Recent orders
Threat Assessment
Threat Assessment
Name:
Course/Number:
Date:
Instructor Name:
Threat Assessment
Information Security is a key issue to be considered in every organization. Having information security measures implemented in an organization does not ensure protection to your information. Nevertheless, having standards or policies to ensure security to information is simply the best start in ensuring information security. This way, an organization will have a way forward into studying what threats they may face or they are facing and then set the measures that will manage their systems securely. This paper shows the threats the organization is facing or may encounter and what measures can be implemented to safeguard the organization’s information systems.
According to Maiwald, information Security comes from two words; Information and Security. Information is useful data collected and kept in communication systems like computers to be used for different purposes. On the other hand, security is protecting something from danger or threats (2004, p. 6). Therefore, the term Information Security is all about implementing measures that protect the organization’s data from any threat. These information Security threats are there, and they can harm any information security system. It is an organization’s strategy to protect its information systems against them.
According to Staub, Goodman and Baskerville (2008), before attempting to implement any security measure, a strategy should be set. This process involves examining what values and purposes in terms of external and private environment that the organization has. Plans and goals should be set during this process. This process helps to find out with what level of protection is available in the organization. This is by first carrying out an investigation regarding the information security system. The second task will be determining what security measures to implement and determine if it will be beneficial to the organization’s security if adopted. The third step is creating the formulae of how to apply the security measures into the organization’s security system (p.18).
Carrying out a thorough assessment of the threats known as threat assessment is essential in evaluating risks to the organization. This process helps in coming up with what is happening in terms of information security. Information about the threats facing the organization’s information system, security measures already implemented, possible threats and the way to improve the security. It can mean creating additional security measures or simply improving what is there. Additionally, according to Straub et al (2008), during the assessment process, it is advisable to take into account the activities and security environment of the organization in order to implement the security measures that comply with it. In terms of the security environment, an organization dealing with critical information will need strong security policy (p.24). This process is essential in that it helps in coming up with a complete program for the Information security system.
According to Bonnette (2003), assessing threats involves examining the possible causes of threat and determining their chance and consequences to the information system. During this assessment, five types of evaluation can be done. There is the system level which examines the computer systems. The second is network level, which examines the computer network. The third is organization level where the organization is thoroughly analyzed to find any possible threat within. The fourth are the audit policies and how the organization abides by them. The last is a test to the organization’s ability to respond if there is an intrusion. Threat analysis is extensive and information vulnerability should be considered during the process. In essence, there is a relationship between risk, threats and information vulnerability. Risk is certainly a cause of threat acting on a vulnerable entity (p. 5).
Securing the Information System is managing the risks. Therefore, it is essential to understand the risks in an organization’s information system. Failure to understand may lead to misuse of resources. When a risk is identified, then the value of information is also identified and its system. This whole process is risk management (Maiwald, 2004, p. 135).
Risk management is critical in every organization in the digital era as each tries to protect information systems. According to Stoneburner, Goguen and Feringa (2002), risk management is critical in terms of a successful security program. The process should attempt not only to protect organizational information but also its ability to carry out its operations. This process is a critical function in the management of the organization (p. 7).
Maiwald (2004) defines risk as a chance to be attacked and, therefore, a need for protection. Vulnerability is the potential entity to be attacked. In an organization, this can be the computers, networks or organizational policies. Information transmitted over the network can also be accessed. Therefore, consideration should be put into all vulnerable entities and not just the computer systems. On the other hand, a threat is an action that breaks the information system security. Threats can be Targets, Agents or Events. Targets are the entities vulnerable to the threat. Agents are the sources of the threat while the events are the actions that pose to be a threat (p.134-135).
In most cases, agents of threats are people who want to explore the targets like confidentiality, integrity, accountability and availability. These Agents have the ability to access the target, they have knowledge of the target, and that have a reason to access the target. Mostly, they can gain access to the target simply because they might have an account to get into the system, or they might get in indirectly. Sometimes, the agents may have knowledge of the target like passwords, file location, network addresses, employee names and other useful information. These agents have three main reasons why they get into the systems unauthorized. They might be greed, with malicious intentions, and others do that as a challenge, trying to prove something. An agent might be an employee, ex-employee, commercial rival, hackers, terrorists, customers, criminals, the general public or natural disaster like earthquakes (Maiwald, 2004, p.137-138).
Information can be tampered with in different ways. This can be abuse of authorized access to the system, malicious or accidental alteration to information, unauthorized access, malicious or accidental destruction, malicious software, hardware and software theft, internal and external communication eavesdropping and natural disasters. Threat plus vulnerability is equals to risk; therefore, risk is simply a combination of threats and vulnerable entities (Maiwald, 2004, p.139).
