Saturday, May 18, 2019
Human Factors and Cyber Policy Essay
IntroductionHuman factors seat influence constitution choices for both domestic and multi farmingal cyber tribute disciplines. What entrust be discussed in this paper is how gentlemans gentleman factors bottomland affect four selected cyber hostage issues. The four-cyber security issues selected ar zero-day acts, meta-data collected and characterd by private and mankind fields, vulner magnate assessments for wandering devices in the BYOD environment, and threats to reduplicate right and ownership of talented property. This paper will go into details on of the essence(predicate) security issues, recommended form _or_ system of political relation controls, and how or why human factors stomach influence separately of the recommended insurance controls for each of the four selected topics menti stard. procure, threats and ownership ofintellectual propertyImportant Security IssuesWith the proliferation of three-D Printers and the availability of secureed materials affix online, there is an additional facet to the current debate surrounding secure and ownership of intellectual property. plagiarization of digital media such as music and videos has been a long-standing issue since the 1990s with Napster and quasi(prenominal) peer-to-peer file sacramental manduction programs. There argon half-dozen ways that intellectual property theft harms U.S. and global consumers and economies. Online plagiarization harms capability as rise up as the trademark owners done lost sales and brand recognition through increased costs to protect intellectual property instead of investing in research and culture (Growth of Internet plagiarization, 2011). Secondly, the consumers are harmed when they receive lower quality, inauthentic products that may cause physical harm in the case of dash offloading and creating a 3-D printed model (Growth of Internet buccaneering, 2011).Arguably the most prominent case against piracy, copyright infringement harms eco nomies through lost tax r correctues, higher costs of law enforcements and additional harm ca apply by the governments usage of talk through ones hat products (Growth of Internet Piracy, 2011). This leads to the fourth issue, global economies lose their ability to helper with countries that ache weaker intellectual property enforcement (Growth of Internet Piracy, 2011). Online copyright infringement reduces innovation due to the decrease of incentives to render and disseminate ideas harming the First Amendment (Growth of Internet Piracy, 2011). Fin eithery, supporting online piracy has been linked to supporting outside(a) crime syndicates constitute a risk to U.S. national security (Growth of Internet Piracy, 2011).Recommended indemnity take caresThere is no set of constitution controls that would be a one-size fits all when it comes to ownership of intellectual property concerning digital media or 3-D printing. The issue with copyright infringement concerning home 3-D pri nting boils down to the law. If a personal user now prints a copyrighted 3-D model from a file-sharing site, then that user has committed a crime. The copyright owner should be compensated a simple analogy is paying iTunes to be able to fit a song from an artist. How invariably, if the user is inspired tocreate a very similar model than the copyright owner is not subject to compensation because a style give noticenot be copyrighted (Thompson, 2013). The first 3-D DMCAs language is indicative of that user Artur83 was hit with the first-ever DMCA surrounding 3-D printing after creating a Penrose triangle after being inspired by Dr. Ulrich Schwantz (Rideout, 2011).The argument was that Artur83 created an independent file after see a photo of the completed product he did not modify an existing file and that the bang was unclear if Dr. Schwantz was trying to say the Penrose triangle, a concept published in 1958, was his intellectual property (Rideout, 2011). Ultimately, Dr. Schwan tz dropped the DMCA, except it still serves as a precedence for the debate betwixt original and similarity. If corporations are to crack down on copyright infringements, be it blatantly copying direct design or limiting creativeness and inhibiting innovation, then they will strike to lobby Congress to change laws. With respect to 3-D printing, however, the current laws are levelheaded enough. While the 3-D files are CAD files, categorized as pictorial, graphic, and scultptural works that can be protected by copyright, they are excluded from copyright if the file has an intrinsic utilitarian function other than picture either appearance or conveying information (Rideout, 2011).While each file can be independently reviewed to assess if an original file is copyrighted, it would be an arduous task that would not be fiscally responsible for a company to pursue every similar design. Additionally, current patent laws are relevant to complete and assembled products creating re postu rement parts is currently levelheaded and allowable (Thompson, 