Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Risk Management for Kevin's Music: Security Threats, Risk Controls, and Probability-Impact Matrix

Verified

Added on 2023/06/06

AI Summary

This article discusses the security threats, risk controls, and probability-impact matrix for Kevin's Music. The security threats include data breaches, malware attacks, denial of service attacks, man in the middle attacks, message and media alteration attacks, and SQL injection attacks. The article also includes risk controls such as encryption, access control, authentication, and technical controls. The probability-impact matrix is also provided to assess the likelihood and impact of each security threat.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Kevin’s Music
Risk Management
9/7/2018

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Risk Management
Table of Contents
Introduction...........................................................................................................................................2
EER diagram.........................................................................................................................................3
SQL queries...........................................................................................................................................4
Security Threats.....................................................................................................................................4
Data Breaches....................................................................................................................................4
Malware Attacks................................................................................................................................4
Denial of Service Attacks..................................................................................................................5
Man in the Middle Attacks................................................................................................................5
Message & Media Alteration Attacks................................................................................................5
SQL Injection Attacks.......................................................................................................................6
Probability-Impact Matrix.....................................................................................................................6
Risk Controls.........................................................................................................................................8
Conclusion...........................................................................................................................................10
References...........................................................................................................................................11
1

Risk Management
Introduction
Kevin’s Music is an organization that operates out of Burwood and was started by Kevin to
book his band for live performances. Due to limited profits, Kevin also started to teach music.
Kevin also started to book the performances of other bands for live music in several states of
Australia. There has been a lot of expansion in the business that has been done since its
inception. The management of the business tasks and operations is now becoming
troublesome with the use of manual set of practices. Kevin has decided to implement an
automated system for the purpose of bookings and their management. These information
systems offer several benefits to the users in terms of faster processing and speed, elimination
of the manual errors, efficient storage and management of the data sets, and better accuracy.
However, there are also a few issues that come up with these information systems. The
primary sets of issues that may get involved are the security threats and attacks. There may be
various attacks on the security of the data sets that may emerge which may adversely impact
the information properties, such as confidentiality, integrity, availability, and privacy of data.
2

Risk Management
EER diagram
Note: The diagram is made in MS Visio. All primary keys are to be underlined but in the
picture format “Underline” is not displayed. Hence Primary keys are written below:
 STUDENT – studentID
 CLASS – classID
 MUSICIAN – musicianID
 BAND – bandID
 MUSIC_BAND – (musicianID, bandID)
 BOOKING – bookingID
 VENUE – venueID
 STUDENT_CLASS – (studentID, classID)
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Risk Management
SQL queries
1. count(st.studentID) from STUDENT st WHERE st.sRegDate = ’01-07-2018’ GROUP
BY st.studentID;
2. SELECT * FROM MUSICIAN ms WHERE ms.age <=18 ORDER BY
ms.musicianFirstName;
3. SELECT ms.musicianFirstName, ms. musicianLastName, ms.cardExpDate, ms.age
FROM MUSICIAN ms WHERE ms.cardExpDate < sysDate() AND
m.isMusicianTeacher = ‘Yes’ order by sysdate();
4. SELECT bd.styleMusic, bk.bookingDate FROM BAND bd, BOOKING bk,
MUSIC_BAND bm, MUSICIAN ms WHERE ms.musicianID = bm. musicianID
AND bm.bandID = bd.bandID AND b.bandID = bk.bookingID AND
month(bk.bookingDate) = month(sysDate()) ORDEr BY bk.bookingDate;
5. SELECT s.studentID, s.studentFirstName, s. studentLastName, c.classMusicStyle,
m.musicianFirstName, m.musicianLastName FROM STUDENT s, MUSIC-CLASS
c, MUSICIAN m, STUDENT_CLASS ms WHERE ms.studentID = s.studentID and
ms.classID = c.classID AND c.teacher = m.mID AND m. isMusicianTeacher = ‘Yes’
AND month(c.classDate)=month(sysDate());
Security Threats
Data Breaches
The information systems that are developed are exposed to the breaching of data. This is
because there are several access points that are involved in these information systems. Also,
different users may use these systems on different platforms and networks. For instance, one
of the employees of Kevin may choose to access the system on public network connection.
As a result, the attackers may gain the ability to gain unauthorized access to the data sets.
They may capture the information contents or information properties and in both of these
cases, the impact will be negative for the organization (Tsohou et al., 2006).
Malware Attacks
The information system that will be developed for Kevin’s music will be exposed to various
security risks and attacks. One such security attack that may take place is malware attack.
4