Risk can be defined to be low, medium or high. A low risk is where vulnerability of information is at risk, but it is unlikely to happen since the control measures will prevent it. The other level is medium. In this, the threat poses a significant risk to the information system, and it is advisable to have controls to remove it. The third level is high. In high level, the threat poses a serious danger to the information’s confidentiality, integrity, availability and accountability. Safety measures should be taken immediately to remove the threat. When trying to remove a threat within the system, take into account the consequences, for example, the costs of applying a corrective measure in the risk level (Maiwald, 2004, p. 139).
Maiwald (2004), identification of the risk involves identifying the threat and vulnerabilities. Measuring the risk level is also done to help in the security program. This way it can help prioritize the risks to handle first. Identification of vulnerabilities is extremely important in order to determine the risk. This is done by checking all the access points to the system and information. Internet connections, remote, wireless and users access points, physical access to facilities and connections to the outside are the areas to check. Identifying how information is accessible through this access points and the possible vulnerabilities. The next step is identifying the threats. It is a complex task but attempting to identify the specific and targeted threats will make it easier. Possible areas of breach into the security system should be examined, and security controls implemented to determine if the vulnerability exists. Countermeasures can be implemented, and they can include firewalls, anti-virus, access controls, badges, card readers, guards, encryption, intrusion detection system, and two factor verification systems. With all this determined, it is easy to determine the level of risk facing the security system of the organization. It will also help in measuring the risk. This is done by checking the cost incurred on the organization after the attack. The cost can be in terms of resources affected, loss to the organization, and the reputation caused by the attack (p. 139-147).
Whenever threat assessment is carried Maiwald (2004), there are key areas to examine to find the problem of security in an organization. They include; the network; physical security; the organization’s policies and protocols; employees and their awareness towards security measures; attitude of employees; precautions set in place; the organization’s business; how employees comply with the rules and procedures (p. 154-160).
After all information is gathered, then the security team can analyze the information can come up with better measures. According to Maiwald (2004), development of policies and procedures will be created to define expected state of information security within the organization. Policies and procedures are extremely valuable when it comes to security. If the organization already has them, then an update on them should be done. The policies are then implemented to be effective. A security reporting system can also be implemented to monitor and track to ensure policies are adhered. Authentication systems should also be created to provide identification of users before they use the system. Internet security measures like firewalls, virtual private networks are introduced to prevent threats related to the Internet. Intrusion detection systems to alert incase of intruders and security staff be employed. Another key step is creating awareness to the staff and ensures everyone is trained on conduct and use of the system. The final step is creating a conduct Audit to ensure that the policies and controls are configured well (p. 160-168).
In conclusion, threat assessments are particularly important in any information security system of an organization. In most cases, they are never conducted well since many do not consider this process important. This leads to failure in information security. This procedure should be consistent within any organization because threats will always be there to attack the systems. The assessments should also be documented for future use.
References
BIBLIOGRAPHY l 1033 Bonnette, C. A. (2003). Assessing Threats to Information Security in Financial Institutions. 5.
Straub, D. W., Goodman, S. E., & Baskerville, R. (2008). Information Security. Policy, Processes, and Practices , 18.
Stoneburner, G., Goguen, A., & Feringa. A (2002). Risk management Guide for Information technology Systems. 7.
Maiwald, E. (2008). Fundamentals of Network Security. New York: McGraw Hill.
Thorstein Veblen
Thorstein Veblen
Contents
TOC o “1-3” h z u Introduction PAGEREF _Toc379385510 h 1Impact of Thorstein Veblen in the field of economics PAGEREF _Toc379385511 h 1Veblen’s impact/influence on technology and nature PAGEREF _Toc379385512 h 4
IntroductionThorstein Veblen is an American economist who existed many years ago about the 19th century as well as 20th century. This happened to be the time when the people of America saw the effects of Industrial revolution as well as the results of a deregulated industry. The loose regulations that arisen contributed to the emergence of super rich class known as the “robber barons” who owned extremely large companies. The “robber robins” were known for their ways of lavish lifestyles and exuberant spending. Thorstein criticized the type of the behaviour and called it as being a waste, and he believes that the behaviour did not help the economy at all. In his first, famous book, the theory of Leisure Class, he coined the system of spending as being “conspicuous consumption”. He was intensely critical of businessperson concerning their greedy and the tendency of spending money for things, which are not even productive. Thorstein Veblen described the wealthy class using hyperbole and some humours in order to show hierocracies of people who are wealthy. This paper will try to analyze the impacts of economics that Thorstein Veblen has contributed to, in the field of the economics (Peil, 2009, p.121).