2012). If any of this is to change, then corporations will extremity to lobby. As for combating software piracy, a decent alternative to the maturement use of software piracy is the use of open source software (OSS). Open source software completely eliminates the issue of software piracy by giving the end user free entranceway to the software source code and the ability to install un exceptional copies of the application without awe of copyright infringement.The reasons for victimisation open source software as an alternative to piracy are numerous. Arguably the most important reason, OSS benefits the economy by reducing the emanation costs of software development, global competition, and technological diffusion (OSS-Piracy, 2009, p. 168). By using OSS, end users can doorway larger and community supported market partings across a wide diversity of product ranges andservices. ascribable to lower levels of intell ectual property laws in developing countries they tend to result in higher prices and limited availability (OSS-Piracy, 2009, p. 168). As it stands, the current weak laws will ultimately result in encouraging piracy. By using OSS, countries can feeler a rich ecosystem of different products that withstand growing market share and a diverse set of service and support.How/Why Human Factors Influence PolicyThe Internet has constrain a central actor in the world economy by delivering products and eliminating inefficient middlemen. In 2011, as much as 6 per-cent of the U.S. gross national product was generated by industries supported by intellectual property laws nearly 24 per-cent of all Internet traffic is infringing on these intellectual properties (History of the Internet Piracy Debate, 2011). Software piracy is more rampant outside of the U.S. In countries with developing economies third-world countries to be exact necessary for software is supplied by piracy instead of publish ers due to legitimate publishers being unable to compete with counterfeit operations at cut-throat prices (Traphagan & Griffith, 1998). The issue with piracy is that it inhibits and prevents local developers from being paid for their property, stymieing growth and additional assembly line opportunities (Traphagan & Griffith, 1998).Human factors that affect piracy include Knowledge and fear of consequences entrance fee attitude towards piracy and friendly norms (Nill, Schibrowsky & Peltier, 2010). With more negative attitudes, general knowledge and fear of consequences of piracy tend to reduce piracy, with greater botherion to content leads to increased piracy (Nill, Schibrowsky & Peltier, 2010). While a more economically developed nation will lose more money to piracy, strong legal protection for intellectual property as well as enforcement of the laws will reduce piracy (Traphagan & Griffith, 1998). As for developed nations who cannot enforce laws as well, the culture mustine ss see that software piracy is the same as thievery a car (Traphagan & Griffith, 1998). Ultimately, regardless of socio-economic status, all mint must view piracy and copyright infringement in the same light it is stealing and harmful to the global economy.IntroductionToday, the worlds economy on with international security greatly depends on a secured Internet. Our society greatly depends on computing device networks. Computer networks can be seen as the nerve system to detailed infrastructures and also opening move information systems in which our society has become increasingly dependent upon. Hackers are discovering new guinea pigs of vulnerabilities in computer systems almost everyday, which could affect a nations critical infrastructure, force satellites, and more. One of the orotundgest threats seen at once is known as the zero-day antiaircraft or exploit.Zero-Day AttackA zero-day eruption fit in to Seltzer is a virus or other exploit that takes advantage of a newl y observe hole in a program or operating system before the software developer has make a fix available or before theyre even aware the hole exists. This is a very dangerous attribute of attack because the attack occurs first before it is even detected. In a sense, the zero-day attack is unpreventable since the virus or exploit occurs when there is no existing spotlight approximately to correct the attack. A zero-day attack takes a significant amount of time and money from well-trained cyber-criminals in regulate for the attack to be successful because it is a targeted attack that suffers security vulnerabilities. One of the greatest zero-day exploit computer worms is known as Stuxnet.StuxnetStuxnet is a computer worm that was able to disrupt Iranian atomic enrichment in 2010. Stuxnet was the first pillow slip of a cyber attack that was able to cause physical damages across international boundaries and was considered to be a new type of warfare with the capabilities of threat ening even the strongest of multitude powers. fit in to Symantec, which is an American security corporation, Stuxnet is one of the most complex threats that were