Information Security Planning for Website Businesses
Verified
Added on  2023/06/11
|7
|1701
|179
AI Summary
This article discusses the security aspects of a new website business, the use of 3DES encryption algorithm, how IS policy may assist a company that suffered a Spambot attack, and how Spambot data attacks relate to the CIA/Parkerian models.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY PLANNING Information Security Planning Name of the Student Name of the University Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INFORMATION SECURITY PLANNING Discussion of the security aspects of a new website business Nowadays it has been very common to businesspersons about the security loopholes that exist within the cyberworld. They are aware of the fact that the cyberworld is wary of numerous security problems that encompass the entire system (Asghari, van Eeten & Bauer, 2015). Therefore, as it is necessary for a business to go digitized, it is equally necessary that a businessperson be aware of the solutions to tackle as well as prevent security threats to the new website business (Elyashar, 2016). There are few general things that are absolutely necessary for businesspersons to take into consideration while implementing the inception towards a website business. The following are the aspects of a website business that needs to be taken care of for any businessperson to keep away the risks of cyber threats and make the most of the online website business: ï‚·Assets:In case of website businesses, the most important assets are considered to be the domain, the website hosting, the website or CMS access, the emails accounts used for the purpose, the advertising and other social media accounts, and the Customer Relationship Management or CRM or the Customer Database. These aspects of the website business needs to be taken care of as the breach of any one of these would lead to chaos in the business process leading to further downfalls. ï‚·Threats:There are various tools and processes that are able to be put into place that safeguards a website business from cyber threats. It helps in the backing up of data that may help in recovery of lost data if any breaches are likely to occur (Grant et al., 2014). Threats that would have control over the computers and connecting devices would most likely be curbed with the help of these tools and processes. ï‚·Vulnerabilities:Any kind of website business needs to take care of the SQL injections, Cross Site Scripting or XSS, broken authentication and session management, and security misconfiguration. These should be taken care of to maintain complete security against the vulnerabilities in the website business.
2INFORMATION SECURITY PLANNING Risks:Website businesses have previously been subjected to security risks and data breaches. However, in a website business, it is not just that there is only one kind of security risk. It can occur from the perspective of the business and the perspective of technical risks as well. Both these risks are to be taken utmost care of as a risk can further develop into an impending threat for a website business. Mitigation and protective measures:Hacking a website and processing threats against the website organizations is a common phenomenon. Therefore, the owner of the website business should focus on the steps that should be taken to reduce adverse effects of these threats and hacks. Discussion on the use of the 3DES encryption algorithm In the year 1977, the DES block cipher was first introduced but it has been chided by many cryptographers as a historical interest (Bhanot & Hans, 2015). However, triple DES has had practical importance according to the cryptographers. This fact fall true for both 2 Key and 3 Key triple DES. A 2 key or 3 key triple DES forms a symmetric block cipher that applies the DES cipher algorithm thrice to each data block. Therefore it becomes extremely difficult as well as to much tenuous for any hacker to go through each data block trying to hack the single data block thrice in a row. 2 Key triple DES provides 80 bits of security and hence is much more powerful of an encryption process than that of the 3 key triple DES (Amsler et al., 2016). Therefore, if any business organization opts for adopting a 2 key triple DES encryption for its security process for blocking data, it would be absolutely feasible and heavily recommended as an encryption process altogether. However, a business organization has huge amount of data generating every day, and hence encrypting data in accordance to these enormous amounts of generated data may need a huge storage capacity, which is difficult to achieve unless cloud storage is implemented for the organization’s data storage system.
3INFORMATION SECURITY PLANNING Discussion on how IS policy may assist a company that suffered a Spambot attack Spambot is generally a computer application that has been designed in order to generate and send a huge amount of spam emails to random users in heaps. It has the ability to collect email addresses automatically from different sources on the internet randomly. Spambot usually starts sending a pile load of junk mail by creating a mail list out of the collected email ids. A Spambot mail might carry any sort of ransomware attack that would help the hackers or spammers to carry out attacks on website servers. If this kind of an attack happens within a company, there are high chances that they would be under a huge threat of data breaches and losing of intricate and confidential data. This is where an Internet Security policy or an IS Policy comes into action to save a company and assist them from a Spambot attack. Since and IS Policy is meant to set boundaries for an employee in an organization for internet usage, it would educate an individual employee about Spambots and the threat they bring along for the company (Watad, Washah & Perez, 2018). It is essentially mentioned within an IS Policy that any kind of suspicious mails are forbidden to access, hence the company is mostly protected from any kind of Spambot attack. They are trained well about the procedures to adopt for protecting and managing systems in the company through an IS Policy and hence assists the company in suffering from Spambot attacks further. Discussion on how Spambot data attacks relate to the CIA/Parkerian models A CIA/Parkerian Model hexad is a set of six elements of information security. This concept was proposed by Donn B. Parker in the year 1998. TheParkerianhexad adds three additional attributes to the otherwise tradition three-classic-security attributes of theCIAtriad which is namely confidentiality, integrity and availability (Mitchell,2016).On the otherhand,Spambotis generally a computer application that has been designed in order to generate and send a huge amount of spam emails to random users in heaps. It has the ability to collect email addresses automatically from different sources on the internet randomly (Navatha, Kumar & Ganguly, 2017).The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security (Leelasankar, Chellappan & Sivasankar, 2018). It identifies or relates with the Spambot data
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SECURITY PLANNING attacks as these are the three regions where confidentiality, integrity and availability of a system is challenged. In any cases a spambot attacks a system through confidential email ids, derailing the integrity of data according to the availability of the innocent users to fall into the malware data threat attacks.
5INFORMATION SECURITY PLANNING Reference Amsler, D. B., Allen, N., Messer, S., & Healy, T. (2016).U.S. Patent No. 9,258,321. Washington, DC: U.S. Patent and Trademark Office. Asghari, H., van Eeten, M. J., & Bauer, J. M. (2015). Economics of fighting botnets: Lessons from a decade of mitigation.IEEE Security & Privacy,13(5), 16-23. Bhanot,R.,&Hans,R.(2015).Areviewandcomparativeanalysisofvariousencryption algorithms.International Journal of Security and Its Applications,9(4), 289-306. Elyashar, A. (2016). The Security of Organizations and Individuals in Online Social Networks.arXiv preprint arXiv:1607.04775. Grant, K., Edgar, D., Sukumar, A., & Meyer, M. (2014). ‘Risky business’: Perceptions of e-business risk by UKsmalland mediumsized enterprises (SMEs).InternationalJournalofInformation Management,34(2), 99-122. Leelasankar, K., Chellappan, C., & Sivasankar, P. (2018). Successful Computer Forensics Analysis on the CyberAttackBotnet.InHandbookofResearchonNetworkForensicsandAnalysis Techniques(pp. 266-281). IGI Global. Mitchell,C.J.(2016).Onthesecurityof2-keytripleDES.IEEETransactionsonInformation Theory,62(11), 6260-6267. Navatha, K., Kumar, J. T., & Ganguly, P. (2017). An efficient FPGA Implementation of DES and Triple- DES Encryption Systems.Communication and Power Engineering, 348. Saxena, M., & Khan, P. M. (2015, March). Spamizer: An approach to handle web form Spam. InComputingforSustainableGlobalDevelopment(INDIACom),20152ndInternational Conference on(pp. 1095-1100). IEEE.
6INFORMATION SECURITY PLANNING Watad, M., Washah, S., & Perez, C. (2018). It Security Threats and Challenges for Small Firms: Managers’ Perceptions.International Journal of the Academic Business World, 23.