Wednesday, May 6, 2020

Information Security Policy Wireless Devices

Question: Discuss about the Information Security Policy for Wireless Devices. Answer: Introduction The study has helped in understanding the landscape report of ENISA for the year 2014. The analysis has been divided into ten sections with each part consisting of the importance of security in information system. The report has explained the different important features of security infrastructure for ENISA. Overview of the ENISA report The provided case study is about ENISA which is an acronym for European Union Agency for Network and Information Security. The ENISA organization has been built with the intention for improvement of the network security (ENISA Threat Landscape 2014 ENISA, 2016). The informatics of European Unions and its private sector, members and European citizen have to keep the data and information about the states secured from any immediate or long term threats (Bora Singh, 2013). The primary concept for the security of the information and data collected has been resulted due to the Threat landscape report generated by ENISA in 2014 (Louis Marinos, 2013). The report contains the development and growth of the cyber threats to the information stored. There have been many international cases for lack of security threat from the information stored over the government database of Europe union. There have been major changes in the functionality of the threats that have resulted in increasing the major complexities of the attack. There have been approaches for resolving the threat for the information system such as implementation of the law operations for operations and international security vendors (Louis Marinos, 2013). All these options would be helpful in minimizing the threat of the cyber attacks on the information system. The case study has provided the overview of various threats and their emergence and extents such as email spam, information misuse and leakage, cyber espionage and bonnets (Bora Singh, 2013). The duration for cumulating of the report was from the 2013 December to 2014 December (almost a year) (ENISA Threat Landscape 2014 ENISA, 2016). The attackers and the cyber criminals have targeted the private and confidential data of the individuals and the state. The report would highlight these issues in details to the developer and specialists of informatio n security experts of cyber threats. Suggested Network Security Infrastructure Figure 1: Network Security Infrastructure Framework (Source: Created by the author) Identification of the Strategies for dealing with Internal Threats Diagrams for explaining Strategies of Cyber Securities of ENISA The following figure could help in understanding the strategies for security of the information from internal threats: . Figure 2: Strategies for Dealing with internal cyber-threat (Source: Created by the author) Description of the Cyber Securities Strategies The description of the strategies made for dealing with the information security threats are provided below: Visual security options: the internal threats of the information system can be easily managed if proper visual security is established (Peltier, 2016). The control over the primary threats has helped the system to identify the formation of general threats to the system. The technological development is just one part of the system problem, there are many other ways by which there are options for cyber hacking into the system. User generated reports: the user generated report is crucial for understanding the extent to which the information system may be hampered by cyber attacks (Bryan, 2013). The detailed description of any attack and it consequences are always made from the help of user generated report or log on the attacked information system. The user generated reports would act as a risk assessment for the threats of information system. Formation of better identity security: The probabilities of information security lax can be minimized by the assessment of risk factors in information security (Von Solms Van Niekerk, 2013). The chances of the information being leaked or theft can be reduced by the implementation of better security options. Each of the threat or breaches can be recognized for solving the problems that has been occurred due to the threats of the system. Surveillance of information system: it has been seen that there are number of information databases available (Ogut, 2013). These databases consist of different types of information. The threat or risk for the information can be defined with the types of database used for storing the information. The information stored over can be relevant for intellectual, financial, transaction based, or of unknown type. The surveillance of the information database type would help in understanding the risk and threat related to the information system. Analysis and Justification of the most significant threat (identity theft) Analysis: Identity theft can be defined as the way by which one person or network or tool disguise as the authorizing party in the system or network (Reyns, 2013). In information system, a user is generally the authority provider. The authority provider generally assigns any password or question for getting whether to authorize or authenticate the user for accessing the information system or not. In all the cases provided in the report by ENISA, there have been mentioned various threats such as malicious code (Worms/Trojan), botnets, DNS, spam, phishing, identity theft, data breaches etc. Among these threats, Identity theft is the most significant one as it involves impersonating the