In this critical thinking, please assume that you are the IT security manager in government university, in two pages please write about appropriate Security Controls to added for IT security improvements, those controls are:
• Advanced persistence threats (APT).
• More CCTV to cover all critical areas.
• Many layers of intrusion prevention system (IPS)
With the migration of sensitive information through a vulnerable and borderless cyber world, information security has become critically important to businesses. Organizations now hinge on information systems to execute important, critical and routine business processes, thus protection of the fundamental systems is essential to their achievement. Information systems suffer threats that can acutely affect organizational assets, reputation and business operations by exploiting vulnerabilities that can compromise the confidentiality, integrity and availability of transmitted information. This proposal describes appropriate security controls to be incorporated for IT security improvements within ABC University.
Nature of the problem
The wide use of computers in commercial and private installations has long dictated the application of security rules and regulations. One basic principle essential to the security of computer systems has been that of isolation – where the entire system is moved to a physical environment where penetrability is acceptably minimized. Additionally, resource-sharing systems have to be designed to safeguard each user from interference coming from the system itself or another user; an should offer some level of “privacy” protection to users wishing to safeguard the integrity of their programs and data. This is where security problems are admittedly most acute. Thus, manufacturers and designers of resource-sharing systems are concerned with the critical challenge of safeguarding information.
Threats to System Security
By their nature, computer systems assemble a series of vulnerabilities including hardware vulnerabilities, software vulnerabilities, and human vulnerabilities. Thus, the design of a secure system must offer protection against the different types of vulnerabilities, which fall into three key categories: deliberate penetrations, accidental disclosures and physical attack.
Deliberates penetration refers to an intentional and covert attempt to obtain information held in a system; cause the system to function to the advantage of the threatening party; or manipulate the system in order to render it unusable or unreliable to the genuine operator. These efforts could either be active or passive. Accidental disclosure refers to failure of equipment, software, subsystems, or components leading to violation or exposure of information alongside system elements. These are often as a result of software or hardware failures. Physical attack, on the other hand, refers to overt assult upon the physical environment and could be a result of mob action e.g. during student’s standoff.
Security Controls Recommendations