Research Paper: Metrics, Implementation, and Enforcement (Security

Pages: 10 (2896 words)  ·  Bibliography Sources: 10  ·  Level: Doctorate  ·  Topic: Education - Computers  ·  Buy This Paper


[. . .] Cridex has been a bot Trojan that operates by opening the rear door on the compromised Computer and putting in a form of the Necurs rootkit to avoid conventional operating-system-based security and safety applications from reading through its binaries. This targeted breach generally starts execution around the target system via a drive-by-download breach that makes use of system susceptibility or perhaps a social engineering strike with an e-mail attachment. After that it installs the Necurs rootkit, which has also been utilized by a number of malware groups, such as Advanced Pc Shield 2012 along with Banker, to endanger the operating-system. Cridex subsequently assumes charge of the victim's computer system and enables it to gather data and possibly make deceptive transactions simply by manipulating genuine bank WebPages. In this manner, the cybercriminals have been allowed to trick the operator into entering the precious data they need devoid of heightening suspicion (McAfee, 2012).

How will you measure compliance?

When safeguarding against fast paced attacks, it is important to set up proactive security and safety procedures to make sure that all endpoints have been up-to-date. Sadly, today's computing atmosphere tends to make this task a struggle. Even though it is crucial for endpoint PCs to become resilient and readily available for users night and day, the development of Information technology consumerization and cellular computing has restricted Information technology control as well as accessibility. Moreover, the cost of deskside visits-if and when they have been feasible-has also been a source of growing operations expenses.

McAfee ePO Deep Command utilizes the Intel Active Management Technology7 (Intel AMT) abilities of Intel Core vPro processor chips to assist businesses better handle security and safety in the hardware levels. With McAfee ePO Deep Command, you are able to handle powered-off endpoints to operate security and safety upgrades along with deployment as well as scan tasks, and execute remote remediation of security and safety problems. Just like McAfee Deep Defender, McAfee Deep Command functions beyond the operating-system, and it is made to reduce security and safety operations expenses whilst assisting increase your organization's security and safety posture.

What other measures will you implement to reduce the probability of security incidents such as data exfiltration?

Improve Security and safety on Endpoints:

Nowadays, Information technology sectors have been dealing with fewer sources and smaller sized costs, but managing much more computers than in the past. Mix this with customers operating from any quantity of remote places and more rapid threat dissemination, and remaining well informed about security and safety guidelines can appear as a losing conflict. Whenever a security infringement does happen, you'll need the opportunity to react at any given time, with all the right assets in position to reduce harm whilst keeping operators in action.

Intel Core vPro processors provide potent hardware-based remote tracking and removal capabilities to streamline Information technology management and impose security and safety for all end users, irrespective of their whereabouts.

With Intel Core vPro processors, you can:

• Drive essential security and safety upgrades to PCs in almost any power state, at any given time.

• Effortlessly handle mobile PCs, regardless of whether it is to identify a small issue or to run a probable security infringement.

• Proactively help, manage, and handle corporate security and safety guidelines.

Metrics? How can you measure success or failure, and how can you measure compliance?

A few of the compliance measures may also consist of:

1.1. Compliance Tracking Responsibilities

1.1.1 Localised Reliability Businesses for Reliable Agencies.

1.1.2 NERC for Localised Dependability Organization.

1.1.3 Third-party watch devoid of personal interest in the end result regarding NERC.

1.2. Compliance Tracking Time period and Reset Time period


1.3. Information Storage

1.3.1 The Accountable Organization shall maintain all records along with information via the previous complete year or so.

1.3.2 The compliance track should maintain review documents for 3 yrs at least.

1.4. Extra Compliance Information and facts

1.4.1 Accountable Agencies shall show compliance via self-certification or review, as dependant on the Compliance Watch.

1.4.2 Situations in which the Accountable Entity are unable to comply with its cyber security and safety policy should be recorded as exclusions and authorized by the specified senior manager or maybe delegate(s). Make reference to CIP-003, Requirement R3. Appropriately authorized exclusions won't lead to non-compliance (Deloitte, 2012).

How would you implement these measures?

