A. Network Security Term Paper Example

InfoSec Risks, Benefits, and Contingencies: Network and Data Security (Outline)

InfoSec Risks, Benefits, and Contingencies: Network and Data Security (Outline)

INTRODUCTION:

There are numerous dynamic security situations that have been observed to face businesses in the recent past. For instance, business banking information may be infiltrated leading to the theft of business finances. In addition, companies may lose their competitive advantage after the leak of vital information on the business plans. The study will examine the risks that are involved in weak implementation of corporate information security, and suggests on the various methods to mitigate these risks. The case study selected for the study is the information security breach at Target.
Information security is found to undergo a constant evolution leading to the emergence of the importance of business information protection. There is an increased dependence of firms on Information Technology to facilitate the storage of business information thus facilitate business operations (Kozakis & Stanger, 2012). This has led to a shift towards the protection of information infrastructure from both external and internal threats. In the current economy, information security presents an integral aspect in facilitating the survival and success of a business. Business leaders acknowledge the need to protect business information parallel to other assets in the organization; consequently, information security managers have a primary role in the organization (Sundaram, & Stonecypher, 2010).
However, there is an evident lag in information security as a function in an enterprise. Information security management in an organization is observed to receive minimal funding despite the changing risk profiles and external and internal threats that are facing information security in organizations. The management of information security is critical; however, there lacks business models that incorporate information security. In addition, there is minimal consideration of the evolution of business operations and the adaptation of information security to the business culture. Business information security models should acknowledge the dynamic nature of information security to enable a holistic approach to information security while meeting the business objectives (Kozakis & Stanger, 2012).
I. Defining Network and Data Security

Network security defines the measures, policies and provisions that are adopted by a network administrator to prevent unauthorized access, alteration and misuse of the data that is stored in a computer system and other network-accessible resources (Bhavya, 2015). The network administrator is involved in regulating the authorization to the data that is stored in a network. The users are required to undergo authorization to allow them to access the information that is stored in a network. Network security incorporates both private and public networks that are used in business communication and business transactions. Therefore, network security affects all the parties that are involved in business transactions.
Networks are subjected to a variety of network attacks observed to come from malicious sources. There are two primary categories of attacks including active attacks, where the attacker initiates the commands to intrude the network and affect the normal operation and passive attacks, where the attacker intercepts the information that is sent over a network.
The main passive network attacks include port scanning, wiretapping, and idle scanning (Bhavya, 2015). Therefore, businesses are required to encrypt the information that is traveling over a network to prevent intrusion and possible deciphering in the case where the attacker gets hold of the data. On the other hand, active attacks include spoofing, denial of service attacks, ARP poisoning, heap and buffer overflow, SQL injection and smurf attacks. These attacks incorporate the intrusion of business information systems through initiation of commands that bypass the network security measures that have been established by the network administrator.
The Microsoft Solutions Framework defines an approach that is proposed to enhance information security in information technology (Microstoft, 2015). This allows the successful delivery of technology solutions with fewer risks and fewer people while facilitating the attainment of quality results. The Microsoft Solutions Framework enables businesses to enhance solution quality thus improve the success of an enterprise. The Microsoft Solutions Framework defines a viable tool for business organizations that wish to adopt high-quality and business-relevant information security solutions. Moreover, the framework is flexible to a variety of business situations that allow effective communication and coordination of business activities (Microstoft, 2015).

B. Data Security

Data Security defines the protection of business information that is stored in a database from different destructive forces such as the access by unauthorized persons. There are different forms of data security that can be applied in enterprises. First, data encryption describes the encryption of the data that is stored and sent over a network. Therefore, attackers are unable to decipher the encrypted data. Network administrators may apply either software-based or hardware-based data encryption methods. However, the hardware-based security solutions are advocated since they prevent the user from altering the data that is stored thus preventing unauthorized access to the information stored in the hardware.
It is integral that businesses create backups to ensure that the data that may be lost in a network can be recovered from another source. Data masking defines the masking of particular data in a network to ensure that sensitive information is not accessed by unauthorized persons. Finally, businesses can apply data erasure techniques that use software to destroy electronic data saved on a hard drive and other digital media thus preventing the leak of information, particularly in the case of theft.
II. Target Case Study

A. What happened to Target?

After the security breach on Target, consumers lost money while Target lost many of their customers trust and had to pay out a substantial amount of money. In the Target information security breach, there were over 40 million credit cards that belonged to consumers that were stolen during the December 2013 holidays (SANS, 2015). The credit cards were stolen after attackers got access to the data in the point of sale (POS) systems where over 11 GB of data was stolen (SANS, 2015). The attack was revealed to Target by the Department of Justice after they failed to decipher a revelation from the internal sources. Consequently, the cost of the breach affected the customers, employees and the banks. Numerous high-profile employees were observed to lose their jobs such as the CEO and the CIO (SANS, 2015). In addition, Target’s board of directors faced threats of removal whereas the Banks has to refund the money that was stolen from consumers’ credit and debit cards totaling to around $200 million; moreover, there was an increase in identity theft from the consumer data that was acquired by the attackers (SANS, 2015). There are over 140 pending lawsuits against Target including suits against individuals such as the PCI compliance auditor, Trustwave (SANS, 2015). There are also investigations that are being carried out by the Department of Justice. The profits gained by the company dropped by 46% during the critical holiday season. Furthermore, the loss of consumer trust led to the decline in the consumer visits leading to greater losses due to the loss of consumer trust (Radichel, 2014).

