Buffer Overflow Attacks and Risk Mitigation: An In-Depth Analysis with Business Continuity Plans

Introduction

Buffer overflow attacks are among the most common security threats experienced in the last ten years (Zegeye & Sailio, 2015). The buffer overflow vulnerability can impose and run the attack code. Therefore, the attack's objective is to alter the functions of a privileged program and provide the attacker with control over it. This security attack area has become obvious and so cheap to exploit (Zegeye & Sailio, 2015). This study seeks to discuss the principle of exploits based on Buffer-Overflow Attacks concerning; Mitigating Risk with Business Continuity Plans (BCPs), turning Risk Assessment into a Risk Mitigation Plan mitigating Risk with a Business Impact Analysis.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Risk Assessment and Mitigation Plan

Risk Assessment for IT Infrastructure

Risk Assessment is the process of identifying and evaluating threats and countermeasures and giving risk mitigation measures to the problem (Gibson, 2914). It is essential to focus on the risks in the IT infrastructure and confirm the countermeasures risks. For instance, in in-place countermeasures, only some may need to be reconfigured or upgraded, while others may require replacement (Gibson, 2914). On the other hand, planned countermeasures are risk that already has an implementation date while approved countermeasures are the controls previously approved. Equally important, overlapping countermeasures play a very good task in reducing or resolving the IT sector (Zegeye & Sailio, 2015).

Once the assessment process is over, mitigation measures should be in place for action. However, the time, cost, and operational factors should be considered (Gibson, 2914). Notably, once all the threats, vulnerabilities, and countermeasures have been evaluated and assessed in the IT sector, results could be used in the mitigation process. For instance, in the case of overlap, we can use the Intrusion Detection System (IDS) for server protection to detect scans and send e-mail notifications (Zegeye & Sailio, 2015).

Mitigating Risk and Business Impact Analysis

In a business set-up, the operations are vulnerable to threats and face risks caused by internal and external factors (Gibson, 2914). However, certain aspects could take advantage to exploit the vulnerability prevailing. Business Impact Analysis refers to a study that pinpoints the impacts that can cause threats in business. Notably, most business organizations operate using various Technological Infrastructures, which face a big threat from buffer overflow exploitations (Zegeye & Sailio, 2015). To curve the dangers, the Maximum Acceptable Outage (MAO) is used to pinpoint the system's maximum acceptable downtime; for instance, the business experiences loss if the MAO time is below an outrage. Critical Business Functions (CBF) contains only essential company information. Therefore, the CBF of the system fails; the business cannot operate effectively. Critical Success Factors carry company information necessary for company mission, for example, the availability of the network; if the network is poor, the company is likely to fail. BIA could be used to minimize the chances of risks coming with IT infrastructures to an organization.

Mitigating Risk and Business Continuity Plans (BCPs)

Business Continuity Plans (BCPs) are a strategy designed to enable a business to continue operating even when the infrastructures fail (Gibson, 2914). These disruptions could be software and hardware infections. Understandably, this illustrates the level at which security threats may keep exploiting an organization. To mitigate these risks, BCP provides the Mission-Critical Systems used to keep the organization functioning by identifying critical business functions and processes, essential IT services, and other necessary hardware, all supporting the Critical Business Functions.

References

Gibson, D. (2014, July). Managing Risk in Information Systems. Jones and Bartlett Learning. 2nd Edition. 9781284055955

https://www.oreilly.com/library/view/managing-risk-in/9781284055955/Zegeye, L., & Sailio, M. (2015, September). Vulnerability database analysis for 10 years for ensuring security of cyber critical green infrastructures. In AFRICON 2015 (pp. 1-5). IEEE.

https://ieeexplore.ieee.org/abstract/document/7332048/