Information Security: Analysis of Mirai Botnet Malware Attack on Edimax Cameras
VerifiedAdded on  2023/06/04
|16
|3642
|383
AI Summary
This paper discusses the Mirai botnet malware attack on Edimax cameras, the security breaches that occurred, and solutions against the attacks. It also includes a critical review of the journal and text coding.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
INFORMATION SECURITY 1
INFORMATION SECURITY
By (Student Name)
Course Name
Professor Name
University Affiliation
City
Date
INFORMATION SECURITY
By (Student Name)
Course Name
Professor Name
University Affiliation
City
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INFORMATION SECURITY 2
Table of Contents
Task 1: Pretty Good Privacy............................................................................................................3
Task 2: Critical thinking..................................................................................................................3
Analysis of the Business Case.........................................................................................................3
Summary of the case study..........................................................................................................3
Solution against the attacks.............................................................................................................5
Critical Review of the Journal.........................................................................................................7
Summary of the paper..................................................................................................................7
Information security.........................................................................................................................8
Data fraud and intrusion of privacy.................................................................................................8
Text coding ……………………………………………………...………………………………..8
Cyber security..................................................................................................................................9
Cloud computing...........................................................................................................................10
Mitigation of data security risks....................................................................................................11
Bibliography..................................................................................................................................13
Table of Contents
Task 1: Pretty Good Privacy............................................................................................................3
Task 2: Critical thinking..................................................................................................................3
Analysis of the Business Case.........................................................................................................3
Summary of the case study..........................................................................................................3
Solution against the attacks.............................................................................................................5
Critical Review of the Journal.........................................................................................................7
Summary of the paper..................................................................................................................7
Information security.........................................................................................................................8
Data fraud and intrusion of privacy.................................................................................................8
Text coding ……………………………………………………...………………………………..8
Cyber security..................................................................................................................................9
Cloud computing...........................................................................................................................10
Mitigation of data security risks....................................................................................................11
Bibliography..................................................................................................................................13
INFORMATION SECURITY 3
Task 1: Pretty Good Privacy
EnCt21771efe0563dd16919618e2e21fc8dcc2ba4965e1771efe0563dd16919618e2elezuT=h03w
A
6BBwIt1vA/HdsWSFAm5e7UdDRxjgmq6/sd2enDm4FUNzHXfZlz6kuSQ==IwEmS
Task 2: Critical thinking
Field Selection
Internet of Things
Finding a Case Study
Our case study is the Edimax cameras which were infected by a malware known as Mirai Botnet
in late 2016.
Analysis of the Business Case
Summary of the case study
This business case involves Edison cameras that were primarily affected by the Mirai
malware. The cameras were affected as the attackers used them. This made it possible for the
attackers to use the cameras for DDoS (Distributed Denial of Service) attacks.
Identification of the security breaches that occurred
The Marai botnet malware infected the Edimax cameras and they were greatly affected.
Mirai malware exploits the security of many devices of the Internet of Things that is weak. Its
operations are through scanning the devices of the internet of things devices in a continuous way
(Strba, 2018:33). These devices are those that can be accessed through the internet and which get
protection from factory default or usernames that are hardcoded as well as passwords.
Task 1: Pretty Good Privacy
EnCt21771efe0563dd16919618e2e21fc8dcc2ba4965e1771efe0563dd16919618e2elezuT=h03w
A
6BBwIt1vA/HdsWSFAm5e7UdDRxjgmq6/sd2enDm4FUNzHXfZlz6kuSQ==IwEmS
Task 2: Critical thinking
Field Selection
Internet of Things
Finding a Case Study
Our case study is the Edimax cameras which were infected by a malware known as Mirai Botnet
in late 2016.
Analysis of the Business Case
Summary of the case study
This business case involves Edison cameras that were primarily affected by the Mirai
malware. The cameras were affected as the attackers used them. This made it possible for the
attackers to use the cameras for DDoS (Distributed Denial of Service) attacks.
Identification of the security breaches that occurred
The Marai botnet malware infected the Edimax cameras and they were greatly affected.
Mirai malware exploits the security of many devices of the Internet of Things that is weak. Its
operations are through scanning the devices of the internet of things devices in a continuous way
(Strba, 2018:33). These devices are those that can be accessed through the internet and which get
protection from factory default or usernames that are hardcoded as well as passwords.
INFORMATION SECURITY 4
The default usernames of the Internet of things devices, as well as their passwords, are
generally not changed. This is the same case with the Edison cameras (Ling et al. 2018: 123).
The Mirai botnet malware infects these devices forcing them to do their reporting to the server
that is controlled centrally. This turns them into a bot that can be used in enhancing DDoS
attacks.
The main vulnerability that was found by the hackers who developed Mirai malware was
that cameras are devices of the Internet of Things that can be operated and fully controlled by
anyone. This are cameras that underlie operating system especially Linux through the typing of
a username that is random but which contains very many characters(Kennefick, 2017: 111).
