This document discusses security and risk management in the context of a TV broadcasting firm. It covers threats in mobile devices, security protection techniques, ensuring availability of web service using Apache, impact on employees, and auditing tools for Linux server.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Security and Risk Management
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents Introduction......................................................................................................................................3 Task 1...............................................................................................................................................3 Illustrate two types of threats in mobile devices along with their vulnerability to destruction and abuse......................................................................................................................................3 Security protection techniques that can be utilized within mitigation of risks for mobile devices ......................................................................................................................................................5 Illustrate how firm can make sure availability of web service by using Apache.........................6 Impact on employees of information security along with risk management...............................7 Specify auditing tools for Linux server and way in which they will be utilized by MBC..........9 Task 2.............................................................................................................................................10 Creation of two directories.........................................................................................................10 Demonstrate different ways for creating three users.................................................................11 Conclusion.....................................................................................................................................12 References......................................................................................................................................13
Introduction Security and risk assessment refers to identification, assessment as well as execution of key security controls within the application. It aids firm within emphasizing on prevention of apps from security defects along with vulnerability. Basically, it furnishes firm with a enhanced way through which they can acknowledge nature of security threats as well as interaction with them (Amin, Valverde and Talla, 2020). To understand concept about and security and risk assessment MBC is taken into account which is a TV broadcasting firm who permit their employees to utilize own computing devices within the working premises. This report comprises of different threats, protection techniques and their mitigation. Furthermore, it also furnishes ways to ensure availability servers and impact on information security of employees along with different auditing tools. Task1 Illustrate two types of threats in mobile devices along with their vulnerability to destruction and abuse Like spyware and viruses which impact systems like PC or laptop, there is wide range of security threats which creates an impact on mobile devices. A security threat refers to risks which can probably harm computer system and organization. This can be either due to physical or non-physical aspects. Physical involves stealing the mobile devices which comprises of vital information(Arora and Gigras, 2020). Like within MBC firm employees are allowed with their own devices then it is obvious that those have some important information related with organization. The non-physical aspects comprise of virus attacks like malware, ransomware, etc which can create harm to information present within the system or even steal that. Basically, non-physicalattacksprovideuserwithunauthorizedaccessintothesystemofusersor organization. The mobile security threats which can be experienced by employees of MBC while delivering their operations have been specified below: Applicationbasedthreats:Whenemployeesoranyuserdownloadapplicationthey comprises of different types of security issues which can be installed within mobile devices. Anyapplication do not illustrate whether they are malicious or not and are formulated with an intent to carry out a fraud(Brashear, 2020). Even sometimes legitimate software is being
exploited for carrying out fraudulent activities. With respect to MBC, there can experience certain application based threats and might fit into any of the category specified beneath: Malware:This implies software that is liable for carrying out malicious activities when installed within mobile devices. User will not know about the changes which will be made by malware within mobile like it can make charges to phone bills, send messages to contact list or furnish control to third person who made this attack (What is a mobile threat?, 2020). Spyware:It is liable for collecting or making use of private data of users without their knowledge and approval for them for any activity that is being carried out. Data that is being attacked by this is text messages, browser history, contact list, user location, private photos and many other aspects. Privacy threats: It is not necessary that they are malicious but will make use of sensitive data like contact list, photos, etc. Vulnerable applications:They are the apps which comprises of flaws that can be exploited for conducting malicious activities. Vulnerabilities aid attacker to have access