Enterprise Security and Stuxnet Virus: A Networking Design Analysis
VerifiedAdded on 2021/06/15
|16
|3917
|71
Report
AI Summary
This report provides a comprehensive analysis of the Stuxnet virus, detailing its emergence, impact on enterprise security, and implications for networking design. It explores the background of the virus, its target (Iran's nuclear program), and the steps involved in infecting targeted computers, including the exploitation of air-gapped systems. The report examines the relationship between computer viruses and modern industrial systems, emphasizing the vulnerabilities of systems controlled by PLCs. It delves into the impact of Stuxnet on software and physical security, highlighting the virus's ability to manipulate industrial systems and compromise data. The role of Stuxnet in incident management is discussed, as are the reasons why regular antivirus solutions failed to detect the virus. The report concludes with recommendations for preventing future attacks and considerations for next-generation security measures. The report discusses the Stuxnet virus and its impact on enterprise security, including its ability to bypass security measures and affect physical security, and offers insights into prevention strategies.
Running Head: NETWORKING DESIGN 1
Enterprise Security
NAME
COURSE
UNIVERSITY/AFFILIATION
Enterprise Security
NAME
COURSE
UNIVERSITY/AFFILIATION
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
NETWORKING DESIGN 2
Table of Contents
The Executive Summary 3
Introduction to the Enterprise Security 3
Background of Stuxnet Virus and how it was Emerged 4
Steps Involved to Infect the Targeted Computers 4
Relationship between Computer Virus and Industrial Systems 5
Impact of Stuxnet on Modern Industrial Systems 6
Role of Stuxnet in Incident Management 7
How the Stuxnet Propelled over the Air Gap 7
Reasons why Regular Anti-Virus Solution Failed to Detect Stuxnet Virus 8
How Stuxnet Virus Can be Prevented 9
What Next Generation Should Consider 10
Conclusion 11
References 13
Table of Contents
The Executive Summary 3
Introduction to the Enterprise Security 3
Background of Stuxnet Virus and how it was Emerged 4
Steps Involved to Infect the Targeted Computers 4
Relationship between Computer Virus and Industrial Systems 5
Impact of Stuxnet on Modern Industrial Systems 6
Role of Stuxnet in Incident Management 7
How the Stuxnet Propelled over the Air Gap 7
Reasons why Regular Anti-Virus Solution Failed to Detect Stuxnet Virus 8
How Stuxnet Virus Can be Prevented 9
What Next Generation Should Consider 10
Conclusion 11
References 13
NETWORKING DESIGN 3
The Executive Summary
Enterprise security is the process of securing information and data of a certain business or
an organization against any form of attacks such as virus and trojan horses. Information about
any company is very crucial to the management alongside the integrity of its data. Similarly, the
code that is used to develop a system is very important because any alteration in the code can
result in unusual functioning of the entire system. For instance, Stuxnet virus prolonged the
action of the air-gapped computers that were used in Iran to develop the nuclear weapons. This
field also includes the protection of the assets of an organization such as the buildings, furniture
and vehicles from any destruction. Physical security is one of the branches of enterprise security
that is concerned with the entire process of protecting all the resources of an organization against
destruction. Floods and fire are some of the major threats to the assets of any company or an
organization.
Introduction to the Enterprise Security
The term enterprise is associated with a company or an organization that operates to
achieve a certain goal or an objective while security is concerned with protection of data and
information against external attacks or unauthorized access Soomro, Shah & Ahmed (2016).
Enterprise security is the process of securing information and data of a certain business or an
organization against any form of attacks such as virus and trojan horses. The field of enterprise
security has become one of the major vast problems that have been encountered by the
companies and organizations that deal with big data Terzi, Terzi & Sagiroglu (2015). Also, the
new trends in networking such as Internet of Things(IOT) have contributed vastly to the
complexity of securing the data and information of an organization. In addition, the introduction
to the modern complicated systems has contributed immensely to the susceptibility of these
The Executive Summary
Enterprise security is the process of securing information and data of a certain business or
an organization against any form of attacks such as virus and trojan horses. Information about
any company is very crucial to the management alongside the integrity of its data. Similarly, the
code that is used to develop a system is very important because any alteration in the code can
result in unusual functioning of the entire system. For instance, Stuxnet virus prolonged the
action of the air-gapped computers that were used in Iran to develop the nuclear weapons. This
field also includes the protection of the assets of an organization such as the buildings, furniture
and vehicles from any destruction. Physical security is one of the branches of enterprise security
that is concerned with the entire process of protecting all the resources of an organization against
destruction. Floods and fire are some of the major threats to the assets of any company or an
organization.
