Studyspark Study Document

Chief Security Officer: As the Chief Security Essay

Pages:7 (2148 words)




Document Type:Essay


Chief Security Officer:

As the Chief Security Officer for a local University, my main role is establishing and maintaining an enterprise wide information security program that helps to ensure all data and information assets are not compromised. This process involves developing a plan to conduct a security program that prevent computer crimes, establishes a procedure for investigation, and outlines laws that are applicable for potential offenders. To develop an effective plan, the process would involve identifying recent computer attacks or other offenses that have been carried out against higher educational institutions and processes established by these institutions to prevent the recurrence of the crimes. In addition, procedures, methodologies, and technologies that could be bought to lessen computer crime threats and effective laws for convicting offenders will also be examined. The other parts of the process include identifying computer crime fighting government programs and the types and costs of computer forensics technology that can be used by the University.

Recent Computer Hacker Attacks or Other Crimes:

The United States is generally a society of openness and freedom, which are central values of higher education institutions. As a result of these values, competitors and foreign adversaries have been taking advantage of these institutions of higher learning. Actually, these adversaries and competitors have taken advantage of the openness in higher education to carry several abuses. This misuse include recruiting individuals for espionage, stealing technical information or products, spreading false information for various reasons, avoiding costly research and development, and exploiting the student visa program for illegal purposes ("Higher Education and National Security," 2011). Consequently, higher learning institutions have become increasingly vulnerable to different types of computer crimes.

In the past few years, higher educational institutions have experienced some computer crimes including hacker attacks. On the week of August 23, 2010, the University of Virginia fell victim to a cyber-attack that contributed to the theft of approximately $1 million. The attackers used malware to illegally obtain online banking credentials for accounts belonging to the college and transferred nearly $1 million abroad. At the beginning of this year, Miami University in Oxford, Ohio, experienced a hacker attack into its system by two students who were eventually charged with hacking the school's system to inflate grades. The other example of a recent hacker attack crime in a higher learning institution occurred this year at Ferris State University, which became a victim to hackers and contributed to numerous risks on the identifying information of thousands of students.

These examples demonstrate that administrators at higher educational institutions are as vulnerable to data breaches as business enterprises. This vulnerability is fueled by the fact that these institutions have several factors that make security more complex as compared to the commercial world. Secondly, these institutions have not had similar level of regulatory compliance pressure as other organizations in the commercial sector (Prince, 2010). Third, these institutions are affected by cultural factors because of their focus on strengthening an open educational environment rather than the need to protect sensitive information.

Processes Established by Institutions to Prevent the Recurrence of the Crimes:

Since these incidents of computer crimes on higher educational institutions have become common, especially hacker attacks, colleges and universities have established various processes to prevent the recurrence of the crimes or attacks. One of the strategies adopted by these institutions is shutting down the server and hiring a computer forensic company to investigate the system and prevent further unauthorized access ("Data Security Breach," 2013). Secondly, some institutions have hired a Chief Security/Privacy Officer to provide direction and guidance on how they gather, maintain, and distribute private information. Third, some institutions consult competent and skilled legal counsel in light of the state and federal regulations associated with data requirements.

However, these initiatives and processes have proven futile because of the constant increase of the number of such incidents. Actually, it's assumed that the number of data security breaches in higher learning will decrease if higher educational institutions get it right. For instance, hiring computer forensic companies to investigate a computer crime have been unsuccessful in some cases because of failure to demonstrate any unauthorized access. While these strategies are not entirely ineffective, it seems that these institutions strengthen their security measures to prevent recurrence of the offenses. In essence, the institutions should not only focus on reacting to computer crimes but addressing factors that contribute to the occurrence of these offenses in the first place.

Technology that can be Purchased to Lower Computer Crimes:

In essence, lessening computer crime threats is increasingly important to higher educational institutions that are vulnerable to such attacks and their effects. The achievement of this goal requires establishing effective processes and methodologies that enhance security or purchasing technology to lower computer crime threats. There are various technologies that can be purchased for this process including next generation firewall, enterprise forensics solution, intrusion detection system, malware sandbox system, centralized/enterprise antivirus solution, and data aggregation, parsing, and correlation tools.

One of the technologies that can be purchased to lessen computer crime threats is EnCase Enterprise, which is an enterprise forensics solution. This technology is one of the most widely recognized law-enforcement utility for computer forensics. The concept of this forensic solution is the evidence file that consists of the header, the checksum, and the data blocks. They work together to offer a secure and self-checking description of the status of the computer disk during analysis (Easttom & Taylor, 2011, p.254). The other enterprise forensic solution that can be purchased to lessen computer crime threats is Access Data Enterprise. As a technology developed on industry-standard and court-accepted Forensic Toolkit, the technology provides a state-of-the-art incident reaction and deep dive evaluation of volatile and static data. The main advantage of this technology in helping lessen computer crime threats is that it provides an instinctive incident reaction console, secure batch remediation, thorough logging and reporting, and incomparable searching and filtering.

Access Data is currently offering Access Data Enterprise for a promotional offer of $12,500. The functionality of this technology does not require scripting while its users are not limited to proprietary technology. It contains an Internet-based management server that imposes granular role-based cyber security. Furthermore, Access Data Enterprise does not require the user to uninstall and reinstall during upgrade of functionality. The users can also handle metadata storage, huge data sets, robust data manipulation abilities, and delivering case management.