analyzed. The purpose of Stuxnet was to target industrial control systems or similar systems that is apply in gas pipelines and power plants and to reprogram the industrial control systems. This zero-day exploit was discovered in July of 2010 scarce did exist at least one year prior to its discovery. Stuxnet was ultimately sabotage Irans nuclear systems.Policy ControlsOne of the most effective ways to prevent a zero-day attack is to try and find any vulnerability before someone else does. Government agencies and public giving medications are willing to hire and send out rejoins to individuals that are capable of finding exploits deep down a program or operating system. It takes skilled hackers to discharge a zero-day exploit. They must confound the time and resources to find a vulnerability that has no existing p atch or fix for it. As mentioned before, one way to prevent a zero-day exploit is to find the vulnerability before the cybercriminals do. Organizations will hire ethical hackers to find vulnerabilities within their systems. One example is Google. Google has a reward system if somebody could find a exploit within Google Chrome. The company Google sponsors up to $1 one thousand million worth of rewards to those that can find exploits in Google Chrome. The United States government is willing to pay up to six figures for exclusive use of attacks to those who can create attacks in defenseless systems.Other countries such as chinaware and Russia are willing to pay rewards to gain exclusive use of system attacks to people who come up with these attacks. A second indemnity to put in posture to help prevent a zero-day exploit is to have both the private sector and public sector work together with limited restrictions when it comes to talk and information sharing. One of the main concer ns about a zero-day exploit is an attack on a nations critical infrastructure. A critical infrastructure can be defined as systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating tinct on security, national economic security, nation public health and safety, or any combination of those matters (Moteff, 2014, p. 2). little infrastructures are important for a nations health, wealth, and security. One of the problems between private and public sectors is conversation. The public sector at times is unwilling to share information with the private sector in fear of handing out classified information and the private sector is unwilling to share information with the public sector in fear that the public sector competitions can gain information that can be used against them. A proposed strategy for this action by the Commission was to have the private sector and the appropriate government agencies have greater cooperation and communication by Setting a top level policy-making sanction in the White House establishing a council what would includecorporate executives, state and local government officials (Moteff, 2014, p. 3).A third method which can also be seen as one of the top methods is the greatly gallop research and development in technologies. This can be achieved by expanding education so that new technologies can be developed that would allow for greater detection of intrusions thus limiting the amount of zero-day exploits.Military and stinting Advantages of Zero-day ExploitA zero-day exploit is considered a very dangerous cyber attack since the attack targets holes in programs or operating systems before a software fix is available or even when developers are even aware a hole even exists in that program or operating system. Since the world today is heavily reliant on the Internet along with computer networks, a zero-day exploit on the military can be very devastating. If a zero-day attack occurred on a nations critical infrastructure such as water systems, transportation, and communications, it could leave that nation defenseless and vulnerable to attacks that can destroy a nation along with its citizens.The zero-day attack known as Stuxnet was able to disrupt Irans nuclear enrichment and was the first ever recorded cyber attack to cause physical damages. Zero-day exploits can be seen as a new type of cyber attack that could ultimately be used for cyber warfare. Any zero-day attack on a nations critical infrastructure will cause mass havoc, which could even lead to human casualties.Meta- information collected and used by the Private sector and Public sector Important Security IssuesMet-Data collection is a major(ip) issue to all private and public sectors. The methods and nestes that are used to collection information is not carbon% secure. There are always leaks and breakage points among any transmission of data that is traveling from one fix to another. The way these vulnerability issue take place is by hackers being able to gain access to reactive information and with this information their able to monitor and analyze the data that appears to be data that unfeignedly in the consumer eyes is not a major concern nor precaution that necessitate any barely action to take