Kirk Patrick Samuda, Kirk Samuda, Hacking and Intrusion
Attack Prevention Article Evaluation
Masters in Information Security and Technology (MSIT / MSc)
Kirk Samuda
CMGT/541
April , 2009
Professor J. Mc Nickle
As I read an article written by Mr. Mathew J. Schwartz, dated March 12. 2012, for InformationWeek via darkreading.com, and ponder the strength of the subject matter discussed, I asked myself the question when does attack prevention begin? The question does present an abstract yet requires that careful thought be exercised when approaching information security breaches, and how to prevent attacks; a technological melancholy with very expensive associations. According to Mathew, “It is very important for companies to consider the smartest ways to first detect, block, and subsequently investigate employees with malicious motives”; joined to a vigorous external process that outlines preventative mechanisms that are designed and implemented around an ERP that is based on a review of hundreds of attacks. Hence the best way to identify, then possibly prevent an internal or external attack is to start with a security audit specifically created as a countermeasure; simply an attack prevention program. For any information security audit to be effective, with the intent to prevent or reduce attacks; it is absolutely necessary to be proactive and first create an insider threat program, that reinforces the fundamental purpose of the CIA triad which highlights information confidentiality, and how protection of company assets is most vital to the preservation of authorized restrictions and how information is accessed and disclosed. Never allow any type of attack, successful or otherwise to go undocumented or wasted. “If you experience an attack, learn from it,” For example, let us analyze an information security breach case of a financial corporation that caught an employee trying to steal very private company trading algorithms. Accountability and authenticity must immediately be exercised to ensure
Masters in Information Security and Technology (MSIT / MSc)
Kirk Samuda
CMGT/541
April , 2009
Professor J. Mc Nickle
As I read an article written by Mr. Mathew J. Schwartz, dated March 12. 2012, for InformationWeek via darkreading.com, and ponder the strength of the subject matter discussed, I asked myself the question when does attack prevention begin? The question does present an abstract yet requires that careful thought be exercised when approaching information security breaches, and how to prevent attacks; a technological melancholy with very expensive associations. According to Mathew, “It is very important for companies to consider the smartest ways to first detect, block, and subsequently investigate employees with malicious motives”; joined to a vigorous external process that outlines preventative mechanisms that are designed and implemented around an ERP that is based on a review of hundreds of attacks. Hence the best way to identify, then possibly prevent an internal or external attack is to start with a security audit specifically created as a countermeasure; simply an attack prevention program. For any information security audit to be effective, with the intent to prevent or reduce attacks; it is absolutely necessary to be proactive and first create an insider threat program, that reinforces the fundamental purpose of the CIA triad which highlights information confidentiality, and how protection of company assets is most vital to the preservation of authorized restrictions and how information is accessed and disclosed. Never allow any type of attack, successful or otherwise to go undocumented or wasted. “If you experience an attack, learn from it,” For example, let us analyze an information security breach case of a financial corporation that caught an employee trying to steal very private company trading algorithms. Accountability and authenticity must immediately be exercised to ensure