• Home
• Articles
• Essays
• Add site

Differences in National, Corporate and Information Cyber Security

Differences in National, Corporate and Information Cyber Security


1. Introduction.

A basic understanding of computer networks is necessary for understanding the elements and principles of the Internet security. There are tools that can be used to reduce the number of networking attacks. Network security is a complicated issue. Nevertheless, with the increase in the number of Internet users, a great number of people need to realize the major aspects of network security (Ciampa 2003, p. 68). This essay deals with the security concepts at national, corporate and information levels and helps to understand risks and how we can prevent them. It is aimed to widen a perspective on security in general and to understand what security tools should be applied in order to reduce the risk in the workplace in particular.

There are two opposite notions: absolute security and absolute access. It is impossible to define and implement the best firewall or antivirus system. An absolute access is very convenient for using. You can apply it without any authorization, password or other tools (Ciampa 2003, p. 71). Unfortunately, in the modern world of network insecurity and virus threats such method is not recommended. The Internet is an environment with viruses and other tools, which present the danger for an appropriate and constant usage and work.
Thus, implementing and usage of the Internet is only possible with network security tools. The security policy defines the measures of the network security level. For building and maintaining a secure network the understanding of security issues is of primary importance for a corporation as well as for an individual. The security level is the decision of every organization and state. This depends on the risk level a corporation is ready to accept (7). Notwithstanding, most corporations have a certain level of defense and the increase of this level is taken only under exceptional conditions. That is why every nation and corporation has to decide where between the two opposites of the security level it is going to be.

Nowadays it is necessary for any nation and corporation to keep the confidentiality and longevity of data for achieving stability and success in the competitive world. In today's global economy the information and the limited access to the data are values of the highest priority (Janczewski, 2000, p. 61). The major purpose of US nation and any corporation is to use systems for protection against unauthorized access giving a limited access to its users. The future of security tools has changed greatly for the last several years. Today the network must respond to network attacks maintaining the network reliability, business performance and cyberspace security. The aim of cyber security issue is to make the network more flexible in order to prevent attacks and to keep on working.


2. National cyber security.

Network security is a primary issue for every company, organization or individual. There exist various types and levels of network attacks. The main differences between national, corporate and information cyber security lie in the level of network security and tools applied. The national data requires the highest possible level of network security (5). The corporation has to use a multilayered approach in order to protect the information located on the computer from network attacks. The level of information security depends on an organization, state or individual, who use it. Thus, the level of network security is defined according to this principle.

Department of Homeland Security and Cyberspace Security (DHS) has been created to improve the cyber security of America. DHS is responsible for developing the national plan for securing the state resources and infrastructure of the US; giving crisis management concerning cyber attacks; providing technical assistance to the government entities concerning emergency recovery plans of critical information systems; coordinating with agencies of the federal government to provide advice about appropriate protective measures to organizations including the private sector, academia, and the public; funding research that will lead to new technologies in support of homeland security (5).

Strategic principles of the National Homeland Security are directed at securing cyberspace via the following:
Preventing cyber attacks against US infrastructures;
reducing national vulnerability to cyberspace attacks;
reducing the recovery time after a cyber attack occurs.
The national cyber space security has several priorities. They are:
The national cyberspace security response system. This system is public/private architecture for analyzing, warning and managing cyber incidents of national importance.
The national cyberspace security threat and vulnerability reduction program.
The national cyberspace security awareness and training program.
Government security cyberspace.
International cyberspace security program. It is aimed at preventing cyber attacks that could influence national security. This program improves the international response to attacks of such kind (6).

The difference of the national security from a corporate cyber security is in its large scale of security issues, problems that have to be solved (6). Weaknesses in broadly used software and hardware products can create problems at the national level, thus, requiring coordinated activities for the development of improved technologies. Besides, the lack of trained professionals is the issue of a national level concern. The national cyber security focuses on preventing and protecting against cyber attacks at a national level. It is aimed at securing information infrastructures of the USA.


3. Corporate cyber security.

In the modern world of risk to the security computers, a corporation needs to use a multilayered approach in order to protect the information located on the computer from network attacks.