Since the passwords of the cameras are not normally changed, the Mirai malware capitalized on
this by infecting them and taking full control of them. The main security breach that the cameras
were exposed to is one of them being able to be controlled by anyone.
Following this vulnerability, the Mirai malware infected the cameras and turned them
into bots. This facilitated them to be used for DDoS attacks(Gupta et al. 2017:411). They were
also in campaigns of extortion through the use of ransomware. The Mirai Malware mainly
targeted the devices that were using the Linux operating system.
Therefore, the cameras were affected greatly because of the poor security procedures in
these devices. The attackers are able to pre-program their worm with default passwords and
those passwords that are used commonly (Guez, 2017: 61). The limitations of power processing
as well as operating systems imply that there is a lack of security features that are advanced in
many devices of Iota.
The default usernames of the Internet of things devices, as well as their passwords, are
generally not changed. This is the same case with the Edison cameras (Ling et al. 2018: 123).
The Mirai botnet malware infects these devices forcing them to do their reporting to the server
that is controlled centrally. This turns them into a bot that can be used in enhancing DDoS
attacks.
The main vulnerability that was found by the hackers who developed Mirai malware was
that cameras are devices of the Internet of Things that can be operated and fully controlled by
anyone. This are cameras that underlie operating system especially Linux through the typing of
a username that is random but which contains very many characters(Kennefick, 2017: 111).
Since the passwords of the cameras are not normally changed, the Mirai malware capitalized on
this by infecting them and taking full control of them. The main security breach that the cameras
were exposed to is one of them being able to be controlled by anyone.
Following this vulnerability, the Mirai malware infected the cameras and turned them
into bots. This facilitated them to be used for DDoS attacks(Gupta et al. 2017:411). They were
also in campaigns of extortion through the use of ransomware. The Mirai Malware mainly
targeted the devices that were using the Linux operating system.
Therefore, the cameras were affected greatly because of the poor security procedures in
these devices. The attackers are able to pre-program their worm with default passwords and
those passwords that are used commonly (Guez, 2017: 61). The limitations of power processing
as well as operating systems imply that there is a lack of security features that are advanced in
many devices of Iota.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SECURITY 5
Solution against the attacks
In ensuring that a device is safe, four pillars must be considered. These pillars help in the
determination of the right security level for the device (Galluscio et al. 2017: 46). The developers
need to ensure that security measures are observed at every lifecycle of a device. The pillars in
the lifecycle of a device include the design phase, execution phase, execution phase as well as
the power down phase.
The design phase is during the inception of a device. This phase is very significant in the
prevention of the introduction of codes that might be malicious during the process of
development (Dulaunoy et al., 2017: 68). Some of the measures for prevention include delivery
of signed binary, ensuring that there is authenticity and that alliterating codes is not possible.
Another is ensuring that the device is developed on a certified platform of software under the
standards of security of industries, for instance, IEC 27034 as well as IEC 62443.
The execution phase is also significant to the security of a device. The main security goal
in this phase is to ensure or establish the background for trust (Cusack and Tian, 2017: 55). This
is to help in the prevention of binaries that are entrusted from running which will go a long way
in ensuring that the software that is placed in the hardware is the most appropriate one and that
there is trust between the software and the hardware(April et al. 2017: 67). In developing the root
of trust, the requirements are a boot technology that is secure as well as cryptographic signatures
which ensure that there is prevention of code that is unsigned from executing.
In the operation phase, there is deployment of measures that are multiple in the
prevention of attacks that might be malicious in the mode of operation. This includes controls for
prevention of access that is not authorized and ensuring the security of networks through
encryption (Antonakakis et al. 2017: 1093). In the power down phase, the necessary measures
Solution against the attacks
In ensuring that a device is safe, four pillars must be considered. These pillars help in the
determination of the right security level for the device (Galluscio et al. 2017: 46). The developers
need to ensure that security measures are observed at every lifecycle of a device. The pillars in
the lifecycle of a device include the design phase, execution phase, execution phase as well as
the power down phase.
The design phase is during the inception of a device. This phase is very significant in the
prevention of the introduction of codes that might be malicious during the process of
development (Dulaunoy et al., 2017: 68). Some of the measures for prevention include delivery
of signed binary, ensuring that there is authenticity and that alliterating codes is not possible.
Another is ensuring that the device is developed on a certified platform of software under the
standards of security of industries, for instance, IEC 27034 as well as IEC 62443.
The execution phase is also significant to the security of a device. The main security goal
in this phase is to ensure or establish the background for trust (Cusack and Tian, 2017: 55). This
is to help in the prevention of binaries that are entrusted from running which will go a long way
in ensuring that the software that is placed in the hardware is the most appropriate one and that
there is trust between the software and the hardware(April et al. 2017: 67). In developing the root
of trust, the requirements are a boot technology that is secure as well as cryptographic signatures
which ensure that there is prevention of code that is unsigned from executing.
