Importance of Business Continuity/Disaster Plan

Importance of Business Continuity/Disaster Plan

Disaster planning plays an important role for businesses in ensuring they can still operate after natural disasters such as earthquakes and floods, power and energy disruptions, communications and service failure, or other serious disruptions. Disaster recovery and business continuity planning are processes that help organizations prepare for these disruptive events.  These plans help companies stay running during and after natural disasters.

Disaster recovery is the process by which you resume business after a disruptive event. The importance of this recovery plan is that although there are disasters or disruptions that has a high impact on destroying a business, these organizations and institutions with good continuity plans survives. A comprehensive plan forces leaders of the business to review weaknesses and threats to their organizations.

Business continuity planning suggests a more comprehensive approach to making sure you can continue business not only after a natural calamity but also in other challenges that the business face from time to time.

Business continuity plan enables critical services or products to be continually delivered to clients which permits the organization to recover its facility, data and assets. It ensures survival and meet legal and other obligations of an organization. The importance of this plan is that it endeavors to ensure that critical operations continue to be available. It can affect organizations to improve its overall efficiency in identifying the relationship of assets and financial resources to critical services.

            Creating and maintaining a good business continuity and recovery plan helps ensure that an institution has the resources and information needed to deal with emergencies.

The Security of data or the security of the country, Which is more important?

Securing the data of a country is very important. Breaching in the data of a country will cause many bad things to a country; one of these things is that it may shutdown the operation of the whole country. Businesses will eventually go down. Foreign Investors will lose interest to the country. Economy of the country will decline, resulting to crisis. Also, as the privacy of the country exposed, security in defence of the country is also compromised. The country will become an easy target for other powerful countries.

            However, security of the whole country is the most important of all. If the security of the country is ever to shut down, we may lose our country. As the freedom and peace of the country is concern, security of the territory is a must. Many lives are in stake. Also, commemorating the National Heroes Day, we should not forget the sacrifices of our heroes to get the freedom our country wanted. They give their lives to give us the freedom we are now living in.

            As a conclusion, both are important. Both are necessary to maintain the stability of a country. Both can also effect into losing one’s country. We can’t afford to lose our freedom again.

Black Hat vs White Hat

A black-hat hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain.

Black-hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black-hat hackers break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. A black hat hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. Black hat hackers are also known as crackers or dark-side hackers. 

The general view is that, while hackers build things, crackers break things. They are computer security hackers that break into computers and networks or also create computer viruses. The term “black hat” comes from old westerns where the bad guys usually wore black hats and the good guys wore white ones.

The term was coined by Richard Stallman, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration of hacker culture, or the ethos of the white-hat hacker who performs hackerly duties to identify places to repair. 

White hat hackers also identify security weaknesses; but, instead of performing malicious attacks and theft, they expose the security flaw in such a way as to alert the owner that there is a breach so they can fix it before a black hat hacker can take advantage of it. Though they often start out as black hat hackers, white hat hackers sometimes are paid consultants or actual employees of a company that needs its systems protected.

A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them. White-hat hackers may also work in teams called "sneakers", red teams, or tiger teams.

Types of Malicious Codes

Malware

Malware, short for malicious software, is a kind of software that can be installed on a computer without approval from the computer's owner. There are different kinds of malware that can hurt computers, such as viruses and spyware. These programs can steal passwords, delete files, collect personal information, or even stop a computer from working at all. Before the term malware was coined by Yisrael Radai in 1990, malicious software was referred to as computer viruses. The first category of malware propagation concerns parasitic software fragments that attach themselves to some existing executable content. The fragment may be machine code that infects some existing application, utility, or system program, or even the code used to boot a computer system.

Types of malicious codes

Viruses are a kind of malware that need a user-run program to work. They cannot copy themselves or move from one computer to another without a program to host it. Viruses are very common in pirated programs. They can harm computers in many different ways, like deleting files and stealing passwords.

Worms are a lot like viruses and can cause the same kinds of damage. However, they're able to move through the internet and copy themselves onto computers without help from a host program. This makes them more dangerous than a virus. Worms are usually found in emails and drive-by downloads.

Trojan horses are like a much more dangerous version of a virus. They need a user to agree to run a program to work and cannot copy themselves from one computer to another. However, trojan horses can make the same problems a normal virus can make. They can also allow the malware writer to control the victim's computer, install more malware, steal bank data, and more. For example, ransomware is a type of trojan horse that stops a victim from using their files until they pay the person who wrote the malware. Experts think that trojan horses are the most common type of malware in existence.