B. How Target Reacted

The security strategy that is adopted by a business should incorporate the given needs of the business. Businesses should prioritize the most valuable assets in the company including the threats that pose the biggest risk utilizing the threat modeling and risk management approach. The resources allocated for information security should be focused on the most vulnerable and high-risk assets. The solutions should be implemented cost-effectively to manage the risk.
Businesses should refrain from relying on a single process or tool to mitigate data loss and breach into the business systems. The businesses should employee both detective and preventative measures due to the persistence observed in attackers and sophisticated nature of network security. Furthermore, network managers should have a detailed understanding of the hardware, networks and software to facilitate the creation of a comprehensive network security management plan.
The adoption of critical controls in the Target scenario could have minimized the impact of the attack. The steps that were adopted by the workers could have been controlled at different points during the attack. For instance, the loss of credit card data could have been controlled using end-to-end encryption, segregation of the POS systems, detailed logging and inventory of the systems in the organizations (Radichel, 2014). Target should have utilized proper encryption methods to safeguard the credit card data. In addition, properly trained staff should have been able to reveal the malware threat through analysis of logs, before the occurrence of the infiltration.
III. Network and Data Security Job Roles
Network Security demands numerous industrial certifications as well as a degree in a related field. In reference to the guidelines provided by the United States Bureau of Labor Statistics, employers are required to ensure that network security specialists have a degree in a computer-related field such as information technology, computer science, and management information systems. Nevertheless, the network security professionals should be knowledgeable in routers, firewalls, network access control systems, intrusion prevention systems, authentication protocols, information security protocols and information security methodologies. There are various certifications that are observed to increase the employability of network security professionals including International Information Systems Security Certification Consortium (ISC2), Cisco and CompTIA certifications (Certification.comptia.org, 2015).
There is an increase in the different forms of computer security threats leading to a heightened demand for network security professionals. Most businesses have experienced at least one form of network security threats. In addition, the increase in the use of Information Technology tools to facilitate business operations has prompted the inclusion of network security professionals and departments into the business operations (Mission-critical E-business security, 2000). The inclusion of network security into the business model increases consumer trust in the business leading to a rise in the profits and subscribers. Subsequently, there is an increased demand for network security professionals, particularly Computer Science, Information Technology and Information Systems Security graduates that have an experience and certification in network security (Learningnetwork.cisco.com, 2015).
B. Network Security Personnel can mitigate cyber-attacks.
There are numerous skills, roles and responsibilities for Network and Data Security personnel minimize cyber-attacks and keep firms’ network and data safe and secure. Network security specialists are responsible for the monitoring of computer networks to identify threats and unauthorized persons accessing these systems. The network security managers are tasked with the identification of compromised systems and recommendations on appropriate security measures to address possible threats to the network. The network security specialists are also tasked with analysis of security threats and development of response approaches. They should ensure that there is proper testing of firewalls, software deployment tools and intrusion detection systems. Finally, network security specialists should research, examine, suggest and implement the appropriate security devices in an organization. This incorporate installation of computer security software, doing regular network security audits, creation of documentation for authorized users and disaster recovery including the collection of evidence after a security breach (McAfee says it's business as usual, 2013).

CONCLUSION

Network and Data Security personnel are fundamental to any and all firms who wish to maintain a competitive advantage, using information technology as a channel for doing business. With the increased use of information technology in business, there has been a rise in cyber-attacks. There is an increased storage of consumer, employee and business information in information systems where it is collected and transmitted across computer networks to facilitate business operations. The access to confidential information by malicious individuals is bound to lead to detrimental effects on the business operations leading to loss of consumer trust, financial loss and a decline in the company reputation. The theft of intellectual property is a primary threat to the existence of a business. Therefore, there is a need to safeguard the client information that is amassed in the business information systems. The study reveals the need to incorporate network security into the company business plan to enhance business success. Therefore, it is more imperative than ever for businesses to invest in a strong information security department, or risk losing more than they bargained for.

References

Certification.comptia.org, (2015). Cisco Learning Network Now Features CompTIA Certifications. [Online] Available at: http://certification.comptia.org/news/2011/09/20/Cisco_Learning_Network_Now_Features_CompTIA_Certifications.aspx [Accessed 22 Mar. 2015].
Daya, Bhavya [online] Network Security: History, Importance, and Future Available at: http://web.mit.edu/~bdaya/www/Network%20Security.pdf (Accessed on: March 5, 2015)
Forte, D. (2009). Compliance vs business security. Network Security, 2009(9), pp.16-18.
Learningnetwork.cisco.com, (2015). CompTIA and Cisco Certification Paths - The Cisco Learning Network. [Online] Available at: https://learningnetwork.cisco.com/docs/DOC-12799 [Accessed 22 Mar. 2015].
Sundaram, K. & Stonecypher, L. (2010) BrightHub: Why is Network Security Important? Available at: http://www.brighthub.com/computing/enterprise-security/articles/69275.aspx (Accessed on: March 5, 2015)
Kozakis, Kenneth A., & James Stanger, Ph.D (2012) Internet Business Associate Academic Student Guide Web Foundations Series, Certification Partners, LLC
Microstoft [online] Microsoft Solutions Framework: Security Threats Available at: https://msdn.microsoft.com/en-us/library/cc723507.aspx (Accessed on: March 8, 2015)
Mission-critical E-business security. (2000). Network Security, 2000(8), p.4.
Radichel, Teri (2014) Case Study: Critical Controls that Could Have Prevented Target Breach InfoSec Reading Room, SANS Institute
SANS,. (2015). Case Study: Critical Controls that Could Have Prevented Target Breach. SANS Institute Infosec Reading Room, http://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412, 1-30.