to sensitive information.Web based threats:As mobile devices are being connected to internet and are being used frequently for accessing web based services. Employees of MBC can face various issues for their mobile devices, they are as: Phishing scams:Text messages, Twitter, email and Facebook is being utilized for sending links to websites which are formulated for trick individuals into render information such as account numbers, etc. It is difficult to identify whether they are from legitimate user or not. Drive by downloads:This will automatically download application when web page is visited and here users may or may not be prompted to take further actions (Chopra and Chaudhary, 2020). Browser exploits:They takes advantage from vulnerabilities which are present within web browser of mobile like PDF reader, or flash player. In above discussion two threats have been illustrated and probable impact they can create on users. For an instance, by visiting an unsafe webpage, users by themselves trigger browser
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
which will exploit which will lead to carry out malicious activities or might install malware for carrying out unauthenticated activities. Security protection techniques that can be utilized within mitigation of risks for mobile devices There are various firms which render mobile devices to employees or allow them to utilize their own personal devices within working premises. MBC permits their workforce to make use of their computing devices(Daza and Hargiss, 2020). But it is necessary that they must establish adequate and strong security measures. The risk associated with this is very high which is being understood from above section. Certain steps or techniques for mitigating threats associated with mobile devices and can be utilized by MBC organization is illustrated below: Establishment of precise mobile usage policy:While allowing cell phones within working premises it is essential that they must be considered within organist ion security policies. These must cover their acceptable usage, mandatory security settings, anti-theft measures and many others. The policies framework must be included within compliance monitoring along with remediation of deficiencies. Segment apps and data on enterprise devices:This is good practice in which mobile users can be segregated on the basis of role they have to carry out and accordingly access privilege levels must be formulated. This will minimize exposed surface area in case if one device is being compromised as only at particular level devices will be compromised insteadofall(DiazandMuñoz,2020).Alongwiththis,unwantedsoftwareor applications will not be installed. Encrypting as well as minimizing visibility within devices in firm’s network:If any mobile device is being compromisedthen its data must not be easily accessible to malicious users. Along with this, mobile device must not become an entry into network of MBC. This can be done by making use of IAM (identity and access management) system (PHONE SECURITY: 20 WAYS TO SECURE YOUR MOBILE PHONE, 2020). Install security software in mobile devices:It is primary and essential countermeasure that must be taken up by MBC organization while allowing mobile phones within working area. The security team must take them like any other hardware which is present within their network.
Monitor user behavior:Mobile users hardly know that whether their devices are compromised or not and they put themselves at risk. Monitoring the activities carried out by user will reveal anomalies which can lead to point out attack is on the way. Along withthis,automatedmonitoringprovesimportanttoensurethatsecuritypolicies formulated by MBC are not infringed. Formulate mobile security awareness program by training:Individuals are accustomed to freedom on their mobile devices. Thus, it becomes more crucial to build awareness policiesforcorporatesecurityriskswithinmobiletechnologies(Ellis,Hertigand Metscher, 2020). Training must emphasize on making mobile devices secured, what kind of activities carried belong to enterprise device along with what every day practices must be implemented by them to ensure that they do not fall victim to common security threats. Illustrate how firm can make sure availability of web service by using Apache. Apache is a web server and open source software. It is a modular as well as process based webserverapplicationwhichisliableforcreatingnewthreadsthatareconnected simultaneously. Apache supports wide ranges of features which are compiled like a separate module as well as their core functionalities are extended. Web service refers to standardized medium that is being used for propagation of interaction among client and server application on WWW. It is formulated for certain set of activities(Hubbard, 2020). As MBC has opted to make use of Apache Web server for delivering their services, it is essential to ensure that it furnishes high availability which will make it reliable to be accessed by different users. Brewer’s or CAP theorem can be utilized by MBC organization as it states that database simultaneously cannot ensure partition tolerance, consistency and availability. Network failures can occur at any time so partition tolerance is required that prioritizes availability over consistency or vice-versa. Apache Cassandra can be used by MBC as it is referred to as AP system (means availability over consistency) which will ensure that data is being available even if consistency is being sacrificed. Certain aspects related with this are illustrated beneath: Data availability can be ensured by replicas:When data is being written by making use of Cassandra then multiple copies (normally three) are being formulated within distinct clusters(Janssen, 2020). This is done to make sure that in case if data is lost from one