Adware is a type of malware that earns the program authors money with advertising. These programs show users ads and force them to use websites that make money for the malware writers. Adware will also find personal information about the victim (such as their age, race, and job). This is so the malware authors can sell the information to other people. A user can usually uninstall adware easier than most malware. However, this is still difficult to do without a specially-designed program.

Spyware is a more dangerous kind of adware that steals more information from a user. Spyware can steal someone's Internet traffic, account passwords, and anything they have typed into their computers. Spyware is also much harder to uninstall than adware is.

Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection. Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Some malicious programs contain routines to defend against removal, not merely to hide themselves. An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system:

Backdoor is a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet. Once a system has been compromised, one or more backdoors may be installed in order to allow access in the future, invisibly to the user. The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. It was reported in 2014 that US government agencies had been diverting computers purchased by those considered "targets" to secret workshops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networks around the world. Backdoors may be installed by Trojan horses, worms, implants, or other methods.

Cryptography

CRYPTOGRAPHY came from the Greek word “KRYPTOS” which means “hidden secret”. It is the practice and study of techniques for secure communication in the presence of third parties called adversaries.  Cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering.

Until modern times, cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher  (or cypher) is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext. 

In colloquial use, the term "code" is often used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning. It means the replacement of a unit of plaintext with a code word.

Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so, it is the study of how to crack encryption algorithms or their implementations. The study of characteristics of languages that have some application in cryptography or cryptology.

Before the modern era, cryptography was concerned solely with message confidentiality (i.e., encryption)— conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely the key needed for decryption of that message). Encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.

CIA Triad

The most common type pf security model is the CIA Triad. No, not the Central Intelligence Agency but rather the Confidentiality, Integrity and Availability. This principle is applicable across the whole topic of security analysis, from its users to encrypted data across the internet.

CONFIDENTIALITY
Confidentiality is about protecting the information from disclosure to unauthorized parties. And one of the component of confidentiality is the encryption. Encryption assures that the information will only be read by the right person. One of yhe example of encryption is the SSL. The other ways to ensures information confidentiality include cryptography, file permissions and access control.

INTEGRITY
Integrity refers to protecting information from being changed by unauthorized parties and to keep it accurate. Information only has value to its users when it is correct. Aside from confidentiality cryptography also plays a major part in data integrity. The most used method to keep the integrity is by comparing the data you received with the original data.

AVAILABILITY
Availability of information refers to ensuring that authorized parties are able to access the information when needed. It is important to ensure that the information concerned is readily accessible to the authorized parties any time. Back up is the key to maintain the availability on data. Keeping back ups on important files might be appropriate especially in the times of natural disasters.

The CIA Triad is very significant principle when it comes to security. The 3 elements are important in making any security system. However, there are also other factors aside from the CIA that should be consider in certain scenarios.

ENRON: Sarbanes - Oxley Act

The Sarbanes-Oxley Act of 2002 (often shortened to SarbOx or SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures.

Sarbanes-Oxley Act was named after sponsors U.S. Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. SOX influenced public businesses through transformation of the financial system. As a result of this act, top management must individually certify the accuracy of financial information. In addition, penalties for fraudulent financial activity are much more severe. The bill, which contains eleven sections, was enacted as a reaction to a number of major corporate and accounting scandals which include Enron Corporation.

In 2001, the year of the scandal, Enron Corporation ranked number seven among the largest companies of the United States of America.  It bought and sold gas and oil futures. It built oil refineries and power plants. It became one of the world's largest pulp and paper, gas, electricity, and communications companies before it bankrupted in 2001.

As a result of the scandal, Enron's auditor firm, Arthur Andersen, lost its accreditation. He was accused of applying reckless standards in its audits because of a conflict of interest over the significant consulting fees generated by Enron. The auditor's methods were questioned as either being completed solely to receive its annual fees or for its lack of expertise in properly reviewing Enron's revenue recognition, special entities, derivatives, and other accounting practices.

The downfall of Enron was one of the most momentous corporate scandals and bankruptcies in the history of the United States of America. Enron's complex financial statements were confusing to shareholders and analysts.  In addition, its complex business model and unethical practices required that the company use accounting limitations to misrepresent earnings and modify the balance sheet to indicate favorable performance.

The Enron scandal is one of the biggest corporate collapses in the United States. It demonstrates the need for significant reforms of accounting and corporate governance, as well as the ethical quality of business’ culture not only in the US but also to the businesses around the world. Although SOX Act has negative impacts, I believe that it is for the greater good of the companies to be evaluated, with a purpose of preventing fraudulent accounting practices.