CMGT/582 Enterprise Security Architecture Essay
Order ID 53563633773 Type Essay Writer Level Masters Style APA Sources/References 4 Perfect Number of Pages to Order 5-10 Pages Description/Paper Instructions
CMGT/582 Enterprise Security Architecture Essay
Create A 3 – 4 Page Matrix
Running Head: SECURITY 1
SECURITY 2
Enterprise Security Architecture
Patrick Carrasquillo
University of Phoenix
CMGT/582
Dr. Ellen M. Gaston
12/01/2021
The goal of a security plan is to improve and maintain the security within the organization by identifying potential threats, creating ways to address them by using guidelines provided or sometimes inventing new ways of addressing these issues, and the formalization of response and reporting procedures (Landoll, 2020). A security plan provides an overview of any organization security as well as assessment methodology, strategies, objectives, programs, and processes.
A security policy is a set of guidelines that guide users on how to avoid as well as respond to certain security incidents. This policy ensures that everyone within an organization adhere to certain rules related to information security. Security policy plays a huge role in enhancing information security within an organization. Policy provides a set of guidelines to be used in risk mitigation, by having a set of instructions on what to do in an event of a security incident organizations operations are guaranteed to return to normalcy within the shortest time possible.
One of the key elements for any security plan is the set of controls or guidelines used to prevent any security incident (Chilamkurti, 2017). An office normally shows up safer during the day than in the evening on the grounds that only few criminals can commit a crime during the day. Operational security addresses the most widely recognized form of safety and, when appropriately executed, is frequently the best.
An experienced and recognized security staff committed to the objectives of the organization is hard to find and on top of that expensive to hire. After identifying security measures using the best methodology, the next thing is to document these guidelines in a security plan book or all-inclusive strategy, which shows exact planning for the controls and measures being proposed. Accepting the requirement for a thoroughly examined security plan book can have the effect in acquiring resources once a security event occurs.
Devil’s Canyon Security Related Risks/Threats
Phishing Attacks: Phishing attacks involve hackers tricking users to provide their credential through social engineering and other tricks. To avoid this form of attack, organization must use phishing protection software and on top of that train their staff on how to detect these attacks.
Remote Administration Tool (RAT) virus: These allow someone to fully control your computer. They can view your desktop, listen through your microphone, see through your webcam, browse your files, copy files in both directions, steal passwords, record everything you type, etc. These are also the easiest viruses to create. Anybody could make one if they knew where to get the installer file. RAT viruses must be installed on your computer to become active.
Denial of Service (DOS) attack: This is where hackers overload a website or other device to the point that it can no longer process any more incoming information. After that time, all new incoming connections will time out because the server or device is busy trying to deal with all the packets sent to it in the DOS attack.
Data Tampering: There are some Firefox and chrome plugins available that let you look at all the data being sent to a website before it leaves your computer. They also let you change this information. This can be a big threat to Devil’s Canyon Security as hackers can use these plugins to edit content to their advantage.
Cookie Spoofing: Someone may be able to steal cookies from your computer, or construct a fake cookie, and install it into their own web browser to trick a website into thinking that it is already signed in as you.
Risk Probability
Risk/Threat Impact Low Medium High Phishing Cookie Spoofing Data Tampering Denial of Service Remote Administration Tool An architecture is only as good as the data that supports it, and the only way to keep that data current is to have the people who own it help keep it current (Kigel, 2019). They won’t do that unless they see some real value in doing so, specific things like documenting what specific activities are supported by IT systems so that if something breaks you know exactly who’s impacted and can prioritize recovery actions.
A good security architecture will assure your stakeholders that you have considered a wide array of specific attacks and mitigated for each one to the extent that the organization is comfortable. Security concerns typically surround the unauthorized release of information or access to something (like a vault or data center), but it can also mean protection of a computing asset from malicious use (a DDOS attack is malicious use).
Reference
Landoll, D. J. (2020). Information security policies, procedures, and standards: A practitioner’s reference. Auerbach Publications.
Kigel, E. (2019). Using social Semantic Web data for privacy policies. diplom.de.
Chilamkurti, N. (2017). Security, design, and architecture for broadband and wireless network technologies. IGI Global.