systems, or simply by accessing them illegally damage them, and the people whose constant job it is to thwart them.

Specific attacks have either been used against institutions of higher learning or they have, more often, originated there. Universities are often a hotbed of this type of criminal activity because a large group of individuals with the understanding of the mechanisms necessary to create havoc are gathered at one place. In 2003, a virus called the "Slammer Worm" infected "hundreds of thousands of computers in less than three hours. The fastest-spreading worm ever wrought havoc on businesses worldwide, knocking cash machines offline and delaying airline flights" (Krebs, 2003). Although this worm did not originate at a college necessarily, the speculation is that the original code, which was so small it just caused interruptions as it was not designed to write itself onto other computers, did come from a campus and that it spread through the internet for weeks before causing the damage it did (Krebs, 2003). A team of researchers at Princeton University in 2007, completed a project in which they developed cutting edge attacks and released them locally to determine their effect. The controlled results proved that it was possible to break into previously unassailable networks. The lead researcher stated "We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers" (Parker, 2008). This technology has been used in subsequent attacks and is the basis for technology that allows criminals to steal data from laptops on a router or hotspot. Another writer, talking about the dangers of cyber-attacks on college campuses says the dangers "malicious software (malware), phishing, infrastructure attacks, social network targeting, and peer-to-peer (P2P) information leakage are not potential threats; they're actual, daily issues" (Rasmussen, 2008). Recently, 2010, a computer system type that is the backbone of many university systems was attacked using a bizarre set of coincidences. Rasmussen writes;

"In a high-profile BGP incident, every organizations' vulnerabilities were demonstrated when a Chinese state-controlled telecommunications company, perhaps inadvertently, positioned itself to intercept 15% of the world's Internet traffic routes. In that case, China Telecom advertised erroneous BGP routes that funneled traffic for websites, e-mail and other transactions of the U.S. Senate, Department of Defense, NASA and Department of Commerce through Chinese networks before this traffic reached its intended destination.

Stuck Writing Your "Information Security" Term Paper?

View All Our Example Information Security Term Paper

Have A Custom Example Essay Written

"

This attack did not affect any college campuses, but a similar issue could easily happen to sensitive research data because it is so commonly used. The fact that the U.S. government was so highly infected by its use is proof that any network is at risk.

Security Systems Devised Because of Attacks

Cyber crime has yielded a large number of products and processes that are commonly used to combat the recurrence of the issue. There are a few issues with this approach. First of all it is reactionary. Instead of taking the time to build a system that will assess and address a variety of security issues as a unit, the goal is usually to stop the attack that is happening or has just happened. The problem with this is that by the time the reaction has produced a new set of processes or products, the criminals are already two or three steps ahead (Rasmussen, 2011). Another issue is that most systems designed to stp this type of crime are piecemeal. This means that they are different products from different manufacturers that have been patched together to form a complete barrier. Unfortunately, the systems often do not work well together so, as a whole, it is vulnerable to further attacks. This approach also slows the business that the organization is trying to do, so, in essence, the criminals have won a small victory by both hacking the system and by curtailing future operations (Cisco Systems, 2007).

Fortunately there are organizations, such as Cisco, that are trying to address the problem as a whole. The Cisco system

"Cisco Campus Secure for Higher Education Networks is based on the Cisco Systems vision of the Self-Defending Network -- a network that is integrated, collaborative, and adaptive. A Self-Defending Network:

Integrates security throughout all aspects of the network

Collaborates among all network and security elements to create a unified defense system

Adapts to new threats as they arise" (Cisco Systems, 2007).

This and other systems that have to be geared toward the problems that a university has because they are unique issues that other businesses do not face. The Cisco system was designed with a university customer in mind and has taken all of the vagaries of the project into consideration.

Technology or Processes used to Lower Computer crime Threats

Comprehensive programs like Cisco's can be expensive because they are expensive. Of course they offer a pupil network secure solution that keeps an individual secure for a $4.99 fee. This is basically the same as purchasing any other antivirus software, but it is supposed to be specified for the problems and usage that a college student might face.

Other vendors do offer similar products though. Norton sells a version of similar software that can be purchased on a yearly subscription basis at just $140.00 for a two-year download license. McAfee has a similar product that it sells for a one-time price of $100.00, but the purchaser can purchase updates also for a separate fee. Kaspersky also has similar software that it sells for approximately $60.00 for a yearly download and updates. Others have the same products, such as ATT and Personna, that retail for about the same price.