place. There are tools that can be used to successfully complete an attack of Meta-Data, and this tool works by gathering the data and by using adocument that has been created. According to Vulnerabilities/Threats (2009) For example, Word Document metadata can be viewed within the Properties menu option in Microsoft Word, or by enabling the viewing of previous edits with the Track Changes option. It has been reported that Adobe Acrobat can detect and display the metadata attack in PDF form.Some methods that are executed to collect data at a high level pace is called CeWL and MetaGooFil, which were designed to retrieved metadata informatio n that may be available through the internet. The way these tools operate for instance CeWL works by developing a word list that uses brute-forcing for passwords involving websites. This tool can also draw out any author, or email addresses that can be discovered from Microsoft Office files. CeWL is a file that can process files that may already be generated. MetaGooFil functions by using Google search engine to randomly hunting certain types of files. Once the downloading process has been conducted the metadata has already been place in HTML report the reveals the information that was retrieved. other issue that involves metadata is that a great deal of organizations overlook this matter and it poses a lack of security and their defenses are vulnerable to serious attacks.Since organizations fail to take the seriousness of metadata attacks, and how their connected with Spear-phishing and Social Engineering and the relationship between one another. Spear-phishing can focus and tar get email addresses of individuals who works on certain documents. Having a vulnerable version of the Microsoft Office suites can be targeted for an attacker to create a file and send it to a client with the intent to steal information. Social Engineering is already having knowledge of individual names and using them to conduct phone call schemes and appear to be more believable than what they really are.Recommended Policy ControlsPolicies that could be administered as far as how the information is obtain by public or private sectors. Having policies in place that are firm and strict that involves need to know bases. Access to certain information needs to be minimize if a particular individual has no purpose or reason for obtaining or viewing certain information. Also policies can be changed in the way information is handle to better ensure the safety of sensitive data. On the job training and security cognisance session that can educate peopleof the severity of being victims to m etadata attacks. Having Mechanisms in place would be a great approach to handling policy controls. There are mechanism that convey Metadata into Diffserv DSCP. According to Atarashi, R., Miyake, S., Baker, F., (2002) The data and application need to be identified to the network, in order to gain service from the network appropriate to it. The application gains access to the information that becomes available in its terms, including owner, format, and etc. In this situation the network is worried about the type of service the applications are looking for. In this situation having a translator already in place with API. QoS is highly desirable in the controlling metadata and internet applications.According to metadata is going to important for not exclusively structuring and discovery digital resource but also communication interaction. The lingo that is used in the patience of security is (threat, vulnerability, risk, control). Policy controls are implemented to reduce the possibil ities of risk and one exactly happen. Having multiple security layers will be an ideal action to have in place for policy controls. According to Harris (1976) The find out of thumb is the more sensitive the asset, the more layers of protection that must be put into place. These layers should be liquify and unifies as one but can be view as if youre making a cake to put thing into perspective of how the multiple layers compensate one another. In this cake your have 1. Physical security 2. Virus scanners and Patch management 3. Rule-based access control and Account management 4. just architecture, Demilitarized zones (DMZ), Firewalls, 5. Virtual private networks (VPN) 6. Policies and procedures. These six functions will definitely help control, minimize, and monitor any possible threats that metadata may pose.How/Why Human Factors Influence PolicyThe way human factors can influence the effectiveness of the recommended policy controls is by enforcing them on a daily bases. apprehe nsiveness the threat and its capabilities and how an attack can cripple an organization. These policy controls can be successful as long as the people who are standing buns them believe in them and also having a strong foundation just in case one layer of security collapse another one is in place as support. Routinely awareness training is another way to ensure the effectiveness of policy controls that are in place for