Introduction to the Enterprise Security
The term enterprise is associated with a company or an organization that operates to
achieve a certain goal or an objective while security is concerned with protection of data and
information against external attacks or unauthorized access Soomro, Shah & Ahmed (2016).
Enterprise security is the process of securing information and data of a certain business or an
organization against any form of attacks such as virus and trojan horses. The field of enterprise
security has become one of the major vast problems that have been encountered by the
companies and organizations that deal with big data Terzi, Terzi & Sagiroglu (2015). Also, the
new trends in networking such as Internet of Things(IOT) have contributed vastly to the
complexity of securing the data and information of an organization. In addition, the introduction
to the modern complicated systems has contributed immensely to the susceptibility of these
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
NETWORKING DESIGN 4
systems to external attacks. There are many categories of enterprise security such as physical
security that deals with protection of data and information alongside machines and other business
assets from destruction Wells, Camelio, Williams & White (2014). The main aim of this paper is
to discuss in detail about Stuxnet that is a computer worm. Also, the paper explains the reasons
why controlling of Stuxnet failed and how it propelled over the air-gap. Besides, the paper
concentrates much on the following three topics; software, operation management and physical
security in respect to Stuxnet.
Background of Stuxnet Virus and how it Emerged
Stuxnet is a computer virus that was discovered in late 2010. It was believed that this virus
was aimed at attacking Iran as a country Singer (2015). This virus can attack computers that
cannot be accessed from the internet. These computers are referred to as air-gapped computers.
They are isolated from the internet hence cannot be connected to other computers. This virus
targeted computers that were used by the government of Iran to develop a nuclear weapon. The
core objective of the Stuxnet virus was to prolong the action of nuclear weapons. In addition, it
was revealed that the virus could cause a great destruction to the targeted computers. Even
though the virus targeted Iran, it was reported that the impacts of the virus were felt in other
countries across the world Singer (2015). This virus was aimed at manipulating the industrial
systems such as water management systems. The structure of Stuxnet is very complicated in
nature. The virus was detected by Belarus antivirus firm.
Steps Involved to Infect the Targeted Computers
The systems that are used to manage industries commonly referred to as Industrial control
systems (ICS) are governed by a series of instructions in programmable logic controllers (PLCs).
systems to external attacks. There are many categories of enterprise security such as physical
security that deals with protection of data and information alongside machines and other business
assets from destruction Wells, Camelio, Williams & White (2014). The main aim of this paper is
to discuss in detail about Stuxnet that is a computer worm. Also, the paper explains the reasons
why controlling of Stuxnet failed and how it propelled over the air-gap. Besides, the paper
concentrates much on the following three topics; software, operation management and physical
security in respect to Stuxnet.
Background of Stuxnet Virus and how it Emerged
Stuxnet is a computer virus that was discovered in late 2010. It was believed that this virus
was aimed at attacking Iran as a country Singer (2015). This virus can attack computers that
cannot be accessed from the internet. These computers are referred to as air-gapped computers.
They are isolated from the internet hence cannot be connected to other computers. This virus
targeted computers that were used by the government of Iran to develop a nuclear weapon. The
core objective of the Stuxnet virus was to prolong the action of nuclear weapons. In addition, it
was revealed that the virus could cause a great destruction to the targeted computers. Even
though the virus targeted Iran, it was reported that the impacts of the virus were felt in other
countries across the world Singer (2015). This virus was aimed at manipulating the industrial
systems such as water management systems. The structure of Stuxnet is very complicated in
nature. The virus was detected by Belarus antivirus firm.
