Introduction
The evolution and development of technology have led to organizations becoming inculcating information technology into their operations. Therefore, this has resulted in it also becoming highly vulnerable to cyberattacks. The conventional computer security technologies used to prevent such attacks relied on four principles, which include confidentiality, integrity, availability, and theft (Nweke, 2017).
However, one weakness with such systems was that they were relatively ineffective in large-scale and complex infrastructure. This inefficiency led to Amoroso designing a comprehensive methodology that consisted of several basic designs and operational principles intended to address all security vulnerabilities evident in conventional security principles. This paper aims to compare and contrast diversity and commonality, which are principles of the proposed methodology.
Diversity
Diversity is described as the introduction of intentional variations into computers, software, applications, networks, and systems. These differences can be in the form of key attributes, such as programming language, vendor source, operating system, deployment approach, and the software version, among others. Diversity is an excellent technique that functions towards increasing resilience against malicious attacks; nevertheless, it is still under-represented in infrastructure protection. This is primarily because, in the sphere of computing, organizations are defined by a common set of standards and auditable practices; thus, they have common approaches to systems operation. Another reason for avoiding diversity is that it has higher purchasing and implementation costs.
Commonality
The commonality is at odds with diversity as non-diverse, and standard operating systems characterize it. Specific desirable security attributes have to be presented in all areas and aspects of information technology to guarantee resilience against malicious attacks. These desirable security attributes are jointly referred to as security best practices. Some of the security best practices in organizations comprise managing the integrity of servers, periodic scanning of systems, installation of programs for security awareness, and routine penetration testing of networks. Moreover, these security best practices function as security standards against which auditors measure and ascertain the compliance of organizations.
Diversity Benefits vs Commonality Benefits
By introducing diversity into a system, the system is made entirely resilient to malicious attacks; hence, the response costs associated with such attacks are reduced. Currently, most computers have a mono-instruction architecture such as Windows ® -the based operating system on an Intel ® platform with Internet Explorer ®. This commonality makes the typical systems to be highly predictable; thus, adversaries can easily develop malicious software to attack the vulnerabilities present.
Diversity in terms of desktop computing systems, cloud computing, network technology, and physical characteristics of the systems tend to reduce the probability of threat realization and minimize the impact should the threat be realized. Diversity can be embraced in several levels of functionality. For instance, since the malicious software created by attackers is architecture-specific, in a diverse environment, the creation and use of botnets might be challenging (Lu, Wang & Wang, 2015).
This is because, in such situations, the botnets and worms find it challenging to locate systems that consistently meet the criteria that they were designed for; hence, their propagation will cease. Furthermore, it is essential to note that diversity stops the spread of worms, even in the absence of human intervention. However, although diversity has substantial benefits to the prevention of malicious attacks, it is often not embraced by both computing vendors and end-users as it is associated with high implementation costs.
Organizations often embrace commonality as they are cheaper to implement. Furthermore, commonality ensures that no component of the infrastructure is either left completely unguarded or poorly managed. This is because the security standards used during audit evaluations emphasize adherence to several security best practices (Glover, Taylor & Wu, 2017). Therefore, based on the results of the audits, organizations that have been identified to possess security best practices that are below the minimally acceptable level can quickly identify and introduce new practices (Glover et al., 2017). The anticipated effect is that the pre-audit state will evolve into a more improved post-audit state. However, its disadvantage that it rarely introduces new practices in organizations above the minimally acceptable level.
Conclusion
The utilization of diversity and commonality in the information technology systems of organizations is a controversial topic. This because they each have distinct benefits and disadvantages. Diversity and commonality compete based on their cost savings, application interoperability, and support and training processes. However, diversity is comparatively the best measure as the high initial purchasing costs are neutralized by the reduced response costs linked to preventing malicious attacks. Moreover, the security standards in commonality are measurable but not meaningful.
References
Glover, S., Taylor, M., & Wu. Y. (2017). Current practices and challenges in auditing fair value measurements and complex estimates: Implications for auditing standards and the academy. A Journal of Practice & Theory, 36(1), 63-84. Web.
Lu, Z., Wang, W., & Wang, C. (2015). On the evolution and impact of mobile botnets in wireless networks. IEEE, 15(9), 2304-2316. Web.
Nweke, L.O. (2017). Using the CIA and AAA models to explain cybersecurity activities. PM World Journal, 6(12), 1-3.