authorizing body/user for extracting information from the system (Kahn Linares-Zegarra, 2015). This type of cyberattack has been primarily used for collecting private and confidential information and data. Justification: Identity theft is responsible for stealing of credentials, financial information, and personal profile, information about credit card, access codes, and technical identification of individual. Identity theft can also result in data breach and information leakage (Holtfreter et al., 2015). There have been numerous occasions when identity theft has led to the misuse of information system and data stored. The ENISA report has stated that over 50% of the people has already suffered from the identity theft. The victims have been facing these troubles due to the lack of the security measures in their information system. The information system requires proper authentication process for making sure that the information is well protected (Kahn Linares-Zegarra, 2015). The hackers and cyber criminals utilize the weak security of the information system for getting, fetching or extracting the information from the database. Identifying the key agents of threat on the information system As stated in the report of ENISA, there are numerous threat agents that are found in the cyber activities. Some of them hold high distinct in disrupting the social, financial and national security. They are Cyber Criminals, Cyber terrorists, Social account hackers, and online transaction frauds (Kirsch et al., 2013). Cyber criminals are pros who actively harm the society by illegal activities such as blackmailing someone or sending viruses on different networks and computerized systems. Cyber terrorists are much harmful for peoples lives and national security. They are involved by terrorist groups for disabling national security or getting inside information about the nation, army, air force or navy. Social account hackers are the people who get into the social accounts of people and do activities such as information theft, spamming the account or unwanted posting on the account (Fellner, Sausgruber Traxler, 2013). Online transaction frauds are basically the frauds who hacks the ban k accounts or do online credit card expenses from someone else information. Developing Solutions for minimizing the effect of threat agents The online frauds can be minimized by following some steps such as: Two step authentication process- The security of the password in not enough to stop the cyber thieves from getting into ones account for extracting the information (Peltier, 2016). There are various tools for hacking into the account. However, if two step verification or authentication process is used, it is possible for minimizing the threat of hackers or cyber criminals. Antivirus and Firewall- Antivirus is very useful for detecting any unusual activity on the system (Bryan, 2013). It would forbid any third party for getting into the account. Firewall is the best solution for protecting the network hacking. Literature review of the Social hacking issues Article: You need to update your iPhone RIGHT NOW or run the risk of a devastating hack attack Sourced from: (The Sun, 2016) Available at: https://www.thesun.co.uk/news/1677166/you-need-to-update-your-iphone-right-now-because-something-terrifying-has-happened/ The article has shown the issue of the cyber espionage for the apple users. The Apple Inc. has come to know that many hackers are using cyber espionage for hacking the security of I-phone and I-pad users (Brown, 2016). The cyber security team of Apple Inc. has found out that there have been some cases of hacking in the apple devices and they have termed it to be the most sophisticated and advanced technical attack on devices they have ever faced. One click on the link sent via mail or message and the device will get hacked for drainage or extraction of information (Apple issues urgent alert to update your iPhone, iPad, 2016). The security of the device would be compromised and the device would transmit all the data and information to the spammer. The company had identified the vulnerabilities of the current system of Apple devices with the help of Lookout (Brown, 2016). Mike Murray of lookout had stated that the information such as phone call, message, contacts, images, documents all could be transferred using the spamming mail. The social hacking has resulted in disrupting the financial stability of Apple Inc. The company had to form security policies for checking the issues with the system threats. It had caused the company with loss from financial point of view and also from the market name. The brand image of the company had also suffered from loss due to this spamming security threat (Apple issues urgent alert to update your iPhone, iPad, 2016). The other issues Apple Inc has to face due to the cyber espionage are information loss, privacy compromising and reputation distorting. Discussing trends of the probabilities of threat agents Figure 3: Trends in the threat probabilities (Source: Eldardiry et al., 2013, pp.