Steps Involved to Infect the Targeted Computers
The systems that are used to manage industries commonly referred to as Industrial control
systems (ICS) are governed by a series of instructions in programmable logic controllers (PLCs).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
NETWORKING DESIGN 5
These instructions are created basing on the windows operating systems Falliere, Murchu &
Chien (2011). First and foremost, the intruders need to gather some information about the
targeted system with an aim of determining the series of instructions that are used to design and
develop the targeted system. There are two ways in which the attackers can obtain these
information that includes using of spywares or approaching one of the programmers of the
system to reveal the set of instructions that are used Falliere et al.(2011). Then, the hackers need
to design and develop a Stuxnet virus using the set of instructions that have been obtained.
Necessary components need to be established such as peripherals and PLCs for testing the
functionality of the virus. The entire process may be completed after a period of about 24 weeks.
Then, some files are included into the virus with an aim of preventing the users of the
system from detecting the changes that have been made in their original code. The attacker needs
to access the digital certificates that must be modified to achieve this process of hiding
changes in the code Falliere et al.(2011). Afterwards, the virus needs to be inserted into the
targeted computers which can be done by an insider through the USB. Once applied, the virus
can then spread to other computers that are connected in a Local Area Network (LAN). The virus
is controlled and managed by a server. The series of instructions that were initially programmed
are changed, and subsequently the modifications are then hidden from the sight of system users.
However, the virus can affect other systems that are not targeted early on by attackers because of
characteristics of the virus to duplicate itself (Falliere et al.(2011).
These instructions are created basing on the windows operating systems Falliere, Murchu &
Chien (2011). First and foremost, the intruders need to gather some information about the
targeted system with an aim of determining the series of instructions that are used to design and
develop the targeted system. There are two ways in which the attackers can obtain these
information that includes using of spywares or approaching one of the programmers of the
system to reveal the set of instructions that are used Falliere et al.(2011). Then, the hackers need
to design and develop a Stuxnet virus using the set of instructions that have been obtained.
Necessary components need to be established such as peripherals and PLCs for testing the
functionality of the virus. The entire process may be completed after a period of about 24 weeks.
Then, some files are included into the virus with an aim of preventing the users of the
system from detecting the changes that have been made in their original code. The attacker needs
to access the digital certificates that must be modified to achieve this process of hiding
changes in the code Falliere et al.(2011). Afterwards, the virus needs to be inserted into the
targeted computers which can be done by an insider through the USB. Once applied, the virus
can then spread to other computers that are connected in a Local Area Network (LAN). The virus
is controlled and managed by a server. The series of instructions that were initially programmed
are changed, and subsequently the modifications are then hidden from the sight of system users.
However, the virus can affect other systems that are not targeted early on by attackers because of
characteristics of the virus to duplicate itself (Falliere et al.(2011).
NETWORKING DESIGN 6
The Relationship between a Computer Virus and the Modern Industrial Systems in
Enterprise Security Developments
Physical security is concerned with the process of protecting human beings alongside
many other assets such as buildings against physical attacks. There are many examples of
physical attacks such as earthquakes and fire Karnouskos (2011). Most of the modern systems
such as train and power management systems are controlled using a computer system that is
vulnerable to attacks. The main reason for incorporating computer software into the modern
systems is to enhance automation and the ease of carrying out some activities using these
systems. In addition, computer related systems facilitate communication between various
departments within an organization to take place with a lot of ease, hence increasing the co-
ordination in these departments Karnouskos (2011). Following these developments, any modern
industrial system can be affected by the computer viruses and worms. There are many computer
viruses such as multipartite and boot, although this paper focus much on the impact of Stuxnet
virus that emerged in the year 2010 on the modern systems.
The Impact of Stuxnet virus on the Software Systems and Physical security
The Stuxnet virus aims at interrupting the industrial systems by changing the set of
instructions that are used to develop the system by programmers and developers thus interfering
with the entire functioning of the software Nourian & Madnick (2015). Therefore, this virus can
influence an software like the Microsoft windows or the software installed in the computer to
carry out an activity or a task in a different way rather than the way it was initially programmed.