Impact of Thorstein Veblen in the field of economicsVeblen in the field of economics makes his readers aware of American small-scale, which was intensely competitive was giving its ways for the large-scale monopoly trusts. He further explained by emphasizing that the monopolistic practices administered prices, which meant that, there was a charge in what the traffic will bear; as well as, the limitations of producing high quality for the sake of raising the prices and maximizing the profits. However, the case of the emergence of the leisure class which led to wasteful as well as, conspicuous consumption for status. Veblen, on the other hand, used instinct theories as well, individual-social welfare interface, his analysis of economic surplus was unique since Veblen Considered it as being the product of the collectively which generated wealth through positive influence of instincts. Veblen was the first economist man who recognized the importance of wealth as well as technological wealth from the generation of collective surplus. While technological knowledge to be the common stock that is held as well as, carried forward by the community collectively, but it is not a creative achievement of the individuals who are working in isolation of self-sufficiently (Veblen, 2004, p. 103).
Veblen continued to argue that every new invention in addition to innovation comes in, to a given degree, which is made by individuals. However, he is a social individual because every change made must always be made by individuals who are immersed in a community plus exposing to disciplines of the group life because it runs in the community and all life are group life. Subsequently, welfares that are generated by the social wealth are substitutes to the material output; however, it is a necessary condition, which is suggested to be for the long-term developments of the material output (Krugman, 2009, p.124)
The bonds of interaction may be fragile, while the human society may be at a lower level of development if there fails to be structures of the community as well as, trust. Technology knowledge has become a common theme that is used in economics today. However, the study shows that, in some states for example Kerala, which is in India, the social wealth provided a foundation for high standards of living but less Gross Domestic Product (GDP) per capita.
A similar notion that seemed to have the same meaning to that of Veblen was developed. The notion was all about the social structures of schools accumulations. The institution is that to be suitable for providing a reproductive foundation for the growth and accumulation, since social wealth is able to promote growth at the same time to be essential to dimensions of the quality life. He explains further by analyzing that when one ignores the social wealth, and goes for a durable business, which has a fixed capital, then, that can lead to a decrease number in the standard of living as well as, development hence it becomes critical (World Bank 1997). His emphasises based on a collective generation of the social, human and the technological wealth, which gave potential of revolutionising economics. Veblen believes that, such well are collectively generated because of negative instincts, which might have been perpetually exploited by stakes for their sake in terms of benefits in a form of surplus products.
According to Veblen, he insists that corporations can exploit the wealth by means of monopoly. He explains further by saying that, Financers are able to gain some shares of surplus by interests or lending of money, and through creations of the credits. Unions on the other side gain their share through industrial action as well as, wages, which are above labours that collect their contribution to workmanship. The vested interests do not only use a portion of economic surplus, but it also stimulates interests which reduces the production of surplus. This made Veblen believe that, the economists actually need of critically analyse power of elites as well as, classes with the aim of sharing surplus product in an egalitarian manner because of it being economists and the social critics.
The social changes which occurred at the period which technological innovations were originally introduced in the case of ending consistent in one value system leading to the formation of systems with an alternative values. He incorporated into those theories aspects of William Graham Sumner’s evolutionary, social theory and John Dewey’s instrumentalism, and strands of the anthropological research. In many compliments, Veblen’s ideas look like those of Karl Marx, though he discarded the labour premise of value and the teleological elements of collectivism.
Veblen’s impact/influence on technology and natureIn the beginning, Veblen views regarding the natural resources and technology appears to be containing some of the striking inconsistencies in the preceding analysis on exploitation and waste of resources. Notably, Veblen, on the other hand, felt that, the natural resources are extremely valuable in social construct. This is because, the society wills to be paying for their use. This is clearly seen when Veblen speaks about the natural resources, which includes the timber, and coal in his chapter “The Technology of Physics and Chemistry” as being constantly increasing because of the improved knowledge, which is very technical(Wessels,2000,p. 123).
Veblen observed that the rapid growth of technologies has brought new designs, for making natural resources. He argued that the natural resources are those resources has no indications of characteristics of a landscape, this is because the technicians understand them by turning them into account, hence; they have become the standard factors to the production area. His faith regarding technology did not end from criticizing to the people who applied the irrationally. Veblen on the other hand, blamed the mismanagement of the industry where business owners are supposed to shed all the responsibility.
Veblen has played a significant role to the understanding of people by use of technology where it has become extremely critical approach in industries as well as, bureaucratic management. He believed that the engineers, as well as the technicians, have greater knowledge concerning the industrial processes, which is intrinsically more than business. He also bemoaned by saying that, all the businesspersons, the accountants as well as, the managers holding money have displaced all the engineers at producing the goods (Champlin, 2004, p.194).
Consequently, Veblen was the first economist, who also sought in integrating in the questions of species, gender, the classes as well as, the question of ethnicity into the evolutionary analysis. He does this by abstracting from the rational economic man because of social individuals who had the preferences and choices, which were then affected by a multiple tasks of knowing that a person is born, and afterwards his lifestyle will have to change throughout his/her life.
