Discussion Assignment on Vulnerability, Threat and Risk
5 questions:
1. After reading the discussion and definitions of risk, threat, vulnerability, and asset by S. K. Katsikas in Computer and Information Security Handbook, Chapter 53, p. 905, in your own words describe risks, threats, and vulnerabilities. Provide examples of each from your personal experience or from private industry or government. Do not divulge specific information that may identify or be harmful to the organization.
2.What is a Zero Day Exploit? Describe the effects caused by one or more ZDEs that recently has been reported in news articles. Describe how ZDEs can be used to affect cybercrime, cyber espionage, and cyber terrorism.
3.Compare the methods and effects of cybercrimes versus traditional crimes that can be directed at the same targets. For example, how does the crime of hacking a bank's computer system compare to physically robbing a bank? How does punishment for cybercrime compare to that of traditional crime? How do you think they should compare (i.e., should cybercrime be punished the same, more severely or less severely than traditional crime)? You are encouraged to include real examples from the past year that you can share with your fellow students.
4.Many cybersecurity professionals believe the likely application of "cyber terrorism" to be an asymmetric attack against some portion of this nation’s critical infrastructure. Supervisory control and data acquisition (SCADA) systems support portions of our critical infrastructure. Which SCADA-controlled critical infrastructure do you think to be a likely target and why? Who should be responsible for protecting that infrastructure and why? Would this vary based on whom the attacker is—a state actor, a nongovernment organization, or an individual?
5.What are some difficulties policy-makers face (at the U.S. national level) to make policy that gets the desired results to counter cybercrime? Does the public demand seriously effective policy to counter cybercrime (think credit card fraud or ID theft)? In your view, do current legislative efforts address cybercrime concerns adequately?
Discussion on Vulnerability, Threat and Risk
Name
Institute of Affiliation
Date
Discussion on Vulnerability, Threat and Risk
Question One
A threat is something with the ability to exploit a vulnerability, intentionally or accidentally, and result to damage, or destruction of an asset. One ensures that their property is protected against the threats. They can be natural, for example earthquakes, human threats which are mostly unintentional and environmental ones, for instance, pollution. Vulnerability entails a weaknesses or gaps in a security program which can be destroyed by threats to gain unsanctioned access to an asset. Also, it involves limitation or gap in our protection efforts. An example is Susceptibility to physical or emotional injury. Risks entail the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. A risk is the intersection of threats and vulnerabilities. The risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats whether actual, conceptual, or inherent may exist, but if there are no vulnerabilities, then there is little or no risk at all. Similarly, one can have a vulnerability, but if they have no threat, then they have little or no chance for risk at all (Choi, Robles, Hong, & Kim, 2008).
Question Two
Zero day exploit entails unknown exploitation in the world that exposes a vulnerability in software or hardware and can create complicated problems well before one realizes. It happens when cyber criminals launch threats to abuse the flaw before the vendor releases a patch for it. When these kinds of flaws are abused can be more efficient for cyber criminals as most users are still exposed. The zero-day exploit can be used as a facilitation of cybercrime, cyber espionage and cyber terrorism since these processes are done deliberately by the people to affect computer operations without the consent of the user. The user is, therefore, unable to protect the computer and before he protects it, damages will have already been caused (Spacey, 2011).
Question Three
The traditional crimes and cyber crimes can be directed at the same targets when the comparison is made. For example, in physical robbing, the money is stolen by physical means while c...
You Might Also Like Other Topics Related to terrorism essays:
- HLS 615 DF6 Due1 page/≈275 words | 5 Sources | APA | Social Sciences | Essay |
- HLS 615 Written 44 pages/≈1100 words | 10 Sources | APA | Social Sciences | Essay |
- HLS 615 DF4 Homeland Security1 page/≈275 words | 4 Sources | APA | Social Sciences | Essay |
- How Would you Apply Routine Activities Theory to Terrorist Activities?1 page/≈275 words | 3 Sources | MLA | Law | Essay |
- HLS 615 Discussion Forum: Two Separate Terrorism Events 1 page/≈275 words | 3 Sources | APA | Social Sciences | Essay |
- HLS 615: Effective Homeland Security Terrorism Prevention5 pages/≈1375 words | 6 Sources | APA | Social Sciences | Essay |
- HLS 615 Discussion: Department of Homeland Security (DHS)1 page/≈275 words | 3 Sources | APA | Social Sciences | Essay |