In the operation phase, there is deployment of measures that are multiple in the
prevention of attacks that might be malicious in the mode of operation. This includes controls for
prevention of access that is not authorized and ensuring the security of networks through
encryption (Antonakakis et al. 2017: 1093). In the power down phase, the necessary measures
INFORMATION SECURITY 6
include storage that is encrypted and ensuring that the containers of data are secure for
prevention of access of data from onboard.
As security features are being observed right from the initial stage of developing a
device, some dimensions need to be considered. They include the hardware of the device, its
operating system, its software, and mode of working with the internet as well as generation of
data and its maintenance in the system (Angrishi, 2017: 88). The interface has to be secured
including that of the users as well as attackers.
Data Software
OS/firmware Networking
Hardware
Diagram showing the aspects of a secure system of IoT and privacy
Dimensions in securing an
IoT System
include storage that is encrypted and ensuring that the containers of data are secure for
prevention of access of data from onboard.
As security features are being observed right from the initial stage of developing a
device, some dimensions need to be considered. They include the hardware of the device, its
operating system, its software, and mode of working with the internet as well as generation of
data and its maintenance in the system (Angrishi, 2017: 88). The interface has to be secured
including that of the users as well as attackers.
Data Software
OS/firmware Networking
Hardware
Diagram showing the aspects of a secure system of IoT and privacy
Dimensions in securing an
IoT System
INFORMATION SECURITY 7
Critical Review of the Journal
Summary of the paper
The paper looks into how the devices of IoT are vulnerable to infection by attackers. The
attackers then use them to perform DDoS attacks. It specifically takes a look at the Edison
cameras that were infected by Mirai botnet malware. The paper looks into the factors that made
the Edison cameras vulnerable to attacks. They were mainly infected because of the poor
security features. They operate on basic operating systems such as Linux and which is prone to
infection by the malware. Their passwords can also be changed easily through typing of
passwords with many characters, and this is enhanced because they do not have security features
that are advanced.
The paper proceeds by identifying the breaches of security that happened in the Edimax
cameras. Upon identification of the breaches, the paper also gives the solution to this kind of
attacks. It provides a solution that starts right from the initial stages of developing a device. The
paper also provides solutions to devices that have already been infected.
Strengths of the paper
The paper identifies how the security of IoT devices can be breached and gives a detailed
and intensive solution on how these devices can be protected from such attacks.
Weakness of the paper
The paper does not talk of other IoT devices. It mainly talks of cameras while there are
many IoT that are vulnerable to attacks.
Critical Review of the Journal
Summary of the paper
The paper looks into how the devices of IoT are vulnerable to infection by attackers. The
attackers then use them to perform DDoS attacks. It specifically takes a look at the Edison
cameras that were infected by Mirai botnet malware. The paper looks into the factors that made
the Edison cameras vulnerable to attacks. They were mainly infected because of the poor
security features. They operate on basic operating systems such as Linux and which is prone to
infection by the malware. Their passwords can also be changed easily through typing of
passwords with many characters, and this is enhanced because they do not have security features
that are advanced.
The paper proceeds by identifying the breaches of security that happened in the Edimax
cameras. Upon identification of the breaches, the paper also gives the solution to this kind of
attacks. It provides a solution that starts right from the initial stages of developing a device. The
paper also provides solutions to devices that have already been infected.
Strengths of the paper
The paper identifies how the security of IoT devices can be breached and gives a detailed
and intensive solution on how these devices can be protected from such attacks.
Weakness of the paper
The paper does not talk of other IoT devices. It mainly talks of cameras while there are
many IoT that are vulnerable to attacks.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INFORMATION SECURITY 8
Text coding
<h1>Lorem ipsum dolor sit amet, consectetur adipisicing elit</h1>
<p>Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim
veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis
aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id
est laborum.</p>
<p>Sed ut perspiciatis, unde omnis iste natus error sit voluptatem accusantium doloremque
