Recent orders
Insightful post (2)
Insightful post! I enjoyed reading your post. I like how you have extensively explained the aims of Burroughs when writing the piece “From Junky.” I concur with you that after reading Burroughs’ excerpt, we notice that things are not always as they seem. He explains about the rot in 103rd and Broadway. He talks about peddling and abuse of drugs, especially Heroin. William talks about how Heroin is smuggled from Mexico and abused on Broadway. Definition of Heroin is a drug that is commonly abused worldwide, and it derives from opium. He vividly describes how peddling activities occurred in his neighborhood. Burroughs also talks about drug addiction and its effects.
Insider Theft of Intellectual Property
Insider Theft of Intellectual Property
Insert name
CSIA 303 Foundations of Information System Security
Introduction
Advances in technology and social media networking have provided even the smallest of businesses with the opportunity to extend their business boarders and create a more diverse customer base. While a great asset for the company, this increased visibility is accompanied by increased risk and vulnerabilities as it pertains to preserving the company’s mission, purpose, and goals. In enabling the ability to conduct business online by collecting personal information through a network, accepting online payments, and implementing a password protected portal, small businesses open themselves to previously unknown risks and can suffer great loss at the hands of a malicious individual. Such a breach causes loss not only in the realms of finances and privacy, but also in the sense of the company’s reputation and reliability. This loss is even greater when it happens because of someone on the inside. Fortunately, systems exist that can aid in the protection of confidentiality, integrity, and availability while protecting against risk.
Security Threats and Vulnerabilities
According to Egan (2004), the most common security threats and attacks that occur within a network come in the form of a worm, Trojan, or virus. Each presenting with its own set of dangers, these three entities have the ability to infiltrate an entire system and shut down a business in a relatively short period of time if they go undetected. Having a information security system in place that not only identifies the risk but eliminates it is key. In addition, the following elements must be addressed in order to provide the highest quality of service to customers:
Confidentiality – When collecting sensitive data, whether it be from customers or employees, it is the responsibility of the company to protect that information from being placed into the hands of a malicious individual. It is it the company’s responsibility to protect the consumer’s/employee’s privacy.
Integrity – Refers to maintaining the consistency, accuracy and trustworthiness of data over time (Fitzgerald, 2012). It is imperative that data be protected by an authorization code/password given only to a select few individuals.
Availability – Ensuring that the company’s network is running at all times, providing customers and employees with efficient service while protecting against malware.
Non-repudiation – An unique and personalized data signature that denies an individual the capability of saying that they did not perform a specific action (McCullagh & Caelli, 2000).
Authentication – Service that provides proof that a particular individual performed a specific action
Authorization – Determines who has access to what according to role, title, job responsibilities, etc.
Risk – The function of the likelihood that a threat will occur (Elky, 2006).
A well thought out and effectively implemented information security program can assist in addressing the key elements listed above while also protecting against malware.
Recommended Technologies
Insider theft of intellectual property is a loss many companies may experience at one point or another. One of the major reasons that this theft occurs is the lack of policy surrounding appropriate interactions on the company networks as well as poorly defined consequences that will result from engaging in particular actions (Fitzgerald, 2012). There are two very effective ways to combat this:
Issue-specific policies. The greatest way that companies can safeguard their assets against insider theft is to create issue-specific policies that address the ways in which employees communicate as well as access authorizations, sharing restrictions, and external storage devices that are allowed on the system.
Automated risk assessments. Another way in which companies can safeguard against insider theft is through software that identifies, assesses, monitors, and eliminates system attacks and threats. This type of software is available to small businesses at an affordable rate and provides vast protection.
In addition to the above, the NISTIR 7621 (NIST, 2009) suggests installing commercial spyware and virus scans onto network computers and having them run automatically on a consistent basis both to assess risk and search for updates. Additionally, employee home systems and laptops should be secured with firewalls in order to ensure security of information outside of the office.