Risk Management
Malware is the malicious code or program that is deliberately developed by the attacker to
cause damage to the system that it is launched upon. The launching of the malware in the
information system can be done through corrupted files, external devices, emails, networks,
and others. There are various malware types that have been developed, such as viruses,
ransomware, logic bombs, adware, worms, Trojan horses, spyware, and many more. These
different types of malware may be injected and may replicate on their own or may also
require a trigger to be launched and multiply. The mode of attack for each will be different
from the other. For example, ransomware is the malware attack in which the users of the
information system developed for Kevin’s music will be asked to pay a ransom as the access
to the system will be blocked. The ransom will be demanded in the form of any of the
cryptocurrencies, such as Bitcoins and others (El Hadi, 2014).
Denial of Service Attacks
The availability of the information system will be impacted in this security threat that may
take place on the information system developed for Kevin’s Music. There will various
network connections that will be involved and these will give space to the network access
points involved. The attackers may misuse these connections and may launch the unwanted
and garbage traffic to block the access. This may result in the deterioration of the quality of
service and the overall service breakdown may also come up. These are also known as
flooding attacks as there is a flooding of garbage traffic that is done.
Man in the Middle Attacks
The information system that will be developed for Kevin’s Music will use network
connections for the sharing, communication, and transmission of information. There may be
attacks that may be launched using these connections. Network-based security attacks may be
given shape in the form of man in the middle attacks. In these attacks, attacker will capture
the network activity in an unauthorized manner by sitting in between the client and the server.
There may also be other forms of attacks that may get involved, such as eavesdropping
attacks. The mode of these attacks may be active or passive (Park and Lee, 2014).
Message & Media Alteration Attacks
There are various properties of the data sets that are critical and must be protected. One such
property is the integrity of the data sets. It refers to the prevention of unauthorized
modification or alteration of the contents or properties of the data sets. The negative impact
on the integrity of the information sets may be carried out by the attackers. This may be done
5