laudantium, totam rem aperiam eaque ipsa, quae ab illo inventore veritatis et quasi architecto
beatae vitae dicta sunt, explicabo. Nemo enim ipsam voluptatem, quia voluptas sit, aspernatur
aut odit aut fugit, sed quia consequuntur magni dolores eos, qui ratione voluptatem sequi
nesciunt, neque porro quisquam est, qui dolorem ipsum, quia dolor sit amet.</p>
<h2>Vero eos et accusamus et iusto odio dignissimos ducimus</h2>
<p>Qui blanditiis praesentium voluptatum deleniti atque corrupti, quos dolores et quas molestias
excepturi sint, obcaecati cupiditate non provident, similique sunt in culpa, qui officia deserunt
mollitia animi, id est laborum et dolorum fuga. Et harum quidem rerum facilis est et expedita
distinctio. </p>
<p>Nam libero tempore, cum soluta nobis est eligendi optio, cumque nihil impedit, quo minus
id, quod maxime placeat, facere possimus, omnis dolor repellendus. Qua temporibus autem
quibusdam et aut officiis debitis aut rerum necessitatibus saepe eveniet, ut et voluptates
repudiandae sint et molestiae non recusandae pondere ad lineam. Itaque earum rerum hic tenetur
a sapiente delectus, ut aut reiciendis voluptatibus maiores alias consequatur aut perferendis
doloribus asperiores repellat</p>
<h3>Tempore intellegi convenire</h3>
<p>Qui autem alia matunt scribi a nobis, aequi esse debent, quod et seripta multa sunt, sic ut
plura nemini e nostris, et scribentur fortasse plura et tamen qui diligenter haec quae de
philosophia Htteris mandamus legere assueverit, iudicabit nulla ad legendum his esse
potiora.</p>
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.58
hIwDmCS94uDDx9kBA/0ft3hDjHBAb4kPOVuMx3ICwMgJPKFR0giuiA4HtinDaG51
qFlFGialfPvbRHt2DS98XW2+nqk6qRJvyLpGXR6gRF8gAR5cqUK6/JUr9SbKy/f8
Text coding
<h1>Lorem ipsum dolor sit amet, consectetur adipisicing elit</h1>
<p>Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim
veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis
aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id
est laborum.</p>
<p>Sed ut perspiciatis, unde omnis iste natus error sit voluptatem accusantium doloremque
laudantium, totam rem aperiam eaque ipsa, quae ab illo inventore veritatis et quasi architecto
beatae vitae dicta sunt, explicabo. Nemo enim ipsam voluptatem, quia voluptas sit, aspernatur
aut odit aut fugit, sed quia consequuntur magni dolores eos, qui ratione voluptatem sequi
nesciunt, neque porro quisquam est, qui dolorem ipsum, quia dolor sit amet.</p>
<h2>Vero eos et accusamus et iusto odio dignissimos ducimus</h2>
<p>Qui blanditiis praesentium voluptatum deleniti atque corrupti, quos dolores et quas molestias
excepturi sint, obcaecati cupiditate non provident, similique sunt in culpa, qui officia deserunt
mollitia animi, id est laborum et dolorum fuga. Et harum quidem rerum facilis est et expedita
distinctio. </p>
<p>Nam libero tempore, cum soluta nobis est eligendi optio, cumque nihil impedit, quo minus
id, quod maxime placeat, facere possimus, omnis dolor repellendus. Qua temporibus autem
quibusdam et aut officiis debitis aut rerum necessitatibus saepe eveniet, ut et voluptates
repudiandae sint et molestiae non recusandae pondere ad lineam. Itaque earum rerum hic tenetur
a sapiente delectus, ut aut reiciendis voluptatibus maiores alias consequatur aut perferendis
doloribus asperiores repellat</p>
<h3>Tempore intellegi convenire</h3>
<p>Qui autem alia matunt scribi a nobis, aequi esse debent, quod et seripta multa sunt, sic ut
plura nemini e nostris, et scribentur fortasse plura et tamen qui diligenter haec quae de
philosophia Htteris mandamus legere assueverit, iudicabit nulla ad legendum his esse
potiora.</p>
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.58
hIwDmCS94uDDx9kBA/0ft3hDjHBAb4kPOVuMx3ICwMgJPKFR0giuiA4HtinDaG51
qFlFGialfPvbRHt2DS98XW2+nqk6qRJvyLpGXR6gRF8gAR5cqUK6/JUr9SbKy/f8
INFORMATION SECURITY 9
UT1G0mOdohrexu/qXsl4vRmKoZB9ROg8miZnfaNWSkmTGgGXHiDblrkELP7r/tLC
GgES0WqQoU+jUJf0A+ZYOshMQndnOHVCW/dEk7W8Jhuq5H9obdExGlpvHwg3pRGk
cH8S+PqFqEY1So0+tU5gNW8su/NmKx5TDaC50yIJe2Xm3Dfz/tVAfLWY9crs2WgP
uWE80wWury5SMUgpAbvvUpwJq815yyWpBYnIgqkTwzm/0OCQy7TJWOp2BHVP44Xo
7UnmXwQyJmJK4YJKMRrZV+f28JVLgDVHowq0T19NP8ycnx86i+ohvE6WAwU/Kph9
yY7ILdiB2rhaHlDZ5q5xj2wHRKL8UpZMwVTLAyBcsufwmCveP2yKFDPjXZK3QCJh
yLF5wcLMkAh5jMHQ2goYgBufrBa1Wt8TwpwpacRFhKG3sUySqbf3b78l2527g2+a
C6GYT/k3wFm+pihrc8S07DrjOfu+t2n9jearMisV4Em6YVzPZzNcagXuo8KPBnZX
BHqP8ChRbeWuXz7U6i1uYblCFfZWm53tEKV0v/GBl5unJv3vJmlz+YKLXQXjmCop
8w8BRODKdJQ/LyI5PdG5MMzsJHA84gl01SHn0EzzxwZDhv4l3Zb6xje0X99ciWpy
camw0frRjMJPeoN9/oUJMWqSjBZxx5i073utGgMZbw7y4BsnxGK4tfuqWC1oyZQS
g72wwRD5YoTPZL+bJKCQ1TJ1A8ieu2uczMsOBQ/xDA36CQGOvs56GOOqUOZnKZrs
v0QYFip4rLjQOad+ksNhp74lQuB9zKr7hkyV+sNhRhPWKF689A2UM8ZU4/6b8N3b
CoB+SaRMTCZ4gqA4ApWL4+sBpg/4v8oFeqkZuoMseSyt9m64yPYKHaUUESaQkRs2
/Yh2kg23EVp19tO36MpgrFllwgWkSGj3JrNu+/XIsiFiI9m119rbTxW0PmuKC/2Y
pdjFX3Xm5UtzP3KSinuRgjM4veQuVgQLa+ZsEVpGXd8TXTgaTyKDwxHObq94KYJM
hxCPVB7duszoBo4\u003d
\u003dqo/u
-----END PGP MESSAGE-----
Information security
Information security involves the concepts of integrity confidentiality authenticity and the
availability these concepts are essential in facilitating transactions, and other business operations.