Impact
By implementing issue specific policies and automated risk assessments, small business safeguard their ideas, customer base, and future inventions. Billions of dollars are lost and company information is compromised annually as a result of insider theft (Cappelli, Moore, & Trzeciak, 2012). By planning ahead and anticipating the risks involved with conducting business through technology, small business can save themselves from great loss and potential extinction.
References
Cappelli, D.M., Moore, A.P., & Trzeciak, R.F. (2012). The CERT guide to insider threats: Insider theft of intellectual property. Pearson Education, Inc.: Upper Saddle River, NJ.
Egan, M. (2004). Executive guide to information security: Threats, challenges, and solutions. Pearson Education, Inc. : Upper Saddle River, NJ.
Elky, S. (2006). An introduction to information system risk management. Retrieved from: https://learn.umuc.edu/d2l/le/content/27177/viewContent/1532342/View
Fitzgerald, Todd. (2012). Information security governance simplified: from the boardroom to the keyboard. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=47187.
McCullagh, A., Caelli, W. (2000). Non-repudiation in the digital environment. Risky Monday. 5(8). Retrieved from: http://pear.accc.uic.edu/ojs/index.php/fm/article/view/778/687National Institute of Standards and Technology. (2009). Small business information security: The fundamentals (NISTIR 7621). Gaithersburg, MD: Department of Commerce.
Technology Transfer Research Paper
Insert NameCSIA 459
Jan. 23, 2015
Technology Transfer Research Paper
In today’s world cybersecurity is a very important factor in everyone’s day to day life. Cybersecurity must be implemented in most daily task such as checking your bank account statement online, checking your work email and ordering the newest songs using Itunes. The qualitative data value of cybersecurity is known in the private industry and also in the government sector. But what most people don’t realize is that to make sure that these daily task are secure. There is a research and development process that all these products need to go though in order to be called safe and be able to safeguard the information the customers trust with them. In the research and development process there are three major parts that need to be completed. There is The Technology Development Life Cycle, Technology Transfer Process and Marketing to Funding Sources.
The Technology Development Life Cycle CITATION Bra02 l 1033 (Branscomb & Auerswald, 2002) has five stages that take an idea from invention to innovation. The first stage is the basic research stage. In this stage an idea is developed. Corporate and government research is started. The outcome of this stage is a patent is requested and granted to protect against intellectual property theft of this idea. The next stage of the life cycle is the Proof of Concept/ Invention stage. In this stage the goal is to create a prototype of the invention. Also testing the prototype and collecting raw data. At this stage the company might include getting initial investors and technology labs involved to help fund and manufacture the prototype. The next stage in the life cycle is the early stage technology development stage which is also known as (ESTD). This stage is very important to the invention because at this stage the goal is to get business validation. This is telling the business that they can profit in investing in this new technology. This is where they gather up all the data that was collected and package the results from the testing of the prototype to present to potential investors such as venture capitals. The next stage in the life cycle is the product development stage. During this stage the company must work out any bugs and get the technology ready to hit the market. Depending on the problems and the budget that is set the company might have to get other venture capitals to invest in the technology or go back to the ones that have already signed on to get more money to fix issues. The final stage in the life cycle is the production/ marketing stage. In this stage the company might get corporate investors involved to help market the new technology. Also, give out the specs so other companies to subcontract and make add-ons for the new technology. An example of that is Apple might say we are coming out with a new Iphone so here are the specs and a prototype of it, you can use this to make an aftermarket keyboard or app for the phone. This leads us into the Technology Transfer Process.
Technology Transfer Process which is also called the transfer of technology is what I would call a technology hand off or a pass down. During this process government and non-government companies get together and pass on existing technical knowledge, skills, and methods of manufacturing technologies to each other. These Technology Transfer’s help grow new markets in the private sector. In a way the government is giving away the blueprints or groundwork on things that they started working on and are no longer funded to work on. A prime example of this is when “President Obama is calling on NASA to cancel the program that was to return humans to the Moon by 2020 CITATION KEN10 l 1033 (CHANG, 2010)” By stopping that program private companies call for a technology transfer so they can continue the research and development of a way to get people on the moon. That way the government can give the companies their current research so their company can analyze what the government has already done and not waste time and money on doing the same things over. This is a way to keep the innovation building. It is the process of sharing of knowledge. “Technology transfer is the process by which existing knowledge, facilities, or capabilities developed under federal research and development (R&D) funding are utilized to fulfill public and private needs. CITATION Tec15 l 1033 (Technology Transfer, 2015)” This brings us to the funding.
