Internet Security Coursework Example | Topics and Well Written Essays - 1250 words

Internet Security - Coursework Example Availability- Ensuring that the resources of the server and the data are up and running whenever needed. It is very crucial to ensure that any system downtime is not attributed to security compromise. For instance, the employees in different cities are able to access the information in the server located at the data canter. Non-repudiation: ensuring that all the computer users are liable for their actions in the organization’s computer or system. For instance, when someone’s user credential is used to login to a computer, that person is answerable for that action. Authentication – strives to verify that the person trying to perform an action is the right one. For example, one has to enter the email and the password to his or her email messages. Access control- strives at ensuring that the only person with exclusive control of computer resources has the authority. For instance, the company CISO should be the only one who has full control of user accounts. (b) Brie fly explain what vulnerabilities and controls are, and how they relate to each other. You may use an example to further illustrate the concepts. Vulnerability in computer or information security is a loop hole or a weakness that can be exploited by an attacker to compromise the security of the computer system. It is a combination of three key features: system flaw, ability of the attacker to access flaw and the attacker’s to capability to exploit the weakness. Security controls are countermeasures or safeguards implemented to prevent, lower or counteract any computer or network security risk. There are three major classes of controls. These are preventive controls, detective controls and corrective controls. A good example of a preventive control is the use of antimalware programs to prevent malware infections on the system. A monitoring system that tracks the system use is an example of a detective control while files and data recovery software used to retrieve lost data is a corrective control. The management of vulnerability is the basis of identifying the right system controls since it involves identification, classification, remedying and mitigating the flaw. (c) Discuss the use of controls. What principles need to be considered to maximise the effectiveness of controls that are in place in a computing system? Security control can be considered effective when applied in the right way. The security controls can be there but when one fails to use them effectively, they become less significant. There are three major classes of controls. These are preventive controls, detective controls and corrective controls. There are three principles that need to be considered to ensure maximum security. These are: The principle of effectives which insist that the security controls are effective they are applied in the right ways. Weakest link principle- there should be no point of weakness in a security control. Principle of easiest attack- the attacker always tri es to identify the weakest point to compromise the security. The weakest points are not necessarily the obvious link. 2. Wireless security requires addressing different aspects when compared with the case of wired networks. (a) Firewalls are a popular mechanism for protecting a network against a variety of threats. Give an overview of the different types of firewalls that exist, and describe their characteristics. According to Gregg (2010), firewalls