However, they may be unreliable if they are no accomplished when designing a system.
Confidentiality involves hiding data from strangers and therefore requires a secure authentication
process for an outside party to access data. It also utilizes strict controls that are the sender and
recipients are the only individuals supposed to obtain information. Confidentiality also ensures
data encryption hence information may not be readily intercepted. The next is integrity which
implies that there should be resistance to the alteration of data and any changes must be detected.
Integrity ensures only authorized agents access information. It is mainly enforced by the use of
checksums and algorithmic validation. The maintenance of integrity involves the hardware and
on the logic of applications
UT1G0mOdohrexu/qXsl4vRmKoZB9ROg8miZnfaNWSkmTGgGXHiDblrkELP7r/tLC
GgES0WqQoU+jUJf0A+ZYOshMQndnOHVCW/dEk7W8Jhuq5H9obdExGlpvHwg3pRGk
cH8S+PqFqEY1So0+tU5gNW8su/NmKx5TDaC50yIJe2Xm3Dfz/tVAfLWY9crs2WgP
uWE80wWury5SMUgpAbvvUpwJq815yyWpBYnIgqkTwzm/0OCQy7TJWOp2BHVP44Xo
7UnmXwQyJmJK4YJKMRrZV+f28JVLgDVHowq0T19NP8ycnx86i+ohvE6WAwU/Kph9
yY7ILdiB2rhaHlDZ5q5xj2wHRKL8UpZMwVTLAyBcsufwmCveP2yKFDPjXZK3QCJh
yLF5wcLMkAh5jMHQ2goYgBufrBa1Wt8TwpwpacRFhKG3sUySqbf3b78l2527g2+a
C6GYT/k3wFm+pihrc8S07DrjOfu+t2n9jearMisV4Em6YVzPZzNcagXuo8KPBnZX
BHqP8ChRbeWuXz7U6i1uYblCFfZWm53tEKV0v/GBl5unJv3vJmlz+YKLXQXjmCop
8w8BRODKdJQ/LyI5PdG5MMzsJHA84gl01SHn0EzzxwZDhv4l3Zb6xje0X99ciWpy
camw0frRjMJPeoN9/oUJMWqSjBZxx5i073utGgMZbw7y4BsnxGK4tfuqWC1oyZQS
g72wwRD5YoTPZL+bJKCQ1TJ1A8ieu2uczMsOBQ/xDA36CQGOvs56GOOqUOZnKZrs
v0QYFip4rLjQOad+ksNhp74lQuB9zKr7hkyV+sNhRhPWKF689A2UM8ZU4/6b8N3b
CoB+SaRMTCZ4gqA4ApWL4+sBpg/4v8oFeqkZuoMseSyt9m64yPYKHaUUESaQkRs2
/Yh2kg23EVp19tO36MpgrFllwgWkSGj3JrNu+/XIsiFiI9m119rbTxW0PmuKC/2Y
pdjFX3Xm5UtzP3KSinuRgjM4veQuVgQLa+ZsEVpGXd8TXTgaTyKDwxHObq94KYJM
hxCPVB7duszoBo4\u003d
\u003dqo/u
-----END PGP MESSAGE-----
Information security
Information security involves the concepts of integrity confidentiality authenticity and the
availability these concepts are essential in facilitating transactions, and other business operations.
However, they may be unreliable if they are no accomplished when designing a system.
Confidentiality involves hiding data from strangers and therefore requires a secure authentication
process for an outside party to access data. It also utilizes strict controls that are the sender and
recipients are the only individuals supposed to obtain information. Confidentiality also ensures
data encryption hence information may not be readily intercepted. The next is integrity which
implies that there should be resistance to the alteration of data and any changes must be detected.