First, we need to look at the willingness of government to fund cybersecurity. The President has started to look to that future. Other government entities should follow suit. The Vice President recently announced a Department of Energy grant of $25 million. Thirteen historically black colleges and two national labs will benefit from this grant. “The new initiative, titled the Cybersecurity Workforce Pipeline Consortium, will serve as a classroom-to-workplace bridge so student at partnering schools…have a clear path to entering the tech industry. CITATION Wil15 l 1033 (Williams, 2015)”
After reading I found the following statistics to show the need for funding. “Nearly 43 million cyber-attacks were detected in 2014, 48 percent more than the year before. Those breaches cost the U.S. economy almost $500 billion a year for companies to recoup funds and rebuild their network security. Experts believe that trend will continue with breaches happening more frequently and security software advancing to better detect them. To combat that, business and the federal government are investing more money, over $71 billion in cybersecurity, CNBC reported. CITATION Wil15 l 1033 (Williams, 2015)”
Now that we know the President is on board. Let’s see if any other government is on board. According to The Hill, if we pass the “Cromnibus”, the FBI gets 8.3 billion, the Department of Justice gets $722 million, DHS funds are frozen at last year’s rate and Department of Energy would get $304 million.
So now we know the government is invested. Let’s look at the Venture capital. The Hewlett Foundation funds MIT Cybersecurity Policy Initiative to the tune of $45 million. The Hewlett foundation is donating $65 million this year alone to better cybersecurity. At Hoc funded $8.2 million, HyTrust funded $34.5 million, Tanium funded $90.81 million, Kaspersky Lab funded an unknown amount. They are located in Russia and Shape Security funded $66 million. It seems these five companies donated the most to cybersecurity. So clearly the Venture Capital seems to be invested. So how do you get funding?
It seems that government funding is going to colleges to educate the new generation on cybersecurity. The Venture Capital is concentrating its money on what’s happening now. Venture capital exists for one reason, more money. It’s about immediate gain. If they put out money to fund cybersecurity, they expect to reap the benefit now and reap them big. The government is of the thought pattern that young, new minds will get the education and come up with more innovative ways to help cybersecurity. You can apply for grants and /or lobby your government on Capitol Hill. Venture Capital needs to be shown a need that you researched and developed a prototype and then that you solved the problem in theory. Then funding will come.
What I have learned during my research is that it is a long detailed process to get new cyber security technology from being just an idea in a college students mind to being implemented in government environments and private homes all across the world. There are a lot of battles that need to be fought and hills that need to be climbed during the journey. It takes a lot of dedication to this idea so innovation can come to life. It takes good marketing to get investors to invest in new technology. Also, I have learned that the U.S. government is willing to invest in the schools that teach the knowledge of innovation. And the venture capitals are willing to invest in making technology that they can use right now.
Works Cited
BIBLIOGRAPHY Branscomb, L., & Auerswald, P. (2002, Nov.). Between Invention and Innovation An Analysis of Funding for Early-Stage Technology Development. Retrieved from http://www.atp.nist.gov: http://www.atp.nist.gov/eao/gcr02-841/gcr02-841.pdf
CHANG, K. (2010, Feb 1). New York Times. Retrieved from http://www.nytimes.com/: http://www.nytimes.com/2010/02/02/science/02nasa.html?_r=0
Technology Transfer. (2015). Retrieved from http://www.utrs.com: http://www.utrs.com/technology_transfer.html
Williams, L. C. (2015, January 16). ThinkProgress.Org.