Risk Management
by altering the contents or properties of the data packets comprising of message or media
contents.
SQL Injection Attacks
There are injection attacks that are common to the databases. These are the attacks that will
make use of SQL queries and the malicious queries will be used to gain access to the data sets
in an unauthorized manner. For instance, in the information system that is being developed
for Kevin’s music, there will be access rights and permissions that will be granted to the
users. However, the use of malicious queries may be done to violate these access rights and
misuse the access provided to the other users.
Probability-Impact Matrix
Risk Description Probability Impact Score
Data Breaches The information systems that are developed are
exposed to the breaching of data. This is because
there are several access points that are involved in
these information systems. Also, different users
may use these systems on different platforms and
networks. The attackers may capture the
information contents or information properties and
in both of these cases, the impact will be negative
for the organization.
4 5 20
Malware Attacks Malware is the malicious code or program that is
deliberately developed by the attacker to cause
damage to the system that it is launched upon. The
launching of the malware in the information
system can be done through corrupted files,
external devices, emails, networks, and others.
There are various malware types that have been
developed, such as viruses, ransomware, logic
bombs, adware, worms, Trojan horses, spyware,
and many more.
5 4 20
Denial of Service
Attacks
The attackers may misuse these connections and
may launch the unwanted and garbage traffic to
3 5 15
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Risk Management
block the access. This may result in the
deterioration of the quality of service and the
overall service breakdown may also come up.
These are also known as flooding attacks as there
is a flooding of garbage traffic that is done.
Man in the Middle
Attacks
In these attacks, attacker will capture the network
activity in an unauthorized manner by sitting in
between the client and the server. There may also
be other forms of attacks that may get involved,
such as eavesdropping attacks. The mode of these
attacks may be active or passive.
3 4 12
Message & media
alteration attacks
The negative impact on the integrity of the
information sets may be carried out by the
attackers. This may be done by altering the
contents or properties of the data packets
comprising of message or media contents.
2 5 10
SQL Injection Attacks These are the attacks that will make use of SQL
queries and the malicious queries will be used to
gain access to the data sets in an unauthorized
manner.
3 5 15
The probability and impact matrix for the six security threats has been prepared and
illustrated above. The scale used for providing the scores for probability and impact has been
chosen as 1 to 5 in which 1 is lowest and 5 is highest value.
The highest probability out of the six security threats has been assigned to the malware
attacks. It is because the malware can make use of different forms of attacking agents to be
launched. There are also different types of malware present which may be launched in the
system. Data breaches have been assigned with a probability as 4 as there are controls set up
to avoid the risk; however, the information will pass through different channels and there
may be certain vulnerabilities in one of these channels which may be misused. Man in the
middle, SQL injection attacks, and denial of service attacks are assigned with a probability
score as 3 as there are controls and processes that may minimize the likelihood of the attacks.
7

Risk Management
The lowest probability is given to the message and media alteration attacks as it is not easy to
disturb the integrity of the information sets and packets (Bernik and Prislan, 2016).
The impact that is associated with all the six security threats is assigned with either a score of
4 or 5. It indicates that the occurrence of these risks will have major or critical impact. This is
certain as the occurrence of any of these security events will lead to the adverse implication
on the information properties, such as integrity, confidentiality, and availability. It is
necessary to protect these information properties since an adverse implication on the same
may bring up legal obligations and punishments as well. For instance, if the information of
any of the customer or business partner gets exposed then the victim will have the right to file
a legal suite against the organization (Feng and Zheng, 2014).
Risk Controls
The security risks that have been identified and analysed above will be required to be
controlled. The strategy that will be applied for controlling these risks will be risk mitigation
and avoidance. One of the techniques that shall be used for controlling the security attacks
shall be encryption of the data sets.
Data breaches are a security risk that will be controlled by applying the security control as
access control and authentication. There are several access control tools and mechanisms that
have been defined in accordance with the latest technology. Multi-path encryption based
access control and role-based access control shall be used to avoid the issue. There shall also
be use of multi-fold authentication. There are enhanced forms of authentication that shall be
used for the users to provide them with the access to the system. The use of biometric
recognitions for unique identification must be done combined with passwords and session
management.
There are technical controls and tools that have been developed which can be used to avoid
and control most of the security risks and threats. Malware attacks shall also be avoided with
the use of such technically advanced tools. There is anti-malware tools that have been
developed that come with ransomware protection. These tools shall be installed,
implemented, and integrated with the information system developed for Kevin’s music. It
shall also be made sure that the tool is updated regularly and there are regular scans made for
installing the updates and patches.
8