Possibly the best rating system for an good that can be purchased is Consumer Reports. The site does not take any donations or advertisement, but exists using subscriptions to its service. The reason for this is that the reviewers on the site want to remain as unbiased as possible. During a review of security system platforms for the internet, Consumer Reports rated the Kaspersky system the best, Norton second, and McAfee last of the products mentioned above. Avira and G. Data had the best systems, but G. Data cost half as much. So, it seems the suggestion is to go with the G. Data Internet Security 2012 product (Consumer Reports, 2012).

Computer Attack Laws

Because this is such a widespread problem, the government has also gotten involved to try and tighten the law which governs internet and system security. Many organizations, including the U.S. government, have data that they need to ensure is secure because it is of a very sensitive nature. The problem is that it is difficult to write a body of law that is at once broad enough to capture all that can….....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


Related Essays

Security Management Civil Action

Under the due care principle, corporations and their management are duty-bound to offer information security despite their unawareness of these obligations, which stem from that part of American common law dealing with negligence-related problems (that is, the tort law). A company and its managers might find themselves facing a lawsuit in the event they leave information systems excessively insecure or do not take actions for ensuring reasonable security of their corporate information systems, leading to damages if anybody breaks into these systems. Normally, the organization is accountable for its own operational expenses, which include any expense linked to personnel misconduct or negligence. But… Continue Reading...

Mobile AIS Security Issues

outsourcing their staff. That the human element is critical in information security is a known thing; these issues might help a little but the wording doesn't directly address issues like phishing or Trojans that rely on human error to gain access to information. Ideally, you'd want to see the application have passed some… Continue Reading...

Cost Efficiency in Cyber Security

a balance between being fiscally conservative and being technologically secure. 2. The information security function should be able to provide a reconciliation of what? The information security function should be able to provide a reconciliation of prior purchases and their overall effectiveness. The purpose of this is to ensure that disrupted or halted implementation processes are not still drawing money from accounts—i.e., no new purchases are being wasted on processes that are no longer even being implemented. The reconciliation of prior purchases with overall effectiveness also helps in the due diligence process that is typically conducted whenever security investments are conducted. 3.… Continue Reading...

Social Media Postings and the Internet Privacy

information security and platform operations. It gives a technical and real life experience of the world of internet security, hence useful in this research. Ayala D., (2017). Dealing with the Loss of Internet Privacy. Retrieved August 24, 2018 from https://www.proquest.com/blog/pqblog/2017/Dealing-with-the-Loss-of-Internet-Privacy.html This is an article from ProQuest written by a contributor who is an authority figure in the internet world since he is the ProQuest Director of global information security. With this exposure he systematically analyses what internet privacy is and its significance to organizations, how it can be achieved and… Continue Reading...

The Importance of Communications As a Critical Infrastructure

too (Bush, 2003, p. 9). Yet communications security also means the continual upgrading of resources to maintain information security and ensure clear, rapid, secure communications. In the National Strategy, communication is also framed as a multifaceted concern that spans all industries, agencies, and sectors. Commercial activity, information sharing, and public health and safety all depend on secure and reliable communications infrastructure. Therefore, all stakeholders have a responsibility to maintain their own network integrity, to remain committed to information sharing and honesty, and also to overall interconnectedness and collaboration with key partners (Wortzel, 2003). Because so much of the telecommunications landscape is privately owned and operated, the National… Continue Reading...

How Autonomous Car Will Change Everything

industry. Indeed, as more emphasis is placed on developing autonomous technology, engineers, computer coders, IT developers, and information security workers will be required in large numbers. Each of these industries stands to benefit. The blue collar fields are what stand to be decimated. Industries that will start up out of the rise of self-driving cars will likely be a new type of monitoring/networking system like that in the aviation community, where individuals guide and track vehicles on their voyages, interacting with the technology, monitoring the vehicle’s systems and so on. This industry would have to incorporate safety, technology, and communications systems along with training personnel and building… Continue Reading...

sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"Information Security" (2012, December 21) Retrieved May 9, 2024, from
https://www.aceyourpaper.com/essays/information-security-105590

Latest MLA Format (8th edition)

Copy Reference
"Information Security" 21 December 2012. Web.9 May. 2024. <
https://www.aceyourpaper.com/essays/information-security-105590>

Latest Chicago Format (16th edition)

Copy Reference
"Information Security", 21 December 2012, Accessed.9 May. 2024,
https://www.aceyourpaper.com/essays/information-security-105590
   

Open, View, and/or
Download this Document
order custom essay example