The modification of these series of instructions in Programmable Logic Controllers (PLCs)
results in unusual functioning of the industrial systems. These modifications are very small to be
identified by the system users, although they are sometimes realized after a long period Edwards
The Relationship between a Computer Virus and the Modern Industrial Systems in
Enterprise Security Developments
Physical security is concerned with the process of protecting human beings alongside
many other assets such as buildings against physical attacks. There are many examples of
physical attacks such as earthquakes and fire Karnouskos (2011). Most of the modern systems
such as train and power management systems are controlled using a computer system that is
vulnerable to attacks. The main reason for incorporating computer software into the modern
systems is to enhance automation and the ease of carrying out some activities using these
systems. In addition, computer related systems facilitate communication between various
departments within an organization to take place with a lot of ease, hence increasing the co-
ordination in these departments Karnouskos (2011). Following these developments, any modern
industrial system can be affected by the computer viruses and worms. There are many computer
viruses such as multipartite and boot, although this paper focus much on the impact of Stuxnet
virus that emerged in the year 2010 on the modern systems.
The Impact of Stuxnet virus on the Software Systems and Physical security
The Stuxnet virus aims at interrupting the industrial systems by changing the set of
instructions that are used to develop the system by programmers and developers thus interfering
with the entire functioning of the software Nourian & Madnick (2015). Therefore, this virus can
influence an software like the Microsoft windows or the software installed in the computer to
carry out an activity or a task in a different way rather than the way it was initially programmed.
The modification of these series of instructions in Programmable Logic Controllers (PLCs)
results in unusual functioning of the industrial systems. These modifications are very small to be
identified by the system users, although they are sometimes realized after a long period Edwards
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
NETWORKING DESIGN 7
(2014). In addition, these modifications are hidden from the sight of the users. The report from
the recent researches on the field of security and technology has revealed that Iran is one of the
countries that have been affected greatly with Stuxnet worm alongside India and Indonesia. Also,
the report revealed that the Stuxnet virus was developed by the group of experts that were highly
skilled in the field of security.
To the physical security, Stuxnet infringes the physical security of the system or the computer,
taking the files and security credentials, this has really affected the physical security of the
systems as the hence the systems can be easily hacked and manipulated.
The Roles of Stuxnet in Incident Management
An incident management is associated with the process of protecting the computer system
against both the external and internal attacks. Incident management not only deals with the
protection of computer systems but also the protection of people alongside their properties and
buildings from attacks Allen, Karanasios & Norman (2014). Some of the ways that are used to
protect a computer system against external attacks includes the use of firewall that prevents
unauthorized programs from accessing the computer, installation of an antivirus that protects the
computer against virus attacks and the deployment of access control mechanisms like the use of
passwords to access the system. Similarly, people can be protected against any form of disasters
that may be likely to occur very soon. There are many types of disasters ranging from natural to
pandemic disasters. Tsunami and diseases are some of the examples of natural and pandemic
disasters respectively alongside other examples Apvrille, Roudier & Tanzi (2015). Disasters are
very destructive in nature when they occur. This is because they are unpredictable hence, they
can take place at the time that one is least expecting. However, it has been revealed that Stuxnet
(2014). In addition, these modifications are hidden from the sight of the users. The report from
the recent researches on the field of security and technology has revealed that Iran is one of the
countries that have been affected greatly with Stuxnet worm alongside India and Indonesia. Also,
the report revealed that the Stuxnet virus was developed by the group of experts that were highly
skilled in the field of security.
To the physical security, Stuxnet infringes the physical security of the system or the computer,
taking the files and security credentials, this has really affected the physical security of the
systems as the hence the systems can be easily hacked and manipulated.
The Roles of Stuxnet in Incident Management
An incident management is associated with the process of protecting the computer system
against both the external and internal attacks. Incident management not only deals with the
protection of computer systems but also the protection of people alongside their properties and
buildings from attacks Allen, Karanasios & Norman (2014). Some of the ways that are used to
protect a computer system against external attacks includes the use of firewall that prevents
unauthorized programs from accessing the computer, installation of an antivirus that protects the
computer against virus attacks and the deployment of access control mechanisms like the use of
passwords to access the system. Similarly, people can be protected against any form of disasters
that may be likely to occur very soon. There are many types of disasters ranging from natural to
pandemic disasters. Tsunami and diseases are some of the examples of natural and pandemic
disasters respectively alongside other examples Apvrille, Roudier & Tanzi (2015). Disasters are
very destructive in nature when they occur. This is because they are unpredictable hence, they
can take place at the time that one is least expecting. However, it has been revealed that Stuxnet
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
NETWORKING DESIGN 8
virus can be used to prevent some disasters that are encountered by human beings especially the
military attacks as explained below.
