Reply Assignments
Each reply must contain at least 200 words. Replies must also be well supported with 1 reference new journal articles specific to the author’s post and topic.
Please see Students discussion below and reply to it:
BMIS 664 Information Forensics, Compliance and Risk Management
Discussion Thread: Computer Security and Authentication
1:46pmOct 27 at 1:46pm
Controls are a crucial aspect of computer systems. Without controls in place, there are much higher possibilities of malicious attacks, ransomware, and viruses. The two prompts answered for this portion of the discussion involve personally utilizing security controls and how attacks could happen on those systems if individuals did not implement controls.
Do you currently use any computer security controls? If so, what? Against what threats are you trying to protect?
Several security controls are in place for not only my personal computer but also my personal network. Though these controls are not as stringent as those of an organization, the goals of the security measures satisfy the risk of personal computing. Security controls for my system start at the internet service provider. The risk is immediately lowered by selecting an internet service provider with a reputation for good service and minimal attacks. Oftentimes, this results in slightly higher monthly costs. Per Quach et al. (2016), one of the significant findings of rating an internet service provider higher than others was information quality and privacy. Apart from selecting the best internet service provider, additional controls are antivirus, VPNs, and password-protected machines.
Cite an example of each of the following: computer as a target of attack, computer as a method of attack, computer as an enabler of attack, and computer as an enhancer of attack.
Without the proper controls, the attacks above can become very real situations in either a home or enterprise network. Threats are the biggest concern when looking at a computer as a target of an attack. Per Bishop (2018), threats are "potential violation(s) of security" that must be mitigated utilizing technical or physical measures to defend against. A computer as a method of attack is slightly vague in the wording. To clarify and understand this better, we will identify it as a non-physical, technical attack.
An excellent example of this is ransomware. With the rise of ransomware worldwide, organizations and governments alike are constantly working to defend and mitigate these threats (Sokolov, 2021). Computers can also be utilized to enable and enhance attacks in both private and government sectors. An excellent example of this is the Stuxnet rendition the United States utilized to attack an Iran nuclear facility (Ali & Stewart, 2019). The cyberattack against Iran was being used to cause damage to a facility without any loss of life on either end. Though this is one way of new militaristic, nation-state attacks, there are several malicious nation-states and individuals alike that utilize attack methodologies to cause damage and loss of life.
References
Ali, I., Stewart, P. (2019, October 17). Exclusive: U.S. carried out secret cyber strike on Iran in wake of Saudi oil attack: officials. Reuters. Retrieved October 27, 2021, from https://www.reuters.com/article/us-usa-iran-military-cyber-exclusive/exclusive-u-s-carried-out-secret-cyber-strike-on-iran-in-wake-of-saudi-oil-attack-officials-idUSKBN1WV0EK
Bishop, M. (2018). Computer Security (2nd Edition). Pearson Technology Group. https://mbsdirect.vitalsource.com/books/9780134097176
Quach, T. N., Jebarajakirthy, C., & Thaichon, P. (2016). The effects of service quality on internet service provider customers' behaviour: A mixed methods study. Asia Pacific Journal of Marketing and Logistics, 28(3), 435-463. https://doi.org/10.1108/APJML-03-2015-0039
Sokolov, K. (2021). Ransomware activity and blockchain congestion. Journal of Financial Economics, 141(2), 771-782. https://doi.org/10.1016/j.jfineco.2021.04.015