Computer Security Briefly Support Your Own Opinion Term Paper

Pages: 8 (2728 words)  ·  Bibliography Sources: ≈ 26  ·  File: .docx  ·  Level: College Senior  ·  Topic: Education - Computers

Computer Security

Briefly support your own opinion about the ethical principles of the Lamers group before formation of the SecureThink Company. Briefly support your opinion about the ethics of the hiring of SecureThink by the MoneyBags record company.

The Lamers group initially gets formed out of a curiosity and sense of challenge the members have about how to crate robotic software code that can replicate itself, communicate and erase its digital trail. Groups like Lamers illustrate however how widely multidimensional security threats are, as it is impossible to manage the intentions of each member of this group (Landau, 2008). The ethics of the group therefore has to be questioned as their design objective, collectively, is to impact the SoftMicro operating system. Attacking or targeting a specific operating system to cause harm is very unethical, and despite this groups' contention of being curious and wanting a challenge, their actions speak otherwise. The decision of companies to hire hackers who are "white hats" or those that practice ethical programming and analysis (Leung, 2005) is one that is commonplace. One must question the ethics and judgment of MoneyBags record company as they are hiring known black hat hackers and ironically putting their intellectual property at risk. Moneybags is unethical in hiring a firm known for attacking a specific operating system.

A2. Name the groups that have responsibility in the occurrence of each of these 2 computer security incidents, and give examples (you may speculate) of their responsibilities?

Download full Download Microsoft Word File
paper NOW!
The first group that is responsible is the Lamers, who created the code that attacks the SoftMicro operating system. While they contend they are not intending on malicious activity, the second group who gets their code and uses it to attack airport and office buildings is. The case assumes these are internal terrorists, yet they could just as easily be radical segments of the Lamers programming group.

A3. Explain the types of system security threats and vulnerabilities involved in each security incident.

TOPIC: Term Paper on Computer Security Briefly Support Your Own Opinion Assignment

The first and most prevalent threat is the lack of security is at the operating system level where SoftMicro has failed to anticipate security threats that operate at multiple levels or platforms at once (Winjum, Molmann, 2008). Second, the automation of the lamers.legacy application qualifies it as a botnet and points to how SoftMicro needed to anticipate this type of threat (Seewald, Gansterer, 2010) yet did not. Third, the lack of protection on endpoints of the system and the passwords to gain access to them is a weakness (Lowe, 2009) that needed to be averted. Finally the quick access the hackers had to enterprise systems including the air traffic and elevator systems also shows how a more effective multidimensional security model needed to be in place (Winjum, Molmann, 2008).

A4. List a combined total of 5 security controls that would be most useful to prevent or lessen the likelihood of the computer security incidents described above, and describe how each of these 5 controls could have been used to improve security.

The five security controls to avert these disasters include operating system-level application state engine (Winjum, Molmann, 2008) that would monitor overall system security and anticipate threats. Second, as botnets are prevalent and growing, the inclusion of security to avert this threat would have been critical to have (Seewald, Gansterer, 2010). Third, protecting the endpoints of these networks to block hackers from gaining access is critically important (Lowe, 2009) yet the SoftMicro system does not have this capability. One of the strongest aspects of the lamers.legacy code is the ability to e-mail itself, delete its digital trail and to an extent, decide which direction it will grow. Ironically many operating systems that are critical to network performance do not have automated events management (Libeau, 2008). Automating the response to a threat is critically important for overcoming and stopping threats including the lamers.legacy virus. Finally the lack of password security is exceptionally bad in the cases described and lacks even the most rudimentary levels of security. The development of more effective password management through authentication and biometrics (Rowan, 2009) needs to be implemented in the installations mentioned in the case study to ensure these sites' security.

A5. What, according to McNurlin, Sprague & Bui are the prime reasons for information insecurity since security is often applied in instances such as the above incidents?

First there is significant resistance to change at the procedural, process and system level in the majority of companies. Despite an organization having widespread consensus that security is critically important, actually changing the organization's culture and more specifically people to support greater security is often a challenge. Second, McNurlin, Sprague & Bui point to a lack of knowledge transfer and knowledge management throughout organizations which also leads to significant lapses in security. Third, the belief in many organizations that security is only a hardware-related or otherwise isolated issue instead of one that is strategic and encompasses all systems, processes and procedures across an entire enterprise is a reason for many security lapses.