Cyber Application Preparation and also Performance Supervision makes sure that the business allocates cyber assets in the most effective way, in conjunction with the business approach and objectives. This functionality entails planning those activities of the cyber application as well as measuring the program's usefulness at guarding resources (Goodyear et al., 2010). Cyber application preparation also guarantees the purchase of sources required to constantly deal with increasing threats as well as emerging specifications, such as, for instance assigning adequate resource for employing and teaching cyber security experts. Overall performance procedures offer significant, actionable information on the position of cyber security and safety to decision makers and cyber experts all over the business, assisting them determine application gaps, determine sources necessary to shut the holes, and prioritize assets to concentrate on activities that offer the best productivity, efficiency, and skill to show long-term return on your investment (Booz, 2012).

The cyber application preparation and performance supervision functionality allows for integration of the wide range of cyber security features throughout the business. Amongst its duties, this management functionality recognizes cyber endeavours for financing, evolves a purchase strategy, monitors execution, and calculates overall performance within the business lifecycle (Booz, 2012).

How would you enforce compliance with the policies and measures?

Practical cyber application preparation and performance supervision functionality allows aggressive, measurement dependent cyber security effective at anticipating as well as rapidly addressing the growing threat along with regulatory conformity atmosphere. The cyber application preparation and performance supervision function has been strongly aligned together with the enterprise's cyber security approach. Like a key factor of the "policy" section, approach examines different methods and ways to achieve policy objectives; also it recognizes the best configuration of abilities (individuals, practice, and technologies) to offer the objective most effectively. In this manner, technique assists move the application preparation and investment choices to handle cyber policy as well as objectives (Booz, 2012).

No business can safeguard itself totally from cyber breach. Rather, the aim has been to lessen the chance of attack and harm by controlling every aspect related to cyber security in an integrated energetic security framework. Complete cyber supervision makes sure that the business gives credence to the big picture, instead of end options, aligning its sources together with the business approach and objectives. Consequently, the meticulous business knows and handles growing cyber security and safety dangers, workers comprehend and stick to the security and safety guidelines, policies have been set up to stop insiders from delivering delicate data, cyber resources have been recognized and correctly safeguarded, and sources have been prioritized towards high-impact actions. While information systems become a little more essential to enterprise and government procedures and our nation's essential national infrastructure, cyber security turns into a "strategic enabler" as opposed to a strategic afterthought. When handled with a holistic approach, cyber security makes way for revolutionary systems for example virtualization as well as cloud computing; also it safeguards environmental surroundings for game-changing products in places like e-health, smart grids, as well as monetary systems, along with e-government (Goodyear et al., 2010). Cyber supervision can serve as the building blocks for strong, energetic cyber security that facilitates business strategic goals as an integrated enterprise practice (Booz, 2012).


McAfee Labs (Q1 2012).

Intel IT Centre. (2012). Planning Guide: Preventing Stealthy Threats with Next-Generation Endpoint Security -- A Proactive Approach from Intel and McAfee. Intel IT and McAfee.

Mitre. (2012). Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX). Mitre Corporation.

Jones, D.R. (2011). Managing Cyber Threats Risk Management & Insurance Solutions. Roach Smith and Howard Burton.

Booz, A.H. (2012). The Vigilant Enterprise -- An Integrated Approach to Managing Cyber Risk. Booz Allen Hamilton Inc.

Homeland Security. (2012). 2012 GFIRST Conference. (2012). Enhancing Cybersecurity Awareness and Resiliency through Collaborative Partnerships. Homeland Security.

Wedge, B., Casciano, D. And Granado, J. (2011). Technology risk management in a cyber world: a C-suite responsibility. Ernst and Young.

Deloitte. (2012). Risk Intelligent governance in the age of… [END OF PREVIEW]

Risk Management and Analysis Process and Policy Before Technology Research Proposal

Traffic Accident in Oman Research Paper

Merger Activity Due in Large Term Paper

Transrx Acquires MEDS4PETS Whither KM Research Paper

Mexico Illicit Aviation Research Proposal

View 42 other related papers  >>

Cite This Research Paper:

APA Format

Metrics, Implementation, and Enforcement (Security.  (2012, November 30).  Retrieved August 23, 2019, from

MLA Format

"Metrics, Implementation, and Enforcement (Security."  30 November 2012.  Web.  23 August 2019. <>.

Chicago Format

"Metrics, Implementation, and Enforcement (Security."  November 30, 2012.  Accessed August 23, 2019.