IMT 551 Foundations of Organizational INFORMATION ASSURANCE

advertisement
IMT 551 Foundations of Organizational INFORMATION ASSURANCE
Cho-I Chang
October 24, 2007
Dr. Barbara Endicott-Popovsky
Homework 3a
Cyber security always has been an important issue. The current patterns and threat
trends are focused on identify theft, data theft, and hackers overflow. The U.S. Secret
Service study found that about 60 percent of identity theft is done by people not known to
their victim, and identity theft has become the financial crime in the 21st century. Data
thefts happen all over the U.S. Data thieves and external attackers account for about 70
percent of the business cybercrime, and rest of the attacks are from inside of the company.
In 2006, unknown attackers attacked AT&T. The attacker accessed customer accounts
without authorization. Some data thieves were not intend to steal data, but the object they
stole contained valuable data. Wells Fargo had data compromise due to a banker lost her
suitcase in a robbery.
Hackers overflow is a critical issue to many countries, especially in the U.S. From
political point of views, U.S is one of the strongest countries in the world. Many of its
enemy wants to get their hands on U.S secret, for instance, U.S top-secret military
weapons or NASA research or space plans. From user’s point of view, users cracked
either software or hardware programs to satisfy their desires. Apple’s new product iPhone,
it has only been out on the market for four months. Someone has already cracked the
phone, therefore iPhone users do not have to deal with Singular or they can add programs
to the phone. In China, there are so many pirate visions of software or movies. Each hack
would cost greatly to the industry.
IMT 551 Foundations of Organizational INFORMATION ASSURANCE
Grading Criteria for Assignment 3b
Percentage
Content of the papers
40%
Relevance to the concepts of our course
25%
Logical development of ideas
25%
Professionally presented: grammar, spelling, format
10%
TOTAL
100%
Good perspective on the dashboard--you've given this
good thought. Good comprehensive list.
Homework 3B
It is very important for any information technology professionals for staying
current. In order to stay current, one should to attend organization meetings and seminars
to obtain value information. Here is a list of my “dashboard”.
US-CERT- http://www.us-cert.gov.
US-CERT has a partnership with the Department of Homeland Security. It
analyzing and reducing cyber threats and vulnerabilities. US-CERT interacts with federal
agencies, industry, and research community to distribute cyber security information to the
public.
Trend Micro - http://www.trendmicro.com.
Trend Micro has a Threat Resource Center. It displays latest threats and risks,
grayware/spyware watch, Spam & Botnet watch, Crimeware Watch, and Malware Blog.
It is very convenience for information security professionals to stay current.
Symantec - http://www.symantec.com.
Symantec offers ThreatCon to inform users on current viruses and risks.
Symantec generates Internet security threat reports to offer analysis and discussion of
threat activity. The report covers Internet attacks, vulnerabilities, malicious code,
Phishing, spam, security risks, and future trends.
Security info watch - www.securityinfowatch.com.
Security info watch provides newsletters to inform professionals. It offers many
resources like blogs, forum, Podcasts, magazines to help users staying current. The
resources cover new technology, news, top issues and more.
There are many meetings and seminars that information security professionals can
attend for continual education. ISSA offers annual meeting to recognize industry leaders
IMT 551 Foundations of Organizational INFORMATION ASSURANCE
and opportunity to meet with the ISSA International Board and honorees. ISSA also
offers events and conferences for the discussion of practices and technologies. ISACA
has global conferences and educational opportunities for professional. ISACA
conferences will discuss the latest technologies, systems, and approaches. NIST has many
events that address many important information security issues.
Download