unforeseenoccurrences.Theres an old saying (account for variable changes) meaning that there should always be plans for the unknown. A good human factors that will play a major role is a person with good morals and organizations. Not having these traits pose a lack of effectiveness when it comes to handling policy control. Individuals who value virtue will be a great asset to have in regards to honoring the standards and policies that are in place. Vulnerability assessments for Mobile Devices in the BYOD environment Important Security IssuesIn the 21st century cybe r security is currently number one threat that will affect individuals all the way to corporate companies. Understanding the critical security issues dealing with vulnerability assessment of mobile devices in a BYOD environment. By sum up BYOD into the work environment with increase access to web application cloud computing and software as a service (SaaS) offering, means the employees, business partners and customers are increasingly accessing information using web browsers on devices that are not managed by an organization opens the door to critical security and HIPPA violations if security issues arent communicate correctly. In an article from a network security magazine stated the Harris survey determined the 47% of employees use personal desktop computers to access or store company information, while 41% do this with personal laptops, 24% with stylishness phones and 10% with tablets.However, with less than half of these devices being protected by prefatory security measure s, some organizations may begin to worry that the security challenges associated with BYOD far outweigh the benefits. (1) The challenges that come along with BYOD are the corporate Data being delivered to the devices not managed by the IT department, that have security applications for data leakage, Data theft and regulatory compliance which leaves the enterprise with fewer controls and visibility. Knowing that key-loggers, malware and cyberattacks have greatly increased the potential of unauthorized access to, and information theft from endpoints the D in BYOD doesnt stop at smart phones. The SANS institute has explained that handheld devices combined with laptops and removable storage (e.g. USB keys) introduce specific threats to corporate or an organizations assets and that a security policy can establish rules for the proper use of handheld devices within intranets (2)Employees can accessinformation from home from their personal computers and tablets which can be infected with m alware or key-loggers which gives people access to your companies at work for future cyber-attacks. Corporate companies can bound losing visibility into data access when BYOD re bypassing inbound filters normally applied to standard corporate devices. Theyre vulnerable to malware-a fast growing risk, particularly in regards to android devices.(3) The security issues with bringing android devices into the BYOD other than Apple device is the Google dawdle store and fragmentation of devices an OS version. Google Play (formerly called the Android Market) has a higher percentage of apps that contain malware, or social engineering to connect to malware, than any other app store by another magnitude. (4) The store is not policed well leaving these factors continually creating friction or resistances towards greater adoption of Android devices in the enterprise environment.Recommended Policy ControlsUnderstanding the changing environment with BYOD entering into the enterprise area, there should be some checks and balances with recommended policy controls. To protect users in the enterprise some good policies are needed to be implemented would be requiring all devices to be encrypted to protect intellectual property, and to restrict the downloading of specific applications known to contain malware, and insufficient security protocols or other vulnerabilities. Combining some of these with a robust VPN solution, that any enterprises and their employees can enjoy the convenience, productiveness and costsavings of BYOD without placing critical data at risk(5).Standing on the organization security policy should be categorized as followed starting with general policies that and for security policies for enterprise-level use on mobile devices that restrict access to the hardware software, and management wireless network interfaces to text policy violations when they occur. Data communication and storage are highly recommended to be encrypted data communication and data stor age be powerful wiping the device before reissuing. Another policy control is dealing with user and devices, authentication before allowing access to the organizations resources.Applications need restriction from installing and updating application that is used to synchronization services, then verifying the digital signature on applications. In order for a BYOD programto work in an enterprises environment is to start off with a mobile device management (MDM) to the intent I to fully optimize