Integrity ensures only authorized agents access information. It is mainly enforced by the use of
checksums and algorithmic validation. The maintenance of integrity involves the hardware and
on the logic of applications
INFORMATION SECURITY 10
The third is available when needed and at the required time. The concern is how to keep
the information open. The security issues may destroy data. Therefore, high availability solutions
for instance load balancing quick backups are necessary. The last is authenticity that is a user
must have an assurance that the data received is from the right sources. The failure of verifying
the authenticity may lead to issues for instance browsers hijacking, spam, and email phishing.
Data fraud and intrusion of privacy
Data fraud and intrusion of privacy are increasing even as the dangers of information
revelation are on the rise. Progressively, healthcare, financial and different organizations must
manage enactment and control information security, and in perspective of current news reports
concerning cyber terrorism consumer worries pertaining data revelation and exploitation will
most likely make enterprises and institutions obliged in protecting consumer data. Therefore, an
effective security plan must be put in place to protect delicate data or information against misuse
by putting into practice an efficient encryption protocol.
Cyber security
In the current digital era, cyber security attacks can come from any place either internally
or externally. Advancement in information technology has come at the cost of increased
vulnerability to attack of organizational information and data. Information security has therefore
emerged as a central agenda for companies and institutions, which are worried about the danger
caused by cybersecurity attacks. However, despite the increased investment by companies on
cybersecurity, there are still some risks and threats which expose corporate data to attacks. This
essay will discuss various risks and threats to company data and the procedures/policies to be
implemented for data handling and protection to enhance smooth business continuity.
The third is available when needed and at the required time. The concern is how to keep
the information open. The security issues may destroy data. Therefore, high availability solutions
for instance load balancing quick backups are necessary. The last is authenticity that is a user
must have an assurance that the data received is from the right sources. The failure of verifying
the authenticity may lead to issues for instance browsers hijacking, spam, and email phishing.
Data fraud and intrusion of privacy
Data fraud and intrusion of privacy are increasing even as the dangers of information
revelation are on the rise. Progressively, healthcare, financial and different organizations must
manage enactment and control information security, and in perspective of current news reports
concerning cyber terrorism consumer worries pertaining data revelation and exploitation will
most likely make enterprises and institutions obliged in protecting consumer data. Therefore, an
effective security plan must be put in place to protect delicate data or information against misuse
by putting into practice an efficient encryption protocol.
Cyber security
In the current digital era, cyber security attacks can come from any place either internally
or externally. Advancement in information technology has come at the cost of increased
vulnerability to attack of organizational information and data. Information security has therefore
emerged as a central agenda for companies and institutions, which are worried about the danger
caused by cybersecurity attacks. However, despite the increased investment by companies on
cybersecurity, there are still some risks and threats which expose corporate data to attacks. This
essay will discuss various risks and threats to company data and the procedures/policies to be
implemented for data handling and protection to enhance smooth business continuity.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SECURITY 11
` The first major security risk and a threat to company data are targeted cyber-attacks.
Nowadays, cyber-attacks have ceased to be a mere creation of idle/bored young computer
wizards who are after bragging rights. The nature of attacks network is changing globally, with
attacks being conducted by organized crime syndicates who are everywhere and are globally
connected. The modern-day hacking has advanced whereby hackers do not require the bulk of
information in one go but can now excerpt information over a long period (Pillai, 2010). This
poses a challenge and a difficulty for companies to manage their information security. The
second threat and risk to company information are data breaches.
Many companies' data is at risk of being violated, as a consequence of intended leaks by
discontented employees, or other common mistakes such as misplacement of electronic gadgets,
which facilitate leakage or escape of data from companies. A report on by data breach
investigations has indicated that about half 50% of the data breaches occur within companies.
Internal factors of employees and blunders in data handling result to a data breach. This,
therefore, is a factor that increases the risks and vulnerabilities of companies’ information
security (Keller, 2015). Because for instance if a gadget such as a laptop is misplaced, there is a
risk that an intruder may come across it and gain access to critical information and may also
temper with it. Companies should manage data breaches by being vigilant about who has legal
access to what information.
Cloud computing
The third threat and risk to business data security are cloud computing, which has
presented a new type of information security concern. This is due to the notion of cloud
computing whereby companies must surrender their security control to an outside/external party.
` The first major security risk and a threat to company data are targeted cyber-attacks.
Nowadays, cyber-attacks have ceased to be a mere creation of idle/bored young computer
wizards who are after bragging rights. The nature of attacks network is changing globally, with
attacks being conducted by organized crime syndicates who are everywhere and are globally
connected. The modern-day hacking has advanced whereby hackers do not require the bulk of
information in one go but can now excerpt information over a long period (Pillai, 2010). This
poses a challenge and a difficulty for companies to manage their information security. The
second threat and risk to company information are data breaches.
Many companies' data is at risk of being violated, as a consequence of intended leaks by
discontented employees, or other common mistakes such as misplacement of electronic gadgets,
which facilitate leakage or escape of data from companies. A report on by data breach
investigations has indicated that about half 50% of the data breaches occur within companies.
