William Slater's CIS 537 Blog

William Slater's CIS 537 Blog
CIS 537 - Introduction to Cyber Ethics

Friday, December 23, 2011

Post 025 - CIS 537



Source: (Symantec, 2009)




More on Data Breaches

In CIS 608, Information Security Management, we were required to write a paper that was based on the analysis reports of three annual Data Breach Summary reports from the Verizon Business Risk Team.

This is the set of conclusions from my report:
The general conclusions that a manager can draw from these reports are as follows:
1) The increases in Threat Actions over the past three years have been the areas of
Hacking
Social Engineering
Malware Attacks
2) The external threats have been steadily increasing in most companies since 2005.
3) Knowing where these threats are coming from and how these data breaches are occurring will help the prudent manager create a plan and a road map for the expenditure of the resources to mitigate these risks as effectively as possible.
4) The general need for Information Security personnel to carry out these hands-on mitigation activities is increasing, so we can expect a growth of professionals with these specialized skills in our IT staffs.
5) Because of the increased focus on publicity about data breaches as well as compliance with laws that are designed to protect consumer privacy, every manager must make the protection of the data of its clients and its employees a top priority, and secure budgets that will fund the necessary resources to protect data and drive down the risks to a level that is acceptable for the business to effectively operate in compliance with all existing laws.



References:

Baker, W. H., et al. (2009). 2008 Data Breach Investigations Report: A Study Conducted by the Verizon Business Risk Team. Retrieved from the Bellevue University CIS 608 Classroom at http://cyberactive.bellevue.edu on September 14, 2011.

Baker, W. H., et al. (2010). 2009 Data Breach Investigations Report: A Study Conducted by the Verizon Business Risk Team. Retrieved from the Bellevue University CIS 608 Classroom at  http://cyberactive.bellevue.edu  on September 14, 2011.

Baker, W. H., et al. (2011). 2010 Data Breach Investigations Report: A Study Conducted by the Verizon Business Risk Team. Retrieved from the Bellevue University CIS 608 Classroom at  http://cyberactive.bellevue.edu on September 14, 2011.

Bejtlich, R. (2006).Extrusion Detection: Security Monitoring for Internal Intrusions. Upper Saddle River, NJ: Addison-Wesley.

Dhanjani, N., et al. (2009). Hacking: The Next Generation. Sebastapol, CA: O’Reilly.

The Honeynet Project. (2004). Know Your Enemy: Learning About Security Threats, second edition.  Boston, MA: Addison-Wesley.

McCrie, R. D. (2007). Security Operations Management, second edition. Burlington, MA: Elsevier.

Landy, G. K. (2008). the IT/Digital Legal Companion: A Comprehensive Business Guide to Software, IT, Internet, Media, and IP Law.  Burlington, MA: Syngress.

Ligh, M. L., et al. (2011). Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Indianapolis, IN: Wiley Publishing, Inc.

Parker, T., et al. (2004). Cyber Adversary Characterization: Auditing the Hacker Mind. Syngress: Boston, MA.

Ponemon Institute. (2009). Fourth Annual US Cost of Data Breach Study: Benchmark Study of Companies. Retrieved from the web at http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/2008-2009%20US%20Cost% 20of%20Data%20Breach%20Report%20Final.pdf  on May 15, 2011.

Provos, N. and Holz, T. (2008). Virtual Honeypots: From Botnet Tracking to Intrusion Detection.  Upper Saddle River, NJ: Addison-Wesley.

Rash, M., et al. (2005). Intrusion Prevention and Active Response: Deploying Network and Host IPS. Boston, MA: Syngress.

Reynolds, G. W. (2012). Ethics in Information Tehnology, 4th edition. Boston, MA: Course Technology.
Symantec. (2009) Anatomy of a Data Breach. Retrieved from the web at http://eval.symantec.com/mktginfo/enterprise/white_papers/b-anatomy_of_a_data_breach_WP_20049424-1.en-us.pdf on September 17, 2011.

Thiroux, J.. P. and Kraseman, K. W. (2009). Ethics: Theory and Practice, 10th edition. Uppder Saddle River, NJ: Prentice Hall.

Trost, R. (2010). Practical Intrusion Analysis. Addison-Wesley: Upper Saddle River, NJ.
Wilhelm, T. and Andress, J. (2011). Ninja Hacking: Uncoventional Penetration Testing Tactics and Techniques. Boston, MA: Syngress.



= = = = = = = = = = = = = = = = = = = = = = =


William Favre Slater, IIIMBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation

Project Manager / Program Manager
M.S. in Cybersecurity Program at Bellevue University
http://cybersecuritymsbellevue.blogspot.com

CIS 537 Introduction to Cyber Ethics
http://cis537-wfs.blogspot.com

CIS 608 Information Security Management
http://cis608.blogspot.com

CYBR 515 - Security Architecture and Design
http://cybr515.blogspot.com

CYBR 510 Physical, Operations, and Personnel Security
http://cybr510.blogspot.com

 Career
http://billslater.com/career

 Certifications
http://billslater.com/certifications

 Credentials
http://on.fb.me/fW3wH0

 ISO 27001
http://billslater.com/iso27001

Chicago, IL
United States of America


Posted by at
Labels:
Location: Warsaw, Poland

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)