Discovery and Dissemination of Discovering Security Vulnerabilities, Term Paper Example

Part 1: The self-test multiple choice questions tested my current knowledge of the subject matter. Some of the questions relied on common sense, while others were dependent on specific technical knowledge. For example, I was unsure of question 5 in chapter 4 because I am not quite familiar with Telnet and its lack of security characteristics. In addition, I was unsure of question 11 because I am not comfortable with the concept of query keys. In chapter 5, I was not familiar with the concept of ALE in question 6; therefore, I struggled with this question. In question 9, I was not familiar with the ALE calculation, so I did not know how to answer this question. For question 12, I was unsure of the answer because there are many acronyms that I am continuing to become familiar with that I do not yet know by memory. These questions were challenging and required more thought and consideration than some of the questions asked in previous chapters. As a result, they took more time and I was unable to answer several of these questions correctly. In other words, these questions were more difficult and require a thorough review in order to ensure that I am able to understand the topics more effectively.

Part 2: With respect to security audits, there is a high level of focus and attention paid to this area because security in information technology is of critical importance in order to protect important information from any type of breach or other unauthorized use. Therefore, it is important to identify the resources that are required to conduct security-based audits on a continuous basis in order to address any potential issues that may arise within the security framework (Maurushat, 2013). In this context, all organizations who employ information technologies require periodic audits in order to determine the level of security that currently exists, including the identification of any possible vulnerabilities that could compromise data and information in any way (Maurushat, 2013). This process is instrumental in the development of new strategies to address how security is managed within an organization over the short and long-term, in addition to any procedures or methods that are required to ensure that organizations are prepared to manage any possible viruses or other dangers that could emerge in the future (Maurushat, 2013).

Risk Management Cycle: Evaluating potential risks within an organization includes an assessment of information technology-based risks that could compromise networks and systems. This process requires a continuous effort to ensure that the risks associated with information technologies are well identified and supported by procedures to ensure that these risks are minimized, including audits and all required upgrades. This is an ongoing process that requires a high level of support at the internal audit level so that risk is identified as early as possible and minimized as appropriate to ensure that systems are not unnecessarily compromised (Hadden et.al, 2011). This process also requires knowledgeable and experienced individuals who are prepared to manage the risks associated with these technologies, particularly as any vulnerabilities are identified (Hadden et.al, 2011). There are a number of models available to assess information technology-related risks, and these are best approached by using a framework that embraces knowledge and resource allocation to protect these systems from high levels of risk (Hadden et.al, 2011). These factors also support a means of evaluating risk through the creation of an environment that emphasizes data integrity, support, security, and privacy for all users within a given system (Hadden et.al, 2011). Risk assessment requires an increased level of attention to security concerns within an organizational network so that these issues do not compromise data or information on any level, particularly information that is confidential in nature (Hadden et.al, 2011).  These efforts support a continuous approach to risk assessment that will recognize and understand the issues that are most relevant to organizations so that the challenges associated with risk management are addressed on a continuous basis to protect an organization’s information technologies from unnecessary risk (Hadden et.al, 2011).

Disaster recovery and business continuity are critical areas that require significant attention from organizational leaders in order to ensure that operations are minimally affected in the event of a disaster. This process requires the development of a contingency and business continuity plan that will emphasize the critical areas that could be impacted by a disaster. The ability to be effectively prepared for a disaster or other emergency is essential for any organization, given the issues that may arise after these events have taken place (Guy & Lownes-Jackson, 2011). In a survey of 5,000 small businesses, 40 percent did not have a disaster preparedness and business continuity plan in place for a variety of reasons (Guy & Lownes-Jackson, 2011). Therefore, it is important for organizations to address these inconsistencies in a timely manner to prevent irreversible outcomes in the event of a disaster that could halt operations on a permanent basis if a plan is not in place (Guy & Lownes-Jackson, 2011). These efforts require an understanding of the steps that are required to protect systems and other resources in the event of a disaster in order to prevent long-term complications from taking place (Guy & Lownes-Jackson, 2011). Although some organizations have plans in place to notify employees of work status, many of these same businesses are ill-prepared with respect to evacuation plans (Guy & Lownes-Jackson, 2011). Therefore, these organizations require an ongoing effort to ensure that the needs of their employees and customers are met in the wake of a disaster that could cripple operations, at least for a period of time (Guy & Lownes-Jackson, 2011). These factors demonstrate a need for organizations to improve their disaster preparedness and business continuity plans so that they are effectively prepared for any disasters that might take place in the future (Guy & Lownes-Jackson, 2011).

References

Guy, R., & Lownes-Jackson, M. (2011). Business Continuity Strategies: An Assessment Of Planning, Preparedness, Response And Recovery Activities For Emergency Disasters. Review of Management Innovation & Creativity, 4(9).

Hadden, L. B., Hermanson, D. R., & DeZoort, F. T. (2011). Audit Committees’ Oversight Of Information Technology Risk. Review of Business Information Systems (RBIS), 7(4), 1-12.

Maurushat, A. (2013). Discovery and Dissemination of Discovering Security Vulnerabilities. In Disclosure of Security Vulnerabilities (pp. 21-33). Springer London.