Internal factors of employees and blunders in data handling result to a data breach. This,
therefore, is a factor that increases the risks and vulnerabilities of companies’ information
security (Keller, 2015). Because for instance if a gadget such as a laptop is misplaced, there is a
risk that an intruder may come across it and gain access to critical information and may also
temper with it. Companies should manage data breaches by being vigilant about who has legal
access to what information.
Cloud computing
The third threat and risk to business data security are cloud computing, which has
presented a new type of information security concern. This is due to the notion of cloud
computing whereby companies must surrender their security control to an outside/external party.
INFORMATION SECURITY 12
Although cloud computers tend to guarantee maximum data security in their centers, information
is stored in the cloud together with information from other customer companies/organization.
This mix up increases vulnerability to data insecurity because it is different from how a company
may store information by itself (Catteddu, 2010). Cloud computing is, therefore, a threat or risk
to company data security especially when the cloud computers’ data centers are not secure.
The fourth risk and threat to modern company data security is a social network or social
media. Social network/media sites including Facebook, Twitter, and Instagram have come at a
cost to most companies and organizations whereby in addition to employees wasting working
time, they also inadvertently leak company data. Apart from the susceptibilities in the online
applications developed for seeping company network, people mostly post private information.
Also, data security threats which are unknown to company information technology may be posed
when third-party employees can access applications which are mostly developed by small
companies and individuals through social media.
Mitigation of data security risks
To mitigate and minimize the above data security risks, some policies/procedures should
be implemented to ensure data protection and continuity of business. The first policy is a
restriction of data/information access. This restricting classified data and software access to only
the authorized personnel within the company. Common techniques for access restriction are
authentication using passwords or tokens, and application of different authorization profiles to
different users of the system, based on their varying roles. Authentication should be
supplemented with audit trails, and valuable information can be provided by inclusive activity
logs, which is used to refine the security measures effectiveness.
Although cloud computers tend to guarantee maximum data security in their centers, information
is stored in the cloud together with information from other customer companies/organization.
This mix up increases vulnerability to data insecurity because it is different from how a company
may store information by itself (Catteddu, 2010). Cloud computing is, therefore, a threat or risk
to company data security especially when the cloud computers’ data centers are not secure.
The fourth risk and threat to modern company data security is a social network or social
media. Social network/media sites including Facebook, Twitter, and Instagram have come at a
cost to most companies and organizations whereby in addition to employees wasting working
time, they also inadvertently leak company data. Apart from the susceptibilities in the online
applications developed for seeping company network, people mostly post private information.
Also, data security threats which are unknown to company information technology may be posed
when third-party employees can access applications which are mostly developed by small
companies and individuals through social media.
Mitigation of data security risks
To mitigate and minimize the above data security risks, some policies/procedures should
be implemented to ensure data protection and continuity of business. The first policy is a
restriction of data/information access. This restricting classified data and software access to only
the authorized personnel within the company. Common techniques for access restriction are
authentication using passwords or tokens, and application of different authorization profiles to
different users of the system, based on their varying roles. Authentication should be
supplemented with audit trails, and valuable information can be provided by inclusive activity
logs, which is used to refine the security measures effectiveness.
INFORMATION SECURITY 13
Companies should ensure that the information is completely removed before disposal.
The removal may include physical destruction of the media or through data
reformatting/overwriting on the storage media. Secondly, some situations may call for the
company management to prevent employees from bringing and using personal computing
gadgets such as smartphones in the job context. This helps to enhance device security control and
therefore eliminate/reduce the vulnerabilities to information theft.
The information technology systems used in the modern companies has shifted to open
standard systems and platforms which have created more opportunities for outsiders/intruders to
take advantage of and access company data. Some techniques of information security such as
physical isolation of raw data are no longer effective. Therefore, companies have to conduct a
good plan and review process for policies and procedures of enhancing data security with the
above examples very important in the modern information technology context.
Companies should ensure that the information is completely removed before disposal.
The removal may include physical destruction of the media or through data
reformatting/overwriting on the storage media. Secondly, some situations may call for the
company management to prevent employees from bringing and using personal computing
gadgets such as smartphones in the job context. This helps to enhance device security control and
therefore eliminate/reduce the vulnerabilities to information theft.
The information technology systems used in the modern companies has shifted to open
standard systems and platforms which have created more opportunities for outsiders/intruders to
take advantage of and access company data. Some techniques of information security such as
physical isolation of raw data are no longer effective. Therefore, companies have to conduct a
good plan and review process for policies and procedures of enhancing data security with the
above examples very important in the modern information technology context.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INFORMATION SECURITY 14
Bibliography
April, M.A.T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman,
J.A., Invernizzi, L., Kallitsis, M., Kumar, D. and Ma, C.L.Z., 2017. Understanding the
Mirai Botnet. In USENIX Security Symposium.
Angrishi, K., 2017. Turning internet of things (iot) into internet of vulnerabilities (iov): Iot
botnets. arXiv preprint arXiv:1702.03681.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z.,
Halderman, J.A., Invernizzi, L., Kallitsis, M. and Kumar, D., 2017, August.