How the Stuxnet Propelled over the Air Gap
Basically, an air gap is associated with computers that have been separated from the internet
and therefore, cannot be accessed or interact with other computers. These computers are
protected from any form of attacks and unauthorized access Lendvay (2016). The intruders and
hackers can only gain access to a computer that has been connected to the internet. However,
these computers can be accessed only by using external storage tools like the USB and flash
disks. For instance, Iran was developing a nuclear weapon using the air-gapped computers that
could have been very harmful to the lives of many people in the world. Unfortunately, the
Stuxnet virus infected their computers, hence increased the time taken by the nuclear weapon to
exploit Lendvay (2016). The virus aimed at increasing the time for explosion to make Iran
government into believing that it cannot develop a nuclear weapon. These Stuxnet viruses were
developed by US and Israel. These two countries got the information about the codes that were
used to develop the nuclear weapon. It is believed that there was a person within Iran who
inserted the USB that contained the viruses into the air-gapped computers.
Reasons why Regular Antivirus Solution Failed to Detect
the Stuxnet Virus
There are many reasons that contributed to the undetected nature of the Stuxnet Virus. This
virus can be used to prevent some disasters that are encountered by human beings especially the
military attacks as explained below.
How the Stuxnet Propelled over the Air Gap
Basically, an air gap is associated with computers that have been separated from the internet
and therefore, cannot be accessed or interact with other computers. These computers are
protected from any form of attacks and unauthorized access Lendvay (2016). The intruders and
hackers can only gain access to a computer that has been connected to the internet. However,
these computers can be accessed only by using external storage tools like the USB and flash
disks. For instance, Iran was developing a nuclear weapon using the air-gapped computers that
could have been very harmful to the lives of many people in the world. Unfortunately, the
Stuxnet virus infected their computers, hence increased the time taken by the nuclear weapon to
exploit Lendvay (2016). The virus aimed at increasing the time for explosion to make Iran
government into believing that it cannot develop a nuclear weapon. These Stuxnet viruses were
developed by US and Israel. These two countries got the information about the codes that were
used to develop the nuclear weapon. It is believed that there was a person within Iran who
inserted the USB that contained the viruses into the air-gapped computers.
Reasons why Regular Antivirus Solution Failed to Detect
the Stuxnet Virus
There are many reasons that contributed to the undetected nature of the Stuxnet Virus. This
NETWORKING DESIGN 9
virus was not discovered for a period of more than one year by the antivirus solutions
Karnouskos (2014). The virus was examined using all the available antivirus solutions before it
was applied to the computers in Iran. In addition, the virus was still new, so it was not
incorporated into the antivirus solutions through updating the solutions Karnouskos (2014). The
rootkit was incorporated into the virus development process; hence it was not easy to be detected
by the antivirus solutions. The virus was very complicated in nature as it had the following
features:
The virus used zero-day exploits which is a weakness in a certain software that has
not yet been discovered by the experts and developers.
The virus has the capability of infecting the PLCs that are targeted only.
The ability to identify other computers that are connected with a LAN.
The activities of this virus take place in computer memory, therefore, preventing
any objects that can be traced to show that the virus is existing within the system.
The virus has the ability of updating automatically.
The virus has the capability of keeping the track of all infections that it has caused
to the targeted computers.
The compromised digital certificates are used to hide the changes that have been
made in the code.
It has the ability of changing its scale automatically enabling the computer to
spread the virus to the maximum of about three computers only.
The virus conceals itself under the legit applications of the computer system.