The other recommendations include Palo Alto Networks, which are next generation firewall and WildFire, which is a malware sandbox system. Palo Alto Networks provides a complete series of purpose-built hardware platforms including PA-200 that is designed for enterprise remote offices and PA-5060 for high-speed datacenters. These firewall platforms can help to lower computer crime threats because they are based on single-pass software engines. They also utilize function-specific processing for various functions such as threat prevention, networking, management and security to provide predictable performance. The cost of these firewall platforms depends on the specific type of network required by the organization. On the contrary, WildFire is a technology that utilizes sandbox analysis to identify and prevent unknown threats. This is primarily because attacks on networks are increasingly fueled by sophisticated malware developed to avoid the conventional antivirus controls. This technology expands the abilities of next-generation firewalls to detect and block unknown and targeted malware through actively evaluating it in a secure, cloud-based virtual environment. Some of the major system requirements for WildFire technology include dual 6-core Intel processor with hyper-threading, 120GB SSD hard disk, 128GB RAM, and 2TB RAID1 storage ("Wildfire," 2013).

In addition to purchasing technology to lower computer crime threats, higher educational institutions should hire chief security officer to direct and guide the handling of sensitive information in the computer system. Secondly, the institutions should develop their policies on handling computer systems based on the state and federal laws regarding collecting, maintaining, and distribute information. Third, these institutions should develop comprehensive and effective programs that promote information protection. The development of such programs requires an understanding of the various kinds of available safeguards, drivers, and ingredients.

Maryland Laws on Computer Cyber-crimes:

Given the increase of the threat of cyber-crime, Maryland's governor unveiled an aggressive policy for dealing with these offenses and establishing the state as America's epicenter for cyber security. The State has enacted various laws that provide the basis for governmental programs that address the threat of computer cyber-crimes. Some of these regulations to help combat cyber crime in the region include statutes on code grabbing devices and those that prohibit unauthorized access to computer and related material.

In recognition of the significant negative effects of these crimes and the need to fight them, the aggressive policy incorporated various aspects, initiatives, and programs to address these offenses. One of these programs to fight cyber-crime was recommendations for the formation of a National Center of Excellence for Cyber Security in Maryland ("Governor Martin O'Malley," 2013). This initiative would involve partnerships between federal and State government and the private sector and learning institutions. The initiative would play a major role in my…

Sample Source(s) Used


"Data Security Breach at Ferris State University." (2013, August 16). Local. CBS Local Media.

Retrieved December 16, 2013, from

Easttom, C. & Taylor, J. (2011). Computer crime, investigation, and the law (1st ed.). Stamford,

CT: Cengage Learning.

Cite this Document

Join thousands of other students and "spark your studies."

Sign Up for FREE
Related Documents

Studyspark Study Document

Security Roles in the Present

Pages: 3 (1081 words) Sources: 3 Subject: Business Document: #41798620

Also, it goes without saying that anyone hired in an important position like this one should have a wealth of experience and knowledge pertaining to information technology and information security (Slater, p. 2). The broad spectrum of activities a CSO must engage in Author Tyler Justin Speed explains that while it security staff can be counted on for the most part to protect stored digital data, unless the chief of

Studyspark Study Document

Security for Networks With Internet Access

Pages: 12 (4420 words) Sources: 10 Subject: Education - Computers Document: #31313380

Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework

Studyspark Study Document

Security Management Security Measures Risk Management

Pages: 5 (1552 words) Sources: 10 Subject: Business - Management Document: #57152065

Security management is "described in some quarters as a function of risk management," (Bulletin 2, Part 2). Although there is some crossover with public sector security functions, such as policing, security management is generally considered a private sector domain. "Whilst private security has a predominantly commercial basis, it should not be forgotten that it does interact with the public to a considerable degree," (Bulletin 2, Part 2). Security management is

Studyspark Study Document

Security Issues in Cloud Computing

Pages: 5 (1450 words) Sources: 5 Subject: Education - Computers Document: #95023300

Despite these concerns however the world's largest companies still actively promote and routinely hype the value of cloud computing without mentioning the myriad of risk associated with this platform, despite its continual maturation from a security and stability standpoint [2]. An example of this is type of hype is when Microsoft's Steve Balmer described cloud computing as the next frontier and Dr. Ajei Gopal verified that the cloud is there

Studyspark Study Document

Security Louisiana Private Security Requirements

Pages: 3 (925 words) Sources: 5 Subject: Criminal Justice Document: #40624597

And the applicant must successfully pass a pre-employment drug screen (Collins, Ricks and Van Meter, 2000). All private security officers must meet the applicable statutory requirements and any criteria that have been established by the employer. In looking at the requirements that have been set forth by the state of Louisiana, the following minimum requirements must be met in order for a person to become a private security officer: 1. The

Studyspark Study Document

Chief Executive's Tasks When Mintzberg's Model for

Pages: 3 (925 words) Sources: 2 Subject: Business - Management Document: #33925695

Chief Executive's Tasks When Mintzberg's model for CEOs is used, the above case study can be observed to have managerial activities that can be categorized into the interpersonal, informational as well as the decision-making roles that were displayed by the concerned manager. The interpersonal roles that were executed by the manager included the speech that he was to give at the area police academy. The other instance is when he learnt from

Join thousands of other students and

"spark your studies".