Research Proposal: Risk Management and Analysis Process and Policy Before Technology

¶ … released by the FBI and the Computer Security Institute (CSI), over 70% of all attacks on sensitive data and resources reported by organizations occurred from within the organization itself. Implementing an internal security policy appears to be just as important as an external strategy. The objective of this report is to highlight the necessity of internal processes and policy alongside technology when managing and mitigating risk. The author narrates the problems of security from the unseen forces in an individual that influence thought, behavior and personality. Once organizations truly understand the psychology behind the motivations of software engineers and developers, risk analysis and risk management strategies will become more efficient. The research contained in this report establishes that there is some connection between nurture/nature and the development and engineering of software. With this information, organizations of all sizes can better prepare for the threats that they face in the realm of information technology. Computers do not yet have the intelligence to question human reasoning, understand the human psyche and then take action based upon logical deduction. The subject matter for this dissertation is based the authors own personal working experiences, modules taught in the Master of Software Engineering and course materials used.

Table of Contents

Chapter I. Introduction

Introduction

Background Information

Purpose of the Study

Research Questions

Limitations and Assumptions

Definition of Key Terms

Chapter II Literature Review

Introduction

Practical Software Engineering

People and Security

Major Threats

Malware and Botnets

Thieves

Employees

Social Networks

Outsource partners

Phishing

Cell Phones

Spamming

Hackers

Who becomes a Hacker

Why do people hack into computer systems

Security Risk Analysis and Management

Risk Analysis

Risk Management

Security Principles

Summary

Chapter III Research Design and Methodology

Design and Methodology

Problem and Purpose Overview

Research Questions

Data Analysis

Organization of Data Analysis

Chapter IV Analysis of Data

Nature vs. Nature

Nature vs. nurture in Software engineering

Linguistic Relativity

Neuroplasticity

Major Software Engineering Failures

Summary

Chapter V Findings, Conclusions and Implications

Findings

Conclusions

Implications

Chapter I.

Introduction

Introduction

Throughout the history of mankind there has been a perpetual movement towards the development of tools that make life easier to maneuver. Since the industrial age that has been a rapid increase in the development and use of technologically advanced tools including calculators, remote controls and computers. Although inventions in the aforementioned areas have expanded rapidly and with little hesitation, the securing these systems has proven to be more problematic. That is technology has developed at a faster pace than have the mechanisms needed to ensure that technology is properly controlled.

Indeed, Information technology has changed the manner in which the world operates and the way that business is conducted. These changes have led to expansive global implications in the spheres of business and society. The increased dependency on technology has also increased the need for security. In turn the need for security has transformed the field of software engineering. Organizations that are now extremely dependent upon information technology also have the need to protect the information that is transferred via this technology. For this reason an increased emphasis has been placed on risk analysis and risk management within the realm of IT security.

Additionally as it pertains to protecting computer systems and networks, there must also be an emphasis placed on software engineering. This emphasis is necessary because a greater understanding of why people create certain types of software is needed to determine how to deal with the risks associated with the distribution of malicious software. By gaining a greater understanding of human behavior through the prism of the Nature vs. nurture dichotomy. Once organizations understand how human behavior influences the interaction that people have with computers, they can formulate a holistic risk management system that will allow for the better mitigation of risks.

Background

Many of the firms that I worked for invest significant sums of money per annum into technology, with the newfound belief that software creates the competitive advantage and brings business value to the market place. These assets, some of which are tangible require many forms of security to protect them from vandals, hackers, thieves and yes, even competitors. It is the traditional techniques of using hardware and software to manage this risk that the author believes to be the underlying problem of safe keeping their information commodities.

There is not yet a computer with the artificial intelligence, to understand, that one person accessing a system with another person's credentials maybe alarm for suspicion. It cannot discuss this with another peer computer or explain the extra sensory feelings it has to its human superior. It does not have the ability to correlate the company's compliance rule regarding computer access against the activity a person is performing on a machine it knows does not belong to that person. Just as computers need rules and boundaries in order to operate in, so do people, as a society we remain sure of this. We cannot however assume that the person knows the consequences of their actions, and understands that what they are doing may be wrong based upon the rules which have been put in place by the company. We have to educate and teach first, discipline and enforce last.

Statement of the Problem

Within organizations a significant amount of the IT budget is spent on securing computer systems and networks. There are a plethora of threats that organizations face from within and from without. In today's economic environment organizations are faced with having to secure computer systems with smaller budgets. As such the type of security that is offered must be evaluated more carefully through the use of risk analysis and risk management. These tools assist organizations in gathering information that will allow them to make better decisions concerning the securing of computer systems.

In addition, while there has been a great deal of research related to the issue of nature vs. nurture strictly within the realm of human development, little research has been dedicated to the role of nature and nurture within the discipline of software engineering. Understanding the factors that cause individuals to create certain types of software can assist in helping organizations to better evaluate risks and mitigate those risks. At the current time approaches associated with risk analysis, risk management and IT security fail to incorporate the role that the human mind plays in the development of software. Moreover, it fails to take into consideration why people commit crimes against computer systems. The answer as to why these crimes are committed are key to mitigating the risks posed by such crimes.

Purpose of the Study

The purpose of the study is to investigate the role of nurture vs. nature in software engineering. The research will focus on whether or not the software that individuals create is extension of their assumptions and values. The research will also focus on the ways in which organizations can secure their computer systems once they understand the types of threats that there security systems need to address. Overall, the research will provide organizations with a more holistic way of conducting risk analysis and risk management procedures. Such a holistic approach will give the organizations an opportunity to better secure their systems and to avert financial disaster.

Research Questions

The research questions for this investigation are as follows:

1. What leads hackers to commit computer crimes

2. How is risk management and risk analysis impacted by security threats

3. Does an individuals genetic make up and social up bringing (nature and nurture), have a definitive role to play in software engineering

4. Do traits and imperfections act as extensions of ourselves thus becoming a part of the things we create?

5. How can impact of genetic make up and social up bringing on software engineering be analyzed so that the risk involved can be mitigated and managed ?

Limitations and Assumptions

The research to be presented assumes that the securing of computer systems is an important factor to consider within the context of risk analysis and risk management. The research also assumes that software development and engineering is influenced by human behavior shaped by nature or nurture. That is, the research assumes that the software that is created may be closely the mind of the developer or engineer.

Definition of Key Terms

Computer Network-computers linked together through cables or a wireless connection for the purpose of communicating with one another ("PC Basics").

Computer System -- An operational unit, composed of computers and related software. These computers utilize the same storage for all or some part of a program or data needed to operate the program. The system also "executes user-written or user-designated programs, and (c) performs user-designated data manipulation, including arithmetic and logic operations. A computer system may be a stand-alone system or may consist of several interconnected systems ("computer system")."

Hacking- Gaining illegal access to computers ("Hack")

Human Behavior- an assortment of behaviors seen in human beings that are influenced by attitudes, culture, emotions, ethics, authority, values, rapport, persuasion, coercion and heredity. The behavior of human… [END OF PREVIEW]