The virus utilizes all the antivirus solutions; hence cannot be detected by these
solutions as a result .
virus was not discovered for a period of more than one year by the antivirus solutions
Karnouskos (2014). The virus was examined using all the available antivirus solutions before it
was applied to the computers in Iran. In addition, the virus was still new, so it was not
incorporated into the antivirus solutions through updating the solutions Karnouskos (2014). The
rootkit was incorporated into the virus development process; hence it was not easy to be detected
by the antivirus solutions. The virus was very complicated in nature as it had the following
features:
The virus used zero-day exploits which is a weakness in a certain software that has
not yet been discovered by the experts and developers.
The virus has the capability of infecting the PLCs that are targeted only.
The ability to identify other computers that are connected with a LAN.
The activities of this virus take place in computer memory, therefore, preventing
any objects that can be traced to show that the virus is existing within the system.
The virus has the ability of updating automatically.
The virus has the capability of keeping the track of all infections that it has caused
to the targeted computers.
The compromised digital certificates are used to hide the changes that have been
made in the code.
It has the ability of changing its scale automatically enabling the computer to
spread the virus to the maximum of about three computers only.
The virus conceals itself under the legit applications of the computer system.
The virus utilizes all the antivirus solutions; hence cannot be detected by these
solutions as a result .
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
NETWORKING DESIGN 10
How Stuxnet Virus can be Prevented
Currently, there is no any antivirus that can protect a system against Stuxnet attacks. Also,
the antivirus cannot detect the presence of Stuxnet virus because of its nature of hiding the
changes in the code Hills (2016). However, this virus can only be prevented using the following
methods:
Using of redundancy in LANs to detect errors in the functionality of the system.
Redundancy is the ability of making several instances of the same object so that it
can be used in case the system has developed some problems with its functioning.
The application of user control mechanisms to the systems. This can be implemented
through authentication methods such as username and password, although biometrics
is the most preferred way. The users that can log in to the system are validated before
gaining access to the system, hence preventing unauthorized people like intruders
and hackers from entering into the system without the consent of system users.
The systems can be separated from the internet. This can protect the system from
hacking attacks. The computers that are connected to the internet are susceptible to
attacks that can lead to an attacker gaining some access to an important and
confidential information regarding the company and an organization.
Disabling computer ports from functioning. Examples of computer ports include
USB and HDMI ports. This can prevent the transferring of the virus into the
computer systems via the computer ports .
How Stuxnet Virus can be Prevented
Currently, there is no any antivirus that can protect a system against Stuxnet attacks. Also,
the antivirus cannot detect the presence of Stuxnet virus because of its nature of hiding the
changes in the code Hills (2016). However, this virus can only be prevented using the following
methods:
Using of redundancy in LANs to detect errors in the functionality of the system.
Redundancy is the ability of making several instances of the same object so that it
can be used in case the system has developed some problems with its functioning.
The application of user control mechanisms to the systems. This can be implemented
through authentication methods such as username and password, although biometrics
is the most preferred way. The users that can log in to the system are validated before
gaining access to the system, hence preventing unauthorized people like intruders
and hackers from entering into the system without the consent of system users.
The systems can be separated from the internet. This can protect the system from
hacking attacks. The computers that are connected to the internet are susceptible to
attacks that can lead to an attacker gaining some access to an important and
confidential information regarding the company and an organization.
Disabling computer ports from functioning. Examples of computer ports include
USB and HDMI ports. This can prevent the transferring of the virus into the
computer systems via the computer ports .
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
NETWORKING DESIGN 11
What the Next Generation Should Consider
It’s believed that the complexity of the industrial systems will increase in some
years to come. A system will be made of independent complicated components that are
connected and synchronized to achieve a certain goal or purpose Chang, Kuo & Ramachandran
(2016). These systems will not only increase their processing power, but also their functionality
will increase because of synchronization. Also, the major trends in the field of Information
Technology (IT) such as the cloud computing technology will be more advanced and adopted by
all the companies and the organizations. Besides, the management of these systems will be very
easy, although they will be very sensitive. The systems will be scalable. This property will make
it possible to extent and expand the system with a lot of ease and comfort by incorporating the
new soft wares into it without resulting in conflicts. The interaction between different systems
within an organization will increase Karnouskos (2014).
