com9

Discussion 1

REDUCE POTENTIAL VULNERABILITIES PROTECT AGAINST INTRUSION ATTEMPTS, AND BETTER ANTICIPATE FUTURE THREATS

Segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection. Data security is a basic thought for any association that relies upon data frameworks and PC systems to complete its central business. It is particularly significant for government offices, where keeping up the opens trust is fundamental. The requirement for a careful way to deal with data security has been exhibited by the inescapable and continued computer-based assaults against the United States and others that keep on representing a possibly wrecking effect to frameworks and the activities that they support (Stollery, 2016).

GAO was approached to depict

(1) Cyber threats to government data frameworks and cyber based basic foundations.

(2) control lacks that make these frameworks and foundations defenseless against those dangers. To do as such, GAO depended on its past reports and investigated organization and assessors’ general reports on data security (Stollery, 2016).

Cyber threats to federal information systems and cyber-based critical infrastructures are evolving and growing. Without strong security programs, organizations have encountered a wide scope of episodes including information and underscoring the requirement for improved security. These advancements have driven government authorities to turn out to be progressively worried about the cyber assault. As per GAO reports and yearly security revealing, ensured to reliably defeat Cyber threats (CENC, 2016).

Reference:

Commission on Enhancing National Cybersecurity (CENC). “Meeting Minutes.” University of California, Berkeley, Berkeley, CA. June 21, 2016. https://www. nist.gov/sites/default/files/june_21_2016_ucb_meetin g_minutes.pdf.

Stollery Mark “Cyber Security-the Best Weapon Remains Good Information Security Hygiene,” Computer Weekly, March 2013, accessed May 20, 2016, www.computerweekly.com

Discussion 2

Critical national Infrastructure networks are government owned organizational systems which works as a backbone of any nation and comprises both essential and non-essential services such as agriculture, water-electricity-ga s supply, health, telecommunication, finances, security services, transportation, election data, etc.

 

With everyone and everything connected to internet, more threats and risk of attacks on these types of Critical national Infrastructure increases. There has been number of documented ad undocumented attacks which are made on daily basis to breach in the security of such governmental data in order to extract and manipulate information.

 

In order to safeguard from such potential threats and vulnerabilities, various security systems and policies can be employed such as:

Maintaining confidentiality: Keeping sensitive information secured and confidential

Maintaining integrity: Change in information and programs must be consistent and must be according to predefined set of rules and processes.

Maintaining accountability: Every transaction or change must be accountable to user.

Maintaining Provenance: keeping check on origin and history

Availability: Data must be available when needed by authorized entity.

Auditing: Internal and external auditing to support accountability

 

Along with this measures which are taken to protect against threats, intrusion attacks and future attacks, following measures should be employed:

Keeping anti-virus, anti-malware, and antispyware software’s updated.

Authentication

Employ cyber experts

Trains staff to work safe, have strong passwords , not to share sensitive information

Keep system updated

Employ end point security, network security to check data-in and data-out.

Maintain physical security of infrastructure

Maintain mirror sites to fallback

Have recovery and backup plan

Encrypt data

Who to inform incase of security breach

Regular audits and checks

Use no out of network and no outside device policy

 

REFERENCE :

Few, R. (2003). Flooding, vulnerability and coping strategies: local responses to a global threat. Progress in Development Studies, 3(1), 43-58.

Bai, Y., & Kobayashi, H. (2003, March). Intrusion detection systems: technology and development. In 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003. (pp. 710-715). IEEE.

Ma, S., & Seid, M. (2006). Using foresight methods to anticipate future threats: the case of disease management. Health care management review, 31(4), 270-279.