Policy Profile A Report

Questions: What are the countermeasures to those threats, and how do they fit within the Situational Crime Prevention framework? How does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist? Is your problem of international scope and, if so, how? Answers: Introduction The report is describing about the policy profile. There are so many threads which are being described in the report. Trojans is the main focus of the report while Spyware, Virus or Worms and Eavesdropping are also being described. Protection amount which should be used upon the company asset are also described in the report. There are so many crime prevention techniques to protect the important data, are also defined in the report. Law and international scope is also described. Profile There are so many threats which may affect the computers and may damage the software, hardware of the computer systems. Every threat has different kind of features like some threat only harm the files in the computer systems but some may harm the havoc of the computer system. So the threat is very dangerous for any organization because it may loss the very important data of the organization. It may be very dangerous sometimes. (Michael E. Whitman 2003) These are some regularly seen threats which may affect the information security of any organization- Spyware, Virus or Worms Trojans Eavesdropping Trojans is very dangerous threat which affects the systems. In this report Trojan is being focused. It looks very normal or simple software but in actual it is very dangerous software. It hides between the harmless programs and when installed on the system, it affects all the files throughout the system and wreck the havoc of the system. It works very quickly just like ancient Trojan horses. To protect the data from Trojans always use binary digital signature. (HowStuffWorks 2014) There are so many techniques which are used to measure the vulnerability and to protect from the virus. Profile Completion There is little description about the viruses which are described in the profile is as follows- Spyware, Virus or Worms It may damages the hardware or software of the computer systems and may give the access of important information to the hackers. The system can be protected from Spyware, Virus or Worms by using good antivirus. Trojan Horse The Trojan horse affects all the files throughout the system and wreck the havoc of the system. It works very quickly just like ancient Trojan horses. The system can be protected Trojan horse by using binary digital signatures. Eavesdropping The Eavesdropping contains the information of IP addresses, operating system of the computer systems. After taking all the above necessary information, it attacks on the computer system. The system can be protected from Eavesdropping by using encryption decryption techniques. Now we have to protect our organization from Trojans or any other threat, it is good if we able to know about the value of the assets of the organization before sending the money on the asset. If the asset is more valuable, it should gain more safety and protection. There are some techniques by which we can know the weakness or vulnerability of the asset like SLE (Single Value Expectancy). It can be calculated as- Single Value Expectancy = Asset Value * EF (Exposure Factor) After getting Single Value Expectancy, the Annual Loss Expectancy can also be calculated in this way- Annual Loss Expectancy= Single Value Expectancy*Annual rate of Occurrence (Michael E. Whitman, Herbert J. Mattord,2011) Situational Crime Prevention The crime can be prevented from threats by using technical controls, network security policy, access controls etc. these are some factors which may prevent the crimes from happening- Technical Control Technical controls are used for information security. Some technologies which used in technical control are- Network Authentication Access Control Smart Cards Encryption Richard Bejtlich (n.d.) Network authentication helps a lot in network security. In network authentication, if the uses or any application gets connected to the server outside the local area network, the server setting prompts for authentication and user cannot access anything on the server without verification. Access Control is the restriction of selected resources in the information security field. It is the most effective feature to save the internet environment from threats and viruses. Encryption is also one of the best techniques to save important data from threats. The important data get encrypted before data storage and if the hacker hacks the data, it would not be easy to take information from the encrypted data. Technical control basically use the security features and techniques to save the important asset and information from the threats like Encryption/Decryption, digital signature etc. Access Rights The access right is the process in which all information or files cannot be accessed by all employees. The file which is important should be accessed by only relevant persons. Network Security Policy In network security policy, the document should be signed by all employees to not illegal use of the information. Each and every employee should sign the document and if any employee do the illegal thing with the company, it should be punished e.g. if there is policy of the company that the employee cannot share his password with any other person, and then it should be maintained. Law Every organization should obey some laws to make the protective environment. There should be some rules of every organization to protect the important and necessary information of the organization. Every person should have its own responsibility to obey that rules and it should be signed by all employees of the company like access right; it is the process in which all information or files cannot be accessed by all employees. The file which is important should be accessed by only relevant persons. In this way, if the company employees will follow up rules and regulations, it would be very easy to protect the organization. International Scope Internet security is international issue now a day. All over the world, internet is being used. The e-Commerce on internet is the most important factor which gets affected by threats now a day. The e-Commerce on the internet is a new way of business in mostly all areas like Education, Corporate, Stock Marketing, Music Industry etc. Internet contributes more than 90% in the trends and developments of the e-Commerce. It is the base that is used for the e-Commerce. Without internet, there is no meaning of the e-Commerce. Internet is the medium by which the consumers, retailers, distributers, organizations and all the factors used in the e-Commerce connect with each other. (LitLangs 2012) The e-Commerce solution can increase the business in a very vast area and reduces the cost of the man power resources. The e-Commerce is basically the trading business via the internet. In the recent few years, the e-Commerce is growing in the international market. There are some sites that are very popular in the internet market for the e-Commerce Yahoo, e-Bay etc. On behalf of the security issue, the e-Commerce is very risky business solution. There should be very high security on the payment gateway and there should be proper authentication while dealing with the customers. The information on the internet can be easily delivered to the consumers by the organization and the consumers also query regarding the products. The internet reduces the cost of the managing the resources used in the traditional retail shop. The internet is the base by which we can give the medium to the consumers to choose the appropriate product. The information on the internet is generally perfect, but sometimes there is the chance of passing the malicious information over the internet. So the security issue is always there and there should be very high security on the payment gateway and should be proper authentication while dealing with the customers, but still, the internet is the only medium now a day for growing the market and increase the value of the e-Commerce. The internet reduces the man power and resources cost in marketing the products of the organization etc. but besides all these factors security issue is very high. Threats and viruses get spread while downloading f iles from internet etc. Therefore security is the major issue all over the world. Conclusion The report is giving the complete detail about policy profile. Trojan threat is being fully described in the report. Internet security is the major issue now a day and the report is giving the complete information about information security. There is one major problem arise in the internet. The retailers and consumers are doing the illegal file sharing and downloading the files from the internet e.g. they are creating pirated music files and doing uploads on the network sites. But in the coming days, the pirating of the music files is going to decrease by using proper authentication and other security techniques. References [1] Michael E. Whitman 2003, Enemy at the Gate: Threats to Information Security, Viewed on 3 Feb 2015 https://classes.soe.ucsc.edu/cmps122/Spring04/Papers/whitman-cacm03.pdf [2] Richard Bejtlich (n.d.), Security Operations: Do You Caer, Viewed on 3 Feb 2015, https://taosecurity.blogspot.in/2008/07/security-operations-do-you-caer.html [3] Principles of Information Security Fourth Edition, Michael E. Whitman, Herbert J. Mattord 2011, Viewed on 3 Feb 2015 [4] HowStuffWorks 2014, How Trojan Horses Work, Viewed on 3 Feb 2015 https://computer.howstuffworks.com/trojan-horse.htm [5] LitLangs 2012, Resources Package, Viewed on 3 Feb 2015https://www.ecommerce-digest.com/resources.html