-50) The trends of threat probabilities have been shown in the figure above and their respective changes are also been shown. The explanation of the major threats is been discussed below: Malicious codes (Trojans and worms): In the ENISA report, the malicious codes such as Trojans and worms have increased their impact on the system security (Eskandari Hashemi, 2012). The use of such malware attacks have increased extensively over the passage of year. Identity theft: Identity theft is the way by which the identity of the authorizing party is faked for getting in the system or network (Navarro Jasinski, 2014). The identity theft cyber attack has been primarily used for collecting private and confidential information and data. Botnets: There has been increase in the number of the attacks using Botnets. In this type of attack, the networks of computer systems are being infected using some malicious software (Alomari et al., 2012). The computer system is controlled by the hackers and it is used for sending information and spam without the consent of the owner/user. Denial of Service (DOS): The report of ENISA has shown that there has been rise in the number of the DOS attacks on the information system. The hackers and cyber criminals create a chain of queries using loop feature (Alomari et al., 2012). The system would get continuous flow of fake queries and hence when the user generates any query, the query is not followed up as the system is busy. It is termed as denial of service. Data breach and Information leakage: The data breach is a result of security lax and advanced technological development for hacking methods (Navarro Jasinski, 2014). The data breach has been initiated with the prospect of information theft and data leakage. The system would be hacked into after bypassing the security of the information system. The sensitive, protected and confidential information would be extracted from the information system for personal gain. Methods for improving the ETL or Extract Transform Load process ETL is the process of the extraction data from the source data ware housing, transformation of the data with the queries generated and load ensures that the process is correctly done for acquiring the desired result (Bhide, Mittapalli Padmanabhan, 2016). It is a straight forward process. However, there are chances that the process may fail. Hence some suggestions are pointed out below for improving the ETL process: Incremental data loading: The data and the modifications of the system must be loaded in an incremental way for ensuring the data consistency (Oliveira Belo, 2016). If instead of compiling the whole list of data only the alterations are complied, it would reduce the changes of redundancy in the information system. Implementation of Bottleneck tackling: The process has been formed with long and heavy procedures for data compilation (Akbar, Krishna Reddy, 2013). The attenuation of log metrics and evaluation of the processes with the span of time would help in developing the solution of bottleneck issue by jumping to the actual code. Data Caching: There is ample amount of the data stored in the information system (Oliveira Belo, 2016). The cache system would help in increasing the pace of the information processing. The memory of the information data base would also be saved if caching is allowed. Minimization of load: The load of data such as long tables and extraneous data must be reduced for making the process effective and efficient. The large tables of the databases must be decreased in size by using the partition feature (Bhide, Mittapalli Padmanabhan, 2016). It would help in easy identification and extraction of the information when needed. The data must be collected and unnecessary data must be omitted from the data base. Identification and Explanation of the most challenged emerging threat The following figure has shown some of the most dangerous threats for the information system: Figure 4: Emerging threats and their trends on computerized system (Source: Akbar, Krishna Reddy, 2013, pp.- 197) There are a number of crucial emerging threats to the information system security and some of them are DOS attack, malicious codes, web applications, physical theft, data loss, phishing, information leakage, cyber espionage, and data breaches (Zhang et al., 2016). All these attacks would result in harming the overall security of the information system. However among these emerging threats, the impact of malicious codes is very crucial on the information system security. The malicious codes have a number of impacts on the information system security such as: It causes the decrease of the efficiency and pace of the information system activities. The attacker of the malicious codes can use it for gaining total control over the system and extracting information for personal gain (Alazab, 2015). The malicious codes can even crash the system and erase the data and information. The malicious codes can cause harm to the display and outcomes of the processes. It would result in continuous display of the error message. The malicious codes would result in disruption of the system from its activities and operations. The malicious codes can be used for the identity theft and it would cause the infiltration of the secured private and confidential data and information (Alazab, 2015). The malicious codes can be used for sending spam from ones system and account or system (Zhang et al., 2016). Justifying the security condition of UNISA The security protocols of UNISA are not satisfactory. There has been improvement of the information system security and it has helped in dealing with the information system security (Morris, Vaughn Sitnikova, 2013). The security policies of UNISA consist of identification of threats, knowledge of internal security threats, identifying the data and information system breaches, risk assessment for the emerging threats, and even analyzing of physical threats to the information system. All these policies have helped in securing the information system of UNISA. However the threats of DOS, malicious threats and identity theft are still on large for their system. The Denial of Service, identity theft and malicious codes are still available for disturbing the security and integrity of the information system (Glasser Taneja, 2014). UNISA still have to deal with issues from these emerging threats for forming a secured information system. Malicious codes have been used for disturbing the processes of the information system and getting the private and confidential information using the identity theft. DNS is just used for ceasing the activities by overflowing the system with loops of fake queries. Conclusion Hence UNISA has to develop new policies for meeting the growth and development of the emerging technological threats to the information system. The authentication using two step verification processes would help in reducing the probabilities of the identity theft. IDS or IPS would help in detecting and preventing any intrusion in the system (Liao et al., 2013). The antivirus and firewall security would help in preventing malicious codes in information system. References Akbar, K., Krishna, S. M., Reddy, T. V. S. (2013). ETL process modeling in DWH using enhanced quality techniques.International Journal of Database Theory Application,6(4), 179-197. Alazab, M. (2015). Profiling and classifying the behavior of malicious codes.Journal of Systems and Software,100, 91-102. Alomari, E., Manickam, S., Gupta, B. B., Karuppayah, S., Alfaris, R. (2012). Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art.arXiv preprint arXiv:1208.0403. Apple issues urgent alert to update your iPhone, iPad. (2016).ABC7 New York. Retrieved 20 September 2016, from https://abc7ny.com/business/apple-issues-urgent-alert-to-update-your-iphone-ipad/1486196/ Bhide, M. A., Mittapalli, S. K., Padmanabhan, S. (2016).U.S. Patent No. 9,311,368. Washington, DC: U.S. Patent and Trademark Office. Bora, M. S., Singh, A. (2013). Cyber Threats and Security for Wireless Devices.Journal of Environmental Science, Computer Science and Engineering Technology (JECET),2, 277-284. Brown, A. (2016).Apple issues URGENT iPhone update after attempted hack using 'most sophisticated spyware'.Express.co.uk. Retrieved 20 September 2016, from https://www.express.co.uk/life-style/science-technology/704148/iPhone-iOS-9-3-5-Update-Now-Cyber-Espionage-Hack Bryan, L. L. (2013).Effective strategies for small business leadership in information security: An ex post facto study(Doctoral dissertation, UNIVERSITY OF PHOENIX). Eldardiry, H., Bart, E., Liu, J., Hanley, J., Price, B., Brdiczka, O. (2013, May). Multi-domain information fusion for insider threat detection. InSecurity and Privacy Workshops (SPW), 2013 IEEE(pp. 45-51). IEEE. ENISA Threat Landscape 2014 ENISA. (2016).Enisa.europa.eu. Retrieved 20 September 2016, from https://www.enisa.europa.eu/publications/enisa-threat-landscape-2014 Eskandari, M., Hashemi, S. (2012). A graph mining approach for detecting unknown malwares.Journal of Visual Languages Computing,23(3), 154-162. Fellner, G., Sausgruber, R., Traxler, C. (2013). Testing enforcement strategies in the field: Threat, moral appeal and social information.Journal of the European Economic Association,11(3), 634-660. Glasser, D., Taneja, A. (2014). A Routine Activity Theory-Based Framework for Combating Cybercrime.Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance, 398. Holtfreter, K., Reisig, M. D., Pratt, T. C., Holtfreter, R. E. (2015). Risky remote purchasing and identity theft victimization among older Internet users.Psychology, Crime Law,21(7), 681-698. Kahn, C. M., Linares-Zegarra, J. M. (2015). Identity theft and consumer payment choice: Does security really matter?.Journal of Financial Services Research, 1-39. Kirsch, J., Siltanen, C., Zhou, Q., Revzin, A., Simonian, A. (2013). Biosensor technology: recent advances in threat agent detection and medicine.Chemical Society Reviews,42(22), 8733-8768. Liao, H. J., Lin, C. H. R., Lin, Y. C., Tung, K. Y. (2013). Intrusion detection system: A comprehensive review.Journal of Network and Computer Applications,36(1), 16-24. Louis Marinos, E. N. I. S. A. (2013). ENISA Threat Landscape 2013.European Network and Information Security Agency. Morris, T. H., Vaughn, R. B., Sitnikova, E. (2013, January). Advances in the protection of critical infrastructure by improvement in industrial control system security. InProceedings of the Eleventh Australasian Information Security Conference-Volume 138(pp. 67-73). Australian Computer Society, Inc.. Navarro, J. N., Jasinski, J. L. (2014). Identity theft and social networks.Social networking as a criminal enterprise, 69. Ogut, H. (2013). The configuration and detection strategies for information security systems.Computers Mathematics with Applications,65(9), 1234-1253. Oliveira, B., Belo, O. (2016). On the specification of extract, transform, and load patterns behavior: A domainà ¢Ã¢â€š ¬Ã‚ specific language approach.Expert Systems. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Reyns, B. W. (2013). Online routines and identity theft victimization further expanding routine activity theory beyond direct-contact offenses.Journal of Research in Crime and Delinquency,50(2), 216-238. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security.computers security,38, 97-102. You need to update your iPhone RIGHT NOW or run the risk of a devastating hack attack. (2016).The Sun. Retrieved 20 September 2016, from https://www.thesun.co.uk/news/1677166/you-need-to-update-your-iphone-right-now-because-something-terrifying-has-happened/ Zhang, H., Cheng, P., Shi, L., Chen, J. (2016). Optimal DoS attack scheduling in wireless networked control system.IEEE Transactions on Control Systems Technology,24(3), 843-852.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.