However, the security of these systems will be quite tricky. In addition, the
susceptibility of these systems to attacks will increase. For instance, deadly computer viruses like
the flame and the Stuxnet will be very difficult to be identified and controlled due to complexity
of these systems; hence these systems will be prone to malfunctioning Chang et al.(2016).
Therefore, the future generation should be more vigilant and prepared to deal effectively with the
security of these systems. For instance, very advanced antivirus solutions should be developed
by security experts to deal with the risks in the systems.
Part 2
i. Exposure factor is 1 when the all the values will be lost, in percentage it will be
(1/100)*100%= 1%
What the Next Generation Should Consider
It’s believed that the complexity of the industrial systems will increase in some
years to come. A system will be made of independent complicated components that are
connected and synchronized to achieve a certain goal or purpose Chang, Kuo & Ramachandran
(2016). These systems will not only increase their processing power, but also their functionality
will increase because of synchronization. Also, the major trends in the field of Information
Technology (IT) such as the cloud computing technology will be more advanced and adopted by
all the companies and the organizations. Besides, the management of these systems will be very
easy, although they will be very sensitive. The systems will be scalable. This property will make
it possible to extent and expand the system with a lot of ease and comfort by incorporating the
new soft wares into it without resulting in conflicts. The interaction between different systems
within an organization will increase Karnouskos (2014).
However, the security of these systems will be quite tricky. In addition, the
susceptibility of these systems to attacks will increase. For instance, deadly computer viruses like
the flame and the Stuxnet will be very difficult to be identified and controlled due to complexity
of these systems; hence these systems will be prone to malfunctioning Chang et al.(2016).
Therefore, the future generation should be more vigilant and prepared to deal effectively with the
security of these systems. For instance, very advanced antivirus solutions should be developed
by security experts to deal with the risks in the systems.
Part 2
i. Exposure factor is 1 when the all the values will be lost, in percentage it will be
(1/100)*100%= 1%
NETWORKING DESIGN 12
ii. SLE = asset value* EF= 1000*1=1000
iii. ARO is estimated frequency risk occurring in 1year 1/20
iv. ALE= SLE*ARO= 1000*(1/20)= 50
v. When 300 is placed, the EF is then reduced by factor of 10 which was initially 500
vi. The SLE when 300 is placed will be 10*1000= 10000
vii. ARO when 300 is placed, then this is reduced by 50% =1/20*50%=
1/20*50/100=2000/50= 40
viii. ALE when 300 is placed is 40*10000 = 400000
ix. Russian safeguard at 300 is $15 millions
x. Chinese HQ18 safeguard at 300 is $7.5 million
xi. Yes, it should be implemented since its cost effective
Part 3
ADM stands for Architecture Development Method
TOGAF standard is A method for developing Technology Architectures.
Basic structure of ADM
The basic structure of the ADM cycle is as follows, Preliminary - Architecture vision - then
Requirement management
The most likely requirement in our scenario is Interoperation with other financial institutions,
both nationally and internationally, this is where the TOGAF standard is impacted.
ii. SLE = asset value* EF= 1000*1=1000
iii. ARO is estimated frequency risk occurring in 1year 1/20
iv. ALE= SLE*ARO= 1000*(1/20)= 50
v. When 300 is placed, the EF is then reduced by factor of 10 which was initially 500
vi. The SLE when 300 is placed will be 10*1000= 10000
vii. ARO when 300 is placed, then this is reduced by 50% =1/20*50%=
1/20*50/100=2000/50= 40
viii. ALE when 300 is placed is 40*10000 = 400000
ix. Russian safeguard at 300 is $15 millions
x. Chinese HQ18 safeguard at 300 is $7.5 million
xi. Yes, it should be implemented since its cost effective
Part 3
ADM stands for Architecture Development Method
TOGAF standard is A method for developing Technology Architectures.
Basic structure of ADM
The basic structure of the ADM cycle is as follows, Preliminary - Architecture vision - then
Requirement management
The most likely requirement in our scenario is Interoperation with other financial institutions,
both nationally and internationally, this is where the TOGAF standard is impacted.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.