Risk Management
Numerous technical controls and tools that have been developed which can be used to avoid
and control most of the security risks and threats. Denial of service attacks shall also be
avoided with the use of such technically advanced tools. There is anti-denial tools that have
been developed that come with automated scanning. These tools shall be installed,
implemented, and integrated with the information system developed for Kevin’s music. It
shall also be made sure that the tool is updated regularly and there are regular scans made for
installing the updates and patches.
The information system that will be developed for Kevin’s Music will use network
connections for the sharing, communication, and transmission of information. There may be
attacks that may be launched using these connections. Network-based security attacks may be
given shape in the form of man in the middle attacks. There are different technical controls
that have been developed to control and mitigate the network-based attacks. These include
the installation of network-based intrusion detection and prevention systems, installation of
firewalls, network scanners, network monitors, and likewise.
Message and media alteration attacks are also the attacks in which the network plays the role
of the key attacking agent. There are different technical controls that have been developed to
control and mitigate the network-based attacks. These include the installation of network-
based intrusion detection and prevention systems, installation of firewalls, network scanners,
network monitors, and likewise. Apart from these technical controls, the data and information
sets must be encrypted at all times. The encryption of the data sets will make sure that the
cipher form of the message or media content is transmitted over the network which will
mitigate the risk and will control the damages as well.
SQL injection attacks shall be controlled with the use of access control measures for the
database and the associated users. Multi-path encryption based access control and role-based
access control shall be used to avoid the issue. There shall also be use of multi-fold
authentication. There are enhanced forms of authentication that shall be used for the users to
provide them with the access to the system. The use of biometric recognitions for unique
identification must be done combined with passwords and session management.
Most of the controls that have been listed above make use of the technical tools and devices
for avoiding and mitigating the security threat. Apart from these, the users must be provided
with the information on the security threats that may occur and the practices that the end-user
may utilize to prevent the occurrences. Kevin and other members in the management
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Risk Management
committees must carry out security audits at regular intervals so that any of the security gaps
may be identified (Bozkus Kahyaoglu and Caliyurt, 2018).
Conclusion
Kevin has decided to implement an automated system for the purpose of bookings and their
management. These information systems offer several benefits to the users in terms of faster
processing and speed, elimination of the manual errors, efficient storage and management of
the data sets, and better accuracy. However, there are also a few issues that come up with
these information systems. The primary sets of issues that may get involved are the security
threats and attacks. The security threats that may occur on the information system for Kevin’s
Music may include data breaches, malware attacks, denial of service attacks, man in the
middle attacks, SQL injection attacks, and message & media alteration attacks. There are
control measures that may be used to avoid and mitigate these attacks. Multi-path encryption
based access control and role-based access control shall be used to avoid the issue. There
shall also be use of multi-fold authentication. There is anti-malware tools that have been
developed that come with ransomware protection. These tools shall be installed,
implemented, and integrated with the information system developed for Kevin’s music. Anti-
denial tools must be installed for protection from denial of service attacks. Network-based
security attacks may be given shape in the form of man in the middle attacks. There are
different technical controls that have been developed to control and mitigate the network-
based attacks. These include the installation of network-based intrusion detection and
prevention systems, installation of firewalls, network scanners, network monitors, and
likewise.
10

Risk Management
References
Bernik, I. and Prislan, K. (2016). Measuring Information Security Performance with 10 by 10
Model for Holistic State Evaluation. PLOS ONE, 11(9), p.e0163050.
Bozkus Kahyaoglu, S. and Caliyurt, K. (2018). Cyber security assurance process from the
internal audit perspective. Managerial Auditing Journal, 33(4), pp.360-376.
El Hadi, M. (2014). Assessing Information Security Risk Management in Organizations.
Compunet ( The Egyptian Information Journal ), 13(14), pp.18-32.
Feng, N. and Zheng, C. (2014). A Cooperative Model for IS Security Risk Management in
Distributed Environment. The Scientific World Journal, 2014, pp.1-6.
Park, S. and Lee, K. (2014). Advanced Approach to Information Security Management
System Model for Industrial Control System.
Tsohou, A., Karyda, M., Kokolakis, S. and Kiountouzis, E. (2006). Formulating information
systems risk management strategies through cultural theory. Information Management &
Computer Security, 14(3), pp.198-217.
11

1 out of 12

+13062052269

info@desklib.com

Risk Management for Kevin's Music: Security Threats, Risk Controls, and Probability-Impact Matrix

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Risk Management for Kevin's Music: Security Threats, Probability-Impact Matrix, and Risk Controls

Enterprise Information Management & Security