Behavior Blocking: The Next Step in Anti-Virus Protection

Since we are learning Management of Information security in this week and after reading different articles regarding Data breach Investigation, I felt an importance of discussing the protection against computer virus. With the increasing threat to the computer application, vulnerability has increased to the internet world. There are different types of attack to the system which can damage the network and creates the threat tot eh infrastructure and security. Hoax, URL Spoofing and Phishing, Referer spoofing, Caller ID spoofing, DoS attack, spam, sniffer etc. are some of the common type of attack that happens in the computer, system network and security. To overcome this attack, organizations are using various IT security approaches including blacklisting, whitelisting, and behavioral based technologies, and software t o secure the system. Behavior blocking is a tool implemented for defense tactics in antivirus approach that monitors the file activities, software and operating system modification. This process guards the operating system and stops any unauthorized behavior within the operating system. Files and programs that are likely to present the threat to the operating system are blocked based on the analysis of the behavior pattern and this can be done by analyzing the content and code.

In signature- based approach also known as antivirus, actions (code/file transfer) are compared with the database activities called as signatures and if any suspicions are found, they are blocked whereas in behavior blocking the user behaviors are monitored and repetitive behaviors are blocked. So if any new behaviors are detected then the comparison fails and the approach will not work where as the behavior approach will block any unusual behaviors. These unusual behaviors create alert to the administrator and notify regarding exploitation of the vulnerability. For Example: If there are any W32/Viking virus variants files the users are not allowed to open this as it will infect the executable virus by copying itself to network and removable share drives. Behaviors blocking is also known as sandboxing as it observes the behavior of the running program and if any threats are detected then they are blocked.

After detecting malicious activity, Behavior Blocking performs one of the following actions:

• Block: Prevents programs exhibiting malicious behavior from making changes to the computer.

• Terminate: Closes programs that exhibit malicious behavior.

• Clean: Closes programs that exhibit malicious behavior. If a program is verified to be a threat, deletes files and other objects associated with the malicious program.

Works Cited

Pachghare, V. K. (2015). CRYPTOGRAPHY AND INFORMATION SECURITY. New Delhi: PHI Learning Private Limited.
Stackpole, B., & Oksendahl, E. (2011). Security Strategy - From Requirements to Reality. Boca Raton: Taylor and Francis Group, LLC.
Webroot Software, Inc. (2013, January). User Guide for the Identity Shield. Retrieved November 14, 2015, from http://download.webroot.com/IdentityShieldUserGuide.pdf

Week 2 Post - Benefits of integrating the IT/Security strategic plan with the Enterprise Strategic Plan

Enterprise strategic planning is about encouraging long-term thinking of the organization by establishing the directions and constraints that will guide the tactical achievement. While making the decisions of the future planning there are uncertainties and the future prediction is very difficult. “The best-laid plans of mice and men often go awry” (Funston & Ruprecht, 2007), so risk is involved with any strategic planning. Security Strategy is the plan that will moderate risk while complying with legal, statutory, contractual, and internally developed requirements to achieve the business goal. In-order to achieve the business goal organization must align both enterprise strategic plan and security strategic plan because enterprise’s strategic drivers are derived from scanning environmental factor which is a key essential within security strategic plan.
Since business strategy is all about proving that the company’s success and achieving stable long term earning growth over it’s competitor security strategic plan will help organization to adopt to its environment. Environment in macro level includes industry, competitor analysis, market research, product innovation. Security Strategic plan includes the environmental scan and performs SWOT (Strength, Weakness, Opportunities, and Threats) analysis that will leverage the strengths and minimize the weakness of the enterprise. The information will help in decision making for the business unit’s strategic plans. Security plans involves regulatory and legal requirements that enterprise has to determine before making decisions. Enterprise’s data security, privacy and informational management are handled by the security team and business has to make the decision whether these matters needs to be maintained in-house or outsourced. These insights will identify lots of question to strategic planners and minimize the future risk by addressing them in the strategy plan. Consumer always demands the standard of the product and it will make the company rise a step ahead of it’s competitor. Security plan will determine how to identify the higher standards for the performance, bandwidth, power, performance, flexibility, reliability, connectivity, integration, real-time solutions, and security. For example, HIPPA regulates each individual in health care profession and enforce them for the standards. Organizations benchmarking these standards and driving the strategic security initiatives always achieve the competitive advantage than others. Security strategy plan also determines the international standardized requirements for the organization. In order to perform the business in international arena business organization has to follow international security protocols and standards. For example, an airlines company has to follow the guidelines of International Civil Aviation organization (ICAO).To minimize the risk of the legal aspect and cost associated with it, enterprise has to incorporate all the policies and plans during the strategic planning and security strategic planning will provide all the analysis of the security beforehand so that the decision making is easier.
Integrating the security drivers within the enterprise strategic planning will effectively achieve the long-term business goals holistically. It will maximize the ability to manage the information risk by assessing and validating the compliance with ever-changing legal, regulatory, contractual or other applicable standards (Evans, 2015). Treating the security plans as different entity and alienating them will impact the decision making of the strategic planners and also gets into the legal and regulatory trouble. Market research will be weak and products might not address the need of the gap analysis. Lack of competitive intelligence and business intelligence will create vulnerability in decision making about everything from marketing, R&D, and investing tactics, to long term business strategies.

Works Cited
Evans, B. (2015, July 08). The Importance of Building an Information Security Strategic Plan. Retrieved September 20, 2015, from security Intelligence by IBM: https://securityintelligence.com/the-importance-of-building-an-information-security-strategic-plan/

Funston, R., & Ruprecht, B. (2007, May 01). Risk in the Strategic Planning Process. Retrieved September 20, 2015, from Business Finance : http://businessfinancemag.com/business-performance-management/risk-strategic-planning-process

Week 1 Post - The roles and responsibilities of people involved in security policy framework creation

When we talk about the organization and business process, each roles and responsibilities are accountable in order to achieve the goal. Similarly for selecting the perfect security policy framework, changing the existing framework or building the secure framework different individuals are required and each individual are equally responsible for their roles and responsibilities. Each individual performs the separate task and manages the task that they are responsible for the work. This includes managing the team (managers), developing secure framework (security architects), ensuring the data quality (data engineers) , office/Vendor management etc .which are building blocks of the whole security framework. Each security policy framework creation is risk based approach so different person working to minimize or solve the risk has individual task assigned to them. Risk governance provides the overview of the risk evaluation and defines the key personnel that are working to ensure the technology risk, manage/articulate the risk. Each step of this process has different hierarchical order of the organization who are adding values to produce the high quality products and services. Organizational structure depicts the roles and responsibilities of people involved in security policy framework creation and implement framework that establish the standards for identifying and managing risk. For example people working on the executive governance (board of directors) are responsible for the decision making, managerial task, dealing with the audit issues, CISO are responsible for any technology related security issues. Security administration manages the access management referring to user access to the different systems, physical facilities and manages the application security management. These different layers of the organizational structure has to work together to achieve the secure business component. Security management works together with operational management to ensure application security requirements are met. When we talk about the separation of duties for the creation of the security policy framework we are associating each business function with risk. Each individuals working on the organization structure has their skill set defined and they are hired for their individual roles. For example, developers can code as per the requirement and tester can verify the application are functioning as per the requirement but when these individuals are assigned to design the security architecture of the organization then they are not qualified for the task. To summarize, each individuals has their own skills set and they mastered in them to produce the quality works. If one has to work outside the comfort zone then there are risks associated with the work and transnational responsibility and accountability are in jeopardy. These roles and responsibilities are also associated with the organizational security governance and compliance to the standards. Creating the strong security policy framework helps in minimizing the risk and the only way to measure the level of security is framework. Framework defines the essentiality of the regulatory compliance the set the standards and controls. When these roles and responsibilities are not properly defined or managed then security risk can be increased, compliance and standards can be in danger and business can have legal issues.