A firewall is a powerful technology used for host protection at a corporation. It can reduce the risk exposure introduced by internetworking hosts, defend the network against attacks. It simply blocks access to ports, IP addresses, protocols and services to prevent the network threats. Many corporations use one of three possible types of firewalls (2).

1. Application gateways are the first firewalls and are known as proxy gateways. They are created from hosts which use particular software for acting as a proxy server. The application gateways are considered to be the most secure as they do not permit anything to pass by default. Before using it and the Internet one must be proxitized. However, they have a drawback – they are slow in the process (Ciampa 2003, p. 75).

2. Packet filtering is a tool with the help of which routers have access control lists turned on. There is little overhead in packet filtering as the access control tool is fulfilled at a lower ISO/OSI layer. Besides, a packet filtering gateway is usually faster than application gateways. Still, there are disadvantages of using it as TCP/IP has no possibilities to guarantee the correctness of the source address.

3. Application gateway and packet filtering are useful tools in a cyber security issue. However, there exist hybrid systems, which unite the security of the application layer gateways with the flexibility and speed of packet filtering. Hybrid systems are highly recommended for corporations.

Besides, many organizations are building virtual private networks. It gives the possibility to connect directly one office or another via the Internet. The Internet is a means of communication between several offices. The danger of such connection is the absence of privacy. Besides, it is hard to give the data from one office to another without displaying it to others on the Internet (7). Virtual private networks give the possibility for several offices to connect to each other so that they connected over a private leased line. The session between these offices is private and the link is good as every office can exchange the materials without displaying it to other people on the Internet. Some firewall sellers even add the possibility of building virtual private networks in their service list.

For effective and protected work at corporation offices there should be only up-to-date software. Microsoft programs include the mechanism of patches which aid to maintain a system security removing errors from applications. For example, patches can remove errors from Outlook Express, Internet Explorer or others (Ciampa 2003, p. 81). Updating is a process of downloading and installing the updates, enhancements to computer programs. It can be fulfilled manually or automatically by a corporation staff.

The peculiarity of corporate cyber security is the usage of attack prevention security tools. Corporations apply three major tools for protecting computers against application-based attacks. They are: antivirus programs, virus prevention systems and application control. When application-based attacks are applied for using the network during the attack, the application attack prevention tools give a high level protection. For instance, the Sasser worm can infect the service and find weak points in the Microsoft Local Security Authority Subsystem Service. After that, the Sasser worm’s load is sent to the system and is run automatically without the user notification. When the system is infected, an executable program transfers the data by scanning network for weak points in the Microsoft Local Security Authority Subsystem Service (Ciampa 2003, p. 82).

1. Antivirus tool for protecting computers against the application-based threats is one of the best antivirus technologies applied by a corporation. This antivirus tool reduces the level of a threat at the first stage of the attack’s cycle. In spite of the multiple modifications, this technology has its drawbacks which result in frequent outbreaks. For instance, after the Netsky appearance vendors had to elaborate a virus signature for the programs in a daytime. In order to stay defended from the outbreak it was necessary to test it via network. Nevertheless, the second version of Netsky proved that all systems were apt to infection.

Signature-based antivirus programs are working for detecting and preventing the well-known viruses, worms and even Trojans (Janczewski, 2000, p. 103). Such an antivirus program can do nothing with the viruses today, thus, after the updating it will prevent the danger and delete the worm. For instance, a slight change in a well-known virus can prevent the virus from deletion by an antivirus system. Antivirus programs stay effective against well-known viruses; however, they cannot prevent attacks against unknown types of viruses. In this case 'the computer requires additional protection tools to stop network threats' (Ciampa 2003, p. 86).

2. Virus prevention system is a supplement to traditional antivirus systems that detects and blocks worms and viruses before the execution. The execution conduct is the major focus of the system. The virus prevention system finds and prevents the whole blocks of viruses. Moreover, the virus prevention system can be run without any updates. The system does not require a signature for every virus or worm. It analyzes the activities within files finding entire families of felonious code using the code actions and tools. The virus prevention system recognizes the techniques used for creating a virus and thus, detects it. For instance, a healthy code doesn’t self-replicate. If the system recognizes a technique for replication, it will be able to stop the attack (Janczewski, 2000, p. 171).

