This website uses cookies to ensure you have the best experience. Learn more

Information Security Challenge Essay

2242 words - 9 pages

Information Security Challenge
February 17, 2010

Information Security Challenges

As the world becomes more saturated and dependent upon Information Access, increased opportunities await the criminal element to exploit. This creates new and more costly problem sets that must be mitigated in order to navigate in today’s business world.
One of the larger challenges is, entering the criminal information market does not take an excessive capital investment. It simply requires a computer, online access and some talent. Potentiating this problem is the large legitimate market of information brokers that gather marked amounts of information today. This allows for the ...view middle of the document...

hard. In my opinion it is the mentality of the big company that sets themselves up. The “Who would attack us? We’re too large to attack”, or “We don’t want to expend the requisite resources to adequately cover the company because we are too large and the cost would be too much”. This is a bottom line mentality that effectively “rolling the dice” when it comes to information security.

Avoiding the Lowe’s Scenario
To generate the solution set to any problem it helps to understand the mechanism of action or insult. Referencing the Lowe’s incident, Lowe’s was a large (too big) company that utilized wireless access points at its sales registers. Once a sale was made the pertinent information was transmitted via the wireless network to be recorded and accounted for etc…
Wireless access points can have several types of data encryption mechanisms on them such as WEP 64, WEP 128, WPA, WPA2 etc… Most likely Lowe’s used the WEP 64. This is the lowest (no pun intended) level of encryption and can be hacked in two to four minutes using only a laptop and minimal talent. So getting into the Lowe’s network by the criminals was not a difficult task.
What made it easy for the Lowe’s criminals was the lack of attention devoted to information security, which was the real culprit. They had the system for about five years and despite it being reported as easily hacked, they kept the system simply because it worked.
In our bottom line sensitive environment expending resources on non-value-added (but necessary) processes is very hard to get by any budget committee. This is especially true when many people still fully don’t understand the technology or the existing threat to that technology. To them it is simply another techie boondoggle that is not needed. So it if isn’t broke….why fix it? Further investigation discovered that the Lowe’s system was not segregated. In other words the criminals could hack through this point to other local offices and even their corporate office as well (Roth, 2005). That meant they could find the storage of all credit card actions and could retrieve them at any time. In effect they didn’t even have to store the numbers they stole if they decided not to.
Lowe’s could have avoided this event by simple preventative actions. Had they utilized an annual security audit on their security systems the faults would have been discovered. This would have brought to light the obsolete system and the need to upgrade to a higher level of information security.
Other efforts would include the use of technology whenever possible. During every war new technology is developed and utilized. As each new weapon is launched, the intelligence apparatus is mobilized to discover what it is and how to mitigate it. Information security is no different. When a new anti-hacking device is manufactured it goes through a short honeymoon of use. That is the time it takes for hackers to find a way to neutralize the effects of the device. Then the...

Other Papers Like Information Security Challenge

Trusted Computing: Real Security For Today’S Advanced Threats

427 words - 2 pages TRUSTED COMPUTING: REAL SECURITY FOR TODAY’S ADVANCED THREATS DEMONSTRATION OVERVIEW Compliance-Grade Endpoint Encryption at a Fraction of the Cost Organizations, both large and small, understand that centralized encryption management is a critical component to their security architecture. Wave’s software provides the policy-based access controls, comprehensive reporting, directory services integration, centralized control and end-user

After Kyoto Essay

590 words - 3 pages . • Climate Change and Foreign Policy Meeting the climate change challenge over the long term will require new thinking in foreign policy—thinking that considers climate change as much more than an environmental issue. IISD is supporting the development of this approach by examining how climate change concerns can be more fully integrated into: diplomacy and international relations; energy security; peace and security; trade and

Reluctant Security Guard

986 words - 4 pages . Concurrently, it would validate his interaction with the company in regards to this matter in that he pursued dialogue to review and rescind the policy to include the challenge this policy poses to following the procedures and guidance outlined in the security manual and the risk to him and possibly others. It would also buttress any claims he may make under the “Whistle Blowers Act.” In regards to The Blue Mountain Company’s policy on removing

Breeden Security (B)