functionally and security of mobile equipment in the enterprises environment to simultaneously securing the corporate network.How/Why Human Factors Influence PolicyIn order for BYOD programs to work correctly the human factors need to be taken into perspective. When an enterprise owns their devices they can dictate the use and configuration. Having employees bring their own BYOD into the enterprise their device is configured to their own needs and priorities that are wildly different from the enterprise standard configuration. As a network grows and technology enhances individuals rely on the BYOD the network access policy will be at odds with their employees at accessing information, that theyll look for ways to get around the system which in turns makes bad productivity. If we keep in mind that with growing consumerization of IT and speedy pace of new and developing technologies, many employees of companies are nearly as technically savvy as their IT department.The lowly employee of finding tools that enhances their job better than what the company issues, but uses the alternative programs under the radar. A big look at the human resource (HR) is having the concern of having proper legal framework in place and constructed to take into concentration on occasions when staff leave the company and take their own devices with them could have confidential information that holds the companies intellectual property that another company can use or a hacker take advantage of for future cyber attack.ConclusionAs time goes on the human factors does have a great influences in policies that are created by organizations to deal with international cyber-security issues. The four cyber security issues that were presented in the paper from zero-day exploits, meta-data collected and used by private and public escorts, vulnerability assessments for mobile devices in the BYOD environment, and threats to copy right and ownership of intellectual property was identify that each topic was influence by human factors that developed rules and policies to decrease the rises of cyber security incidents that accuser around the world. As we consume more electronic devices their will be more adjustment to topics that were presented, withnew security issues which will bring new recommended control policies to balance the international cyber security threat at hand.Work Cited1. Bill Morrow, BYOD security challenges control and protect your most sensitive data, Network Security, Vo lume 2012, Issue 12, December 2012, Pages 5-8, ISSN 1353-4858, http//dx.doi.org/10.1016/S1353-4858(12)70111-3. 2. SANS Institute (2008) Security Policy for the use of handheld devices in corporate environments. Retrieved from http//www.sans.org/reading-room/whitepapers/pda/security-policy-handheld-devices-corporate-environments-32823?show=security-policy-handheld-devices-corporate-environments-32823&cat=pda 3. Pacific, Lisa. . BYOD security strategies Balancing BYOD risks and rewards. N.p., 28 Jan. 2013. Web. 24 Apr. 2014. . 4. A clear-eyed guide to Androids actual security risks. InfoWorld. N.p., n.d. Web. 27 Apr. 2014. . 5. Graf, O. P. (2013, April 12). The Physical Security of Cyber Security. Retrieved from http//vpnhaus.ncp-e.com/2013/04/12/vpns-and-common-sense-policies-make-byod-safer/ 6. Growth of Internet Piracy. Congressional Digest, 90(9), 258-288. 7. History of the Internet Piracy Debate. (2011). Congressional Digest, 90(9), 258-288. 8. NILL, A., SCHIBROWSKY, J., & PELTIE R, J. W. (2010). Factors That Influence Software Piracy A View from Germany.Communications Of The ACM, 53(6), 131-134. doi10.1145/1743546.1743581 8. OSS-Piracy. (2009). Alleviating piracy through open source strategy An exploratory employment of business software rms in China. Retrieved 4/18/2014 from http//infojustice.org/download/gcongress/open_business_models/yang%20article.pdf. 9. Rideout, B. (2011). Printing the Impossible Triangle The Copyright Implications of Three-Dimensional Printing, Journal of Business, Entrepreneurship & Law. available at http//digitalcommons.pepperdine.edu/jbel/vol5/iss1/610. Thompson, C (2012) 3-D printings forthcoming legal morass. Wired.co.uk. Obtained from http//www.wired.co.uk/news/archive/2012-05/31/3-D-printing-copyright11.Traphagan, M., & Griffith, A. (1998). Software Piracy and globular Competitiveness Report on Global Software Piracy. International Review Of Law, Computers & Technology,12(3), 431-451. doi10.1080/13600869855298 12. Vulnerabil ities/Threats (2009). Tech Insight How Attackers Use Your Metadata Against You. Retrieved from http//www.darkreading.com/vulnerabilitiesthreats/tech-insight-how-attackers-use-your-metadata-against-you/d/d-id/1130395? 13. Atarashi, R., Miyake, S., Baker, F., (2002). Policy Control Nework Architecture using Metadata. Pro. Int. Conf. on Dublin Core and Metadata for e-Communities. Retreived from http//www.bncf.net/dc2002/program/ft/poster1.pdf14. Harris, S., (1976). CISSP exam guide. ISBN 978-0-07-178174-9
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment