This website uses cookies to ensure you have the best experience. Learn more

User Vulnerability In Cybesecurity Essay

1863 words - 7 pages

It should not be a surprise that the biggest vulnerability in Cybersecurity is the user (Goldman, 2010). The vulnerabilities presented by the user fall into two general categories: (1) accidental and (2) malicious. Vulnerabilities are important to those that are trying to perform unauthorized actions on an information system. For this paper, the term information system is being used generically to be anything from a home computer to a global enterprise encompassing numerous servers and storage systems. These unauthorized actions are threats to the information system. While not all vulnerabilities create threats, even a single vulnerability puts the information system at risk.

Most threats that an information system faces depend on or benefit when user vulnerabilities are present (Verizon RISK Team & United States Secret Service, 2010). Additionally, the potential for damage can be more significant when exploits include user vulnerabilities, as it can have direct impact on the effectiveness of countermeasures (CERT, 2010). When a threat is executed by an attacker (e.g. hacking, social engineering), it creates an incident that affects the organization, potentially in many ways. These incidents have operation and financial costs to the organization.

It is possible to address the vulnerabilities and thus make reduce the risk that threats present. On one side, increases are necessary in training and awareness both in intensity and frequency within enterprises along with better countermeasures. On the other side, end-user training and awareness needs to be elevated in society with public campaigns for every age group. Let us take a deeper look at what are vulnerabilities induced by the user.

User Induced Vulnerabilities

It is hard to remember the first time hearing about the eighth layer of the OSI model, the user layer. The eighth layer is crucial whether designing an input scheme or troubleshooting network connectivity (Did the eighth layer plug-in and turn on the system?). Within the Open Systems Interconnect (OSI) model, the user is the only part that does not have universal standards, best practices, predictable competencies, and brings free will along with external influences. By abstraction, the user layer is the human element, which makes it responsible for building Cybersecurity systems, developing governance on use, and exercise safeguards to keep systems safe.

Given this position, an argument exists that all vulnerabilities are user (human) induced. While there is support for this, it is not consistent with the current method for addressing vulnerabilities. A reason for this is that the number of vulnerabilities is too large with varied resolution approaches. Imagine using the same approach to for IT professionals (e.g. software developers) and an average end-user (e.g. logistics manager) when covering the importance of anti-virus software. For the scope of this paper, we will address users...

Find Another Essay On User Vulnerability in Cybesecurity

Vulnerability assessment of the company system and recommendations on measures to mitigate or eliminate potential risks

1167 words - 5 pages 2.3 Vulnerability assessment tools Vulnerability assessment tools are a requirement for a successful vulnerability assessment as indicated in item 2.2 above (Perry nd). Security assessment tools detect and stop malware and any other attempt to crack computer systems. They are categorised into network security assessment tools and Web security assessment tools. Network vulnerability scanning focus on both sides of the firewall, within and

Team Dynamo Essay

817 words - 4 pages all-in one vulnerability assessment tool. The QualysGuard Freescan is cloud-based website vulnerability tool and port scanner capable of conducting over 5,000 vulnerability checks (Vacca, 2013). Both the Acunetix and the QualysGuard Freescan vulnerability assessment tools provide the user with a detailed report that identifies as well as prioritizes potential weaknesses and remedial actions within the target system or website. Findings The

Nessus: The Vulnerability Scanner

689 words - 3 pages Back in Greek mythology, Nessus was a centaur that was killed by Hercules for trying to kidnap his beautiful wife. As Nessus was dying, he convinced Hercules’s wife to take his poisoned garment to prevent Hercules from ever leaving her. It wasn’t long before Hercules’s wife presented Hercules with Nessus’s garment, poisoning him to die in torment. Today, Nessus is a popular vulnerability scanner that detects security vulnerabilities. It was

Static Analysis of a Source Code

845 words - 3 pages whose potential for abuse is very high as a result of having user inputs that are unhandled, is rst made. In specic terms, to detect the vulnerability of this pattern utilizes normal expressions which are deemed as a fast and uncomplicated technique. In this process some result we call false positive (FP) will result as a consequence of using, in a safe way, in- clusion function. The resultant FP's to begin with may come about since this

domains of an IT Infrustructure

983 words - 4 pages door locked?), but the process also increases the chance of being caught or at least raising suspicion.Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it's usually easy to find the type of web server and the operating system (OS) version number that a company is using. This information may enable a hacker to find a vulnerability in that OS version and exploit the vulnerability

Web Vulnerabilities Paper

2243 words - 9 pages years and evaluate their impact. Cross-Site Scripting (XSS) was the number one vulnerability in 2007 and remains prevalent today. XSS occur when an application takes untrusted data and sends it to a web browser without proper validation or escaping. This allows the attacker to implement scripts in the victim’s browser which allows them to execute various types of damage. By successfully utilizing cross-site scripting user sessions can be hijacked


1438 words - 6 pages illicit profit are listed down below Cross-site scripting: This pops out when the web application takes user-provided data and directs them to a web browser without initial validating or encoding the content. Hence, the XSS vulnerability clears the path to the stealer to execute a script program in the victim’s browser. Having said that, so this situation is known as a top risk based known web application vulnerabilities. Accordingly, the

Information security

2954 words - 12 pages writable by another user.  failing to make the right checks for file type, device ID, links, and other settings before using a file.  failing to check the result code after a file operation.  assuming that if a file has a local pathname, it has to be a local file. 2) Hardware Hardware vulnerability also involved with hardware in several exploitations. Examples are as follows: • Corrupt physical memory occurs by reusing DMA capabilities

it SEC

699 words - 3 pages This tool is the tool that audits the configuration of your security posture and advises you of vulnerabilities. The Microsoft Baseline Security Analyzer combines a graphical user interface with a command line interface to allow end users of Microsoft Windows to easily asses the security state of their machines and domain. In the real world it would be used to take a snapshot of what the current security posture would be and then make

The purpose of this assignment is to analyse source code and look for vulnerabilities. The vulnerabilities identified will be exploited with a

1475 words - 6 pages 3.1 Exploit XSS Vulnerabilities The standard javascript code to test for XSS vulnerabilities is : . The script is entered on the register page in the email address input. The script must be entered in the email input when the user registers. The attack is amended with the SQL injection added at the end. The standard javascript attack works but the SQL injection at the end add a value in the field. ' or '1'='1' -- '. The script allows the

SCADA Attacks

836 words - 4 pages training, and the affects of not paying attention to user policies. The failure to conduct cyber attack scenario drills can be correlated to a vulnerability. Rehearsing crises management practices can improve a cyber security posture within the energy industry (Laing, Badii, & Vickers, 2013). It is not difficult to conclude that attacks on SCADA systems are susceptible to vulnerabilities in the energy infrastructures. Through the course

Similar Essays

Proffessor For A Day Essay

1013 words - 5 pages find the strength in the vulnerability because it is the most accurate measurement of courage, the birthplace of innovation, creativity and change, the key to a steady relationship.   Works Cited (2013). JSTOR: An Error Occurred Setting Your User Cookie. [online] Retrieved from: 2. Unknown. (2013). Untitled. [online] Retrieved from: http

Vulnerability Scanning Essay

1411 words - 6 pages This paper is being furnished to provide the CIO with a technology evaluation of vulnerability scanning. The information provided will ensure that the CIO has the required information to make the best decision in regards to this technology. This paper provides a brief understanding of vulnerability scanning, its many forms, the types of scanners available, the advantages and disadvantages, and the costs involved. Introduction

Executive Proposal Essay

1430 words - 6 pages recognizable names in the industry are eEye Digital Security's (acquired by Beyond Trust) Retina, Symantec's NetRecon, SAINT's SAINT and Tenable Nessus. Each of these products has some similar features such as: network mapping or network discovery, vulnerability analysis, data management and reporting as well as a graphical user interface and based on features sets has an average price of $40 per host or approximately $6,375.00 for a class C network

Cable And Internet Networks Essay

1662 words - 7 pages Word as the e-mail editor, Outlook opens the mail and puts the Word editor into a mode for creating e-mail messages. Scripts are not blocked in this mode. An attacker could exploit this vulnerability by sending a specially malformed HTML e-mail containing a script to an Outlook user who has Word enabled as the e-mail editor. If the user replied to or forwarded the e-mail, the script would then run, and be capable of taking any action the user