B1 Describe 2 possible types of computer system security threats when doing this activity at the work site, and link them to types of computer assets that are at risk.

There are many, many potential threats to a company's computer systems and networks from engaging in activity on Peer-to-Peer (P2P) networks with each of them capable of disabling the operations of e-mail, network management and production systems (Erlanger, 2004). By far the most prevalent threat from using P2P networks to share music and files is the potential that exists for the central index mail server to be infected and cease operation (Swartz, 2007). This threat would in effect cripple the entire e-mail system of an enterprise, costing tens of millions of dollars of lost productivity in the process (Erlanger, 2004). The second threat is that of infecting the office automation and personal productivity applications on the individuals' and those they work with PCs (Mansfield-Devine, 2010). Viruses spread through P2P-based networks are botnets and as a result multiple throughout a network very rapidly (Seewald, Gansterer, 2010). Infecting personal productivity-based applications creates additional lost productivity yet can also serve as the catalyst for the virus reaching people and organizations outside the company as well (Swartz, 2007). In short, an entire e-mail system and the personal productivity applications a company relies on can be crippled and made entirely non-functional due to P2P viruses.

B2 Explain 2 possible security controls that may help reduce these threats.

The first approach is to anticipate and thwart the patterns that P2P systems use to proliferate throughout a network (Caviglione, 2009) and also education users of how their own, personal data is at risk of being stolen and sold through unethical use of P2P networks for identity theft as well (Swartz, 2007). This combination of showing how P2P networks can cripple and immediately stop e-mail system, infect personal productivity applications including Microsoft Office, and spread throughout supplier networks the company works with for example, call for greater levels of predictive deterrence and the use of more advance algorithms to attain higher levels of security over time (Caviglione, 2009). Second the use of a constraint-based modeling platform that can anticipate threats and react to them quickly is going to be more effective than taking the action of blocking P2P networks in general (Gaspary, Barcellos, Detsch, Antunes, 2007). As P2P networks are proliferating the ability to capture their traffic over a company network, constrain its traffic and eradicate it through use of modeling techniques and programs including algorithms are critical for stopping them (Bailes, Templeton, 2004).

C1. Public-key cryptography uses 2-keys. This is different from single-key (secret-key) cryptography. What characteristic is a major vulnerability that discourages use of single-key cryptography in a network?

Of the many limitations and drawbacks of single-key or secret-key cryptography the one that puts systems communicating and sharing confidential systems using this approach at the greatest risk is the fact that only a single key or security element is used to protect the content and communication (Galindo, Herranz, 2008). The ease of hacking single-key or secret-key cryptography is considered exponentially higher as a result. Further, single-key or secret-key cryptography does not have a "proxy" or externally visible secondary key that can act to thwart attacks on these types of communication as 2-key or public cryptography does. Finally the single-key approach while having a variety of potential configurations including conventional, symmetric and secret, fails to be able to scale to a level of security of more advanced methods including two-key public cryptography. This limitation of the single-key or secret-key authentication is often compensated for with the physical delivery of keys and security-based instructions on how to access systems. Manually based approaches that include the physical delivery of keys are anachronistic in the 21st century and fraught with security risks over and above the purely electronic limitations of this security standard (Sarkar, Maitra, 2010).

C2. How does public-key cryptography overcome this vulnerability to allow for more security for communications through a network?

Public-key cryptography creates a public and… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Download full paper (8 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Ethics of Privacy Is a Very Controversial Research Proposal

Security - Agip Kazakhstan North Caspian Operating Term Paper

Malware Since the Earliest Days of Humankind Term Paper

Class Scheduling Software Capstone Project

Security Aviation Security Pre and Post 911 Term Paper

View 200+ other related papers  >>

How to Cite "Computer Security Briefly Support Your Own Opinion" Term Paper in a Bibliography:

APA Style

Computer Security Briefly Support Your Own Opinion.  (2010, April 24).  Retrieved September 28, 2021, from

MLA Format

"Computer Security Briefly Support Your Own Opinion."  24 April 2010.  Web.  28 September 2021. <>.

Chicago Style

"Computer Security Briefly Support Your Own Opinion."  April 24, 2010.  Accessed September 28, 2021.