3. Application control covers the protection tools created to prevent network attacks on the computer. Application control tools protect computers from network attacks during all the stages of an attack. Application control decreases the computer's attack via static rules and decisions. It acts as the last defense technology and is helpful in the space that reduces the number of threats when other defense tools do not act. For instance, a static environment can have limited program control regulations.

The usage of application compliance refers to another developing area of application control technology. It gives the chance 'to apply a corporate policy on application compliance, operating system level and peer-to-peer applications before network access is given' (Janczewski, 2000, p. 184). Enforcing this application model makes the system state and the whole network space enhanced. Thus, application control tools are like firewall technology based on the possibility to find a threat by applying necessary regulations. Application control is a necessary tool in a multi-layered computer protection system, however, it is not recommended to apply it as a single defense technology of a dynamic system (Ciampa 2003, p. 95).

Network security is the first step to a good work within a corporation. There exist some protection tools for protecting computers from attacks – from firewalls to antivirus systems. No single approach to this issue can give the complete security. Every protection technology has its strengths and weak points. Only the combination of different protection tools can guarantee a corporation the highest level of protection. The difference of corporate security from national cyber security is in its security policies and programs; the usage of anti-virus programs and prevention tools (7). Corporations reduce cyber attacks by participating in groups, sharing data and monitoring or cyber attacks directed against their network stations. Besides, a corporation uses system monitoring that examines the level to which a corporation’s policies are implemented and followed. Monitoring activity is used by corporations to check the security posture. The vulnerability management of a corporation determines the state of operational weaknesses, then monitors and assesses the system activity.


4. Information cyber security.

Information security refers to all levels of cyber security. Information storage is of primary importance for corporations, states and individuals as users of the Internet (3). Information cyber security is aimed at securing data. Corporations, states and individuals implement security policies, plans and strategies in order to prevent a cyber attack and keep the information safe. Information cyber security differs from national and corporate security as it has the only purpose – maintaining the information and its security. The information security strategy is a part of a corporation’s strategic planning, a part of the security tools used by an individual. The strategy serves as a plan of actions for implementing and maintaining the security level (3). The strategy denotes the information security program and contains activities and processes that are required for effective work and data storage. Information cyber security strategic plan includes the protection of data considering the operating conditions, culture and mission of a corporation.
Information security policy is a collection of major principles of a corporation that establishes the limits of information usage. Some corporations have a strict policy concerning collecting data by its employees (3). They prohibit opening and copying any files on a working computer in order to protect the organization from any kind of threat. Moreover, there exists a security control, such as separation of duties, access control, authentification and authorization, etc.


5. Conclusion.

Network security is a primary issue for every company, organization or individual. There exist various types and levels of network attacks. The main differences between national, corporate and information cyber security lie in the level of network security and attack prevention tools applied. The national data requires the highest possible level of network security. The corporation has to use a multilayered approach in order to protect the information located on the computer from network attacks. The level of information security depends on an organization, state or individual. Thus, the level of network security is defined according to this principle.








References.
Ciampa, M. (2003). 'Security Guide to Networking Security Fundamentals'. Course Technology; 2 edition, 576 pp.
Company Security. Retrieved November 23, 2006, from web site: www.convergedigest.com/DirectorySecurity.asp
Information Systems Security Association. (2005). Generally Accepted Information Security Principles. Retrieved November 23, 2006, from web site: http://www.issa.org/gaisp/gaisp.html
Janczewski, L. (2000). 'Internet and Intranet Security Management: Risks and Solutions'. Idea Group Publishing, 302 pp.
Health Management Technology (Nov., 2004). 'Security threats, internal and external'. Retrieved November 23, 2006, from web site: http://www.sans.org/
Network Security. http://www.NetworksSecurity.info
Network security vulnerabilities and technologies. http://www.javvin.com/
7150

Posted by: Christie Ingram

Best Custom Writing Sites

Sites that provide custom writing services are better alternative to downloading pre-written paper samples, especially if you temporarily can't handle writing your own paper for some reason, and can not afford risking your course and reputation for plagiarism detection failure. The prices for custom written essays are affordable, but if you need 15-pages long master level report overnight, you better prepare to spend a noticeable sum.