1216 words - 5 pages . • Breeden Security produces twice as many units of RC1 as it does of RC2, however, unlike fabrication and assembly, the packing & shipping cost is five times the amount for RC2 as compared to RC1. • An in-efficiency exists in the packaging & shipping of The Company’s RC2 product and this challenge must be addressed in order to improve the profitability of the RC2 product. First and foremost, JKS Consulting proposes immediate action


534 words - 3 pages * Application controls and security requirements * Documentation requirements * Application software life cycle * Enterprise information architecture * System development life cycle methodology * User-machine interface * Package customization References Operational IT governance, retrieved from Applying the CobiT Control Framework to Spreadsheet Developments. Retrieved from

Issues Management

1702 words - 7 pages Issue Management The purpose of this research is to give an insight on the basic practice of issue management, also to look at the overview requirements, activities and general terms related to issues of management. For project to be successful the management issues need to be maintained and stable at all times. Do you know that the power in an organization lies in the management aspect? Having looked at various security techniques

Single Most Importan Cybersecurity Vulnerability

3016 words - 13 pages (Goodrich, 2011, p.43). The Cybersecurity handbook describes it as “attacks that take advantage of human nature to compromise a target, typically through deceit.”(p.60). With social engineering, an attacker uses impersonation (or pretexting) to establish direct contact with users in order to retrieve small pieces of information to bypass security measures, and penetrate a computer system. When pretexting, the hacker claims to be someone they are

Management Information System

4899 words - 20 pages demonstrate a good understanding of current developments. Part IV 1. Cyber-security focuses on protecting networks, computers, programs and data from attack, damage and unauthorized access. It includes applications security, information security, network security, disaster security and end-user education. Also, cyber threats take aim at secret, political, military, or infrastructural assets of a nation, therefore cyber-security is a critical


1179 words - 5 pages implantable microchip transmits a unique code to a scanner which would then allow doctors and hospitals to confirm the patient’s identity and obtain the needed medical information. The premise is quite similar to the scanner that grocery stores have been using for years at the checkout lane. The company maintains their confidence in the security measures they’ve taken according to Scott Silverman, the company’s chairman and chief executive

Pharmacy Technician

460 words - 2 pages a part of pharmacy team The role of pharmacist and pharmacy technicians are similar in many ways. David Hill, chair of the task force of (CPhA), notes that pharmacist and pharmacy technicians face the greatest challenge in meeting the goals of the Blue print that, it is the Profession’s responsibility to protect the safety, security, and integrity of the drug distribution. On July1,2011, Pharmacy technician become a regulated

Mr Wale

1678 words - 7 pages this same region to die of hunger. We recommend that a similar programme that will take care of Persons with Disabilities either by creating skill acquisitions/empowerments programmes across the region and make it functional with adequate funding or a Regional Social Security Scheme (RSSS) is designed for them. 4. Communication and Information: that sign language is introduced as party of the educational curriculum and that sign language

Related Essays

Rough Paper

4020 words - 17 pages determined, the Challenge is to design a reporting structure that balances the competing needs of each of the Communities of interest. The placement of the information security unit in the reporting structure often reflects the fact that no one actually wants to manage it, and thus the unit is moved from place to place within the organization without regard to the impact on its effectiveness. Organizations should find a rational

Ads B Infrastructure Essay

398 words - 2 pages enable a more efficient and safer use of the skies (FAA, 2008). What security level will exist within the ADS-B structure that would restrict critical flight information from falling into the hands of terrorist? Deadline expired on March 3, 2008. Once I have made my comment on the rules during their proposal stage I can challenge the validity of the rules in court. An administrative rule can be challenged on several different grounds (Jennings

It Challenges Essay

2379 words - 10 pages as seamless as promised. Many organizations are still struggling to integrate their islands of information and technology. 5. Ethics and security challenge: The responsibility and control challenge: How can organizations ensure that their information systems are used in an ethically and socially responsible manner? How can we design information systems that people can control and 53 Management Information Systems 2010/2011 Lecture … (5

Medical Office Procedures Essay

610 words - 3 pages , and healthcare organizations. HIPAA has standards that every organization must comply with including administrative procedures, technical security mechanisms and services and physical safeguards ("HIPAA compliance,"). For example to comply with administrative procedures healthcare organizations must implement policies and procedures in their workforce to ensure security of electronic protected health information to only those who are authorized