Conclusion
This paper has tried to analyze the Impact of Thorstein Veblen in the field of economics as well as, investigating the contemporary relevance concerning Thorstein Veblen’s theory. A specific attention is paid to the theory of change of economic in the society where all the theories were integrated, and developed. It became so relative when other scholars started imitating Veblen when he attempted to develop the analysis of evolutionary transformation concerning the institution. It became particularly prominent that the cultural analysis regarding the institutional change, which continued to be well formulated as it, was started by Veblen (Ricketts, 2003, pg.173). This paper also found that Veblen involved in some project works where he tried explaining on how people should economize the little resources that they have in order to avoid the recession in the coming years. He also showed how people are under an influence of the instincts that provide the directions as well as, plans by sorting out each individual. The research also showed that there are enough promises to the theory of psychology as well as, the institutional (Camic, 2011, p.151).
Lists of references
Camic, C., & Hodgson, G. M. (2011). The essential writings of Thorstein Veblen. New York: Routledge.
Champlin, D. P., & Knoedler, J. T. (2004). The institutionalist tradition in labour economics. New York: M.E. Sharpe.
Krugman, P. R. (2009). The return of depression economics and the crisis of 2008. New York: W.W. Norton.
Peil, J. (2009). Handbook of economics and ethics. London: Edward Elgar.
Ricketts, M. (2003). The economics of business enterprise an introduction to economic organisation and the theory of the firm (International student ed.). London: E. Elgar.
Wessels, W. J. (2000). Economics (3rd ed.). London: Barron’s.
Thomas Samuel Kuhn Theory
Thomas Samuel Kuhn TheoryIntroduction
Thomas Samuel Kuhn was one of the greatest philosophers of his time and one of his greatest contributions is his theory on the structure of the scientific revolutions. This was coined in his book of 1962, ‘The Structure of Scientific Revolutions.’ This book accounted his understanding of the philosophy of science and how it evolves with time. Apparently his arguments in the book are basically embedded on the belief that science develops through stages and in its development, there are stages of stable growth which are thereafter punctuated with stages of what he coined as revisionary revolutions. This paper concurs with Thomas Kuhn’s theory and its discussion will focus on supporting the same.
Arguments in support of Kuhn’s theory
Thomas Kuhn challenged the paradigm of normal science in which science was considered to develop basically through accumulation of accepted facts or theories. In this case, there were little explanations and considerations that accounted theoretically for the scientific change. In fact, as mentioned above, science developed through addition of ‘new truths’ to the stock of ‘old truths’. It was simply correction of past errors. However, in Kuhn’s argument, science never goes through the same process of normal science but is interrupted by certain periods of revolutionary science. Kuhn’s case is quite relevant since it explains that during the revolutions in science, upon discovery of anomalies in the old paradigm, there comes a new paradigm which challenges the anomalies and at the same time advocates for a new understanding which explains the underlying concepts. He coined this as paradigm shift-movement/ change in the basic assumptions governing a particular theory of science.
Thomas Kuhn further explains that every paradigm has its own anomalies. However, these anomalies/ inconsistencies should be in acceptable levels in which case the level of significance has to be low. In the event that enough significant anomalies are attributed to a particular paradigm, the science in drawn to a state of crisis. During the stage of scientific crisis, new ideas are developed which replace the previous ones. Eventually, a new paradigm is formed thereafter gaining new followers/ subscribers. In the event that the anomalies are way beyond the acceptable levels, a revolution occurs on the particular paradigm and a new paradigm developed all together. Usually, an intellectual battle ensues between the old paradigm and the new paradigm followers.
Kuhn’s theory is also quite applicable to various scientific developments which include but not limited to the physical and social sciences. Kuhn has further backed his arguments in the ‘Copernican Revolution’ example in which case he has explained that initially, the Ptolemaic model of the heavens explained that the earth was the centre of the galaxy, however, this school of thought underwent the scientific revolution and later on gave way to the heliocentric model which explained that the sun was the centre of the solar system. Apparently, the Copernican Revolution is considered the origin of the 16th-century Scientific Revolution. Kuhn’s idea of scientific crisis is further on illustrated in this example whereby the Ptolemaic model of heavens had anomalies beyond the acceptable levels. This was the crisis the point which necessitated the emergence of new ideas which consequently replaced the Ptolemaic model with the heliocentric model of the heavens.
In conclusion, Kuhn gives an elaborate explanation on the progress of science through revolutions. He argues that problem solving is a central element of science. His arguments are consistent to a new scientific idea which requires identifying and resolving certain outstanding problems that cannot be handled in any different way. This new paradigm must be related to its predecessors and must give numerous solutions way beyond those given by the old paradigm. Kuhn further elaborates that the more recent a theory is, the better it is suited to handle scientific puzzles. Kuhn’s theory of scientific revolution is therefore quite relevant in explaining the evolution in various theories.