node or it becomesunavailable.A replicationis definedwhen database isbeing formulated by MBC and they can control number of copies that have to be written. But, it may take time for updating as well as propagate to remote hosts. There is a probability that hosts might be unreachable or temporarily down. Cassandra provides the data but there is no surety that data is up to date or not. Tunable consistency within Cassandra:For addressing the problem illustrated in above point tunable consistency is being maintained. When read or write operations are being carried out then client must illustrate consistency level. This will illustrate number of replicas which have to respond while carrying out operation(Wolf and Serpanos, 2020). For an instance if non-critical data like number of comments on social media is not necessary to have latest data. For this consistency levels can be set like one, two, three and quorum. Here, quorum implies high consistency and user will be provided with latest information. This will lead MBC to ensure availability along with consistency by making use of Apache Cassandra. Along with this, they can take different steps through which they can enhance availability of their web services. Impact on employees of information security along with risk management The employees have critical role within making business vulnerable. For an instance employee who have local administrator rights disabled security solutions within their computers and allowed spread of infection such as WannaCry ransomware(Amin, Valverde and Talla, 2020). The certain aspects that can be faced by MBC in this context are specified below: Risk from within:This takes place due to irresponsible as well as uniformed employees. The biggest armor against cyberattack are employees of organization.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Illustration1: Where do businesses feel vulnerable? Top five fears This is due to the reason that they share inappropriate data through usage of their mobile devices, their cell phones are lost which makes data of MBC more vulnerable, inadequate usage of IT resources by employees along with this there are incidents in which data that is being shared with suppliers is modified (The Human Factor in IT Security: How EmployeesareMakingBusinessesVulnerablefromWithin,2020).Suchkindof activities of employees may cost heavy to organization. Employees actions lead to cybersecurity incidents:Employees make mistakes while putting their data on systems either they are careless or accidently slip up. The reason behind this is that they are not adequately trained with respect to ways in which business can be protected(Arora and Gigras, 2020). Illustration2: Types of security event experienced
The major risks faced by firm is attack from malware, viruses or Trojans, careless attitude,hardwaretheftortargetedattacks.Basically,ithasbeenidentifiedthat employees click on unauthorized links as well as download application which leads them to certain attacks. As MBC has permitted their employees to use mobile phones within working premises, firm need to ensure that they have restricted access to services provided to them. For an instance, VPN can be used so that they cannot use whatsapp or any other social media through usage of their wireless networks as it makes them more prone to certain attacks(Brashear, 2020). Along with this, adequate training must be provided to them so that they can understand concept of cyber security along with identifiesthe applications which can make their mobile phones prone to attack. Specify auditing tools for Linux server and way in which they will be utilized by MBC. Auditing as well as checking server is essential to make sure that total security is maintained. With respect to Linux system that is being used by MBC organization, some tools are illustrated below for monitoring as well as analyzing different aspects: Fluentd:Whenorganizationhaspeculiardatasourcesandexistsindifferent environments and it is necessary to centralize them otherwise the performance cannot be monitored and it will also be difficult to prevent from security threats. Fluentd furnishes a robust solution to collect data but it aids within organizing via distinct pipelines(Chopra and Chaudhary, 2020). It will aid MBC organization within extending their logging data within other applications and have better analysis by making minimized efforts. Nagios:It is a reliable open source tool that is being used for management of log data. It will aid MBC within collecting data by making information more accessible for system administrators and it is usually used for monitoring security of local networks. These tools can be utilized by MBC to monitor as well as carry out analysis of problems associated with security, web servers along with other applications such as email.
Task 2 Creation of two directories In this section commands that can be used within Linux for creation of two directories within SBM4304 which is a main directory. They are illustrated below: mkdir SBM4304(Used to create a directory with name SBM4304) cd SBM4304(From root directory will change to SBM4304) mkdir StudentID1(directory named StudentID1 will be created within SBM4304) mkdir StudentID2(directory named StudentID2 is created within SBM4304) ls(used to check the directories craeted) ls –l(will illustrate permissions of both StudentID1 and StudentID2