Understanding the Mirai botnet. In USENIX Security Symposium (pp. 1092-1110).
Cusack, B. and Tian, Z., 2017. Evaluating IP surveillance camera vulnerabilities.
Catteddu, D., 2010. Cloud Computing: benefits, risks and recommendations for information
security. In Web application security (pp. 17-17). Springer, Berlin, Heidelberg.
Dulaunoy, A., Wagener, G., Mokaddem, S. and Wagner, C., 2017. An extended analysis of an
Bibliography
April, M.A.T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman,
J.A., Invernizzi, L., Kallitsis, M., Kumar, D. and Ma, C.L.Z., 2017. Understanding the
Mirai Botnet. In USENIX Security Symposium.
Angrishi, K., 2017. Turning internet of things (iot) into internet of vulnerabilities (iov): Iot
botnets. arXiv preprint arXiv:1702.03681.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z.,
Halderman, J.A., Invernizzi, L., Kallitsis, M. and Kumar, D., 2017, August.
Understanding the Mirai botnet. In USENIX Security Symposium (pp. 1092-1110).
Cusack, B. and Tian, Z., 2017. Evaluating IP surveillance camera vulnerabilities.
Catteddu, D., 2010. Cloud Computing: benefits, risks and recommendations for information
security. In Web application security (pp. 17-17). Springer, Berlin, Heidelberg.
Dulaunoy, A., Wagener, G., Mokaddem, S. and Wagner, C., 2017. An extended analysis of an
INFORMATION SECURITY 15
IoT malware from a blackhole network. TNC17.
Egan, M. and Mather, T., 2004. The executive guide to information security: Threats, challenges,
and solutions. Addison-Wesley Professional.
Galluscio, M., Neshenko, N., Bou-Harb, E., Huang, Y., Ghani, N., Crichigno, J. and Kaddoum,
G., 2017, October. A first empirical look on internet-scale exploitations of IoT devices.
In Personal, Indoor, and Mobile Radio Communications (PIMRC), 2017 IEEE 28th Annual
International Symposium on(pp. 1-7). IEEE.
Guez, G., 2017. Why Hardware-Based Design Security is Essential for Every Application. White
Paper.
Gupta, N., Naik, V. and Sengupta, S., 2017, January. A firewall for Internet of Things.
In Communication Systems and Networks (COMSNETS), 2017 9th International
Conference on (pp. 411-412). IEEE.
Kennefick, D., 2017. Can a Strictly Defined Security Configuration for IoT Devices Mitigate the
Risk of Exploitation by Botnet Malware?
Keller, S., Powell, A., Horstmann, B., Predmore, C. and Crawford, M., 2015. Information
security threats and practices in small businesses. Information systems
management, 22(2), p.7.
Ling, Z., Liu, K., Xu, Y., Gao, C., Jin, Y., Zou, C., Fu, X. and Zhao, W., 2018. IoT Security: An
End-to-End View and Case Study. arXiv preprint arXiv:1805.05853.
Strba, S., 2018. Internet of Things Security: Ongoing Threats and Proposed Solutions.
Pillai, D. and Andley, P., 2010. Information security threats. Compendium of Papers 2009-10,
p.58.
IoT malware from a blackhole network. TNC17.
Egan, M. and Mather, T., 2004. The executive guide to information security: Threats, challenges,
and solutions. Addison-Wesley Professional.
Galluscio, M., Neshenko, N., Bou-Harb, E., Huang, Y., Ghani, N., Crichigno, J. and Kaddoum,
G., 2017, October. A first empirical look on internet-scale exploitations of IoT devices.
In Personal, Indoor, and Mobile Radio Communications (PIMRC), 2017 IEEE 28th Annual
International Symposium on(pp. 1-7). IEEE.
Guez, G., 2017. Why Hardware-Based Design Security is Essential for Every Application. White
Paper.
Gupta, N., Naik, V. and Sengupta, S., 2017, January. A firewall for Internet of Things.
In Communication Systems and Networks (COMSNETS), 2017 9th International
Conference on (pp. 411-412). IEEE.
Kennefick, D., 2017. Can a Strictly Defined Security Configuration for IoT Devices Mitigate the
Risk of Exploitation by Botnet Malware?
Keller, S., Powell, A., Horstmann, B., Predmore, C. and Crawford, M., 2015. Information
security threats and practices in small businesses. Information systems
management, 22(2), p.7.
Ling, Z., Liu, K., Xu, Y., Gao, C., Jin, Y., Zou, C., Fu, X. and Zhao, W., 2018. IoT Security: An
End-to-End View and Case Study. arXiv preprint arXiv:1805.05853.
Strba, S., 2018. Internet of Things Security: Ongoing Threats and Proposed Solutions.
Pillai, D. and Andley, P., 2010. Information security threats. Compendium of Papers 2009-10,
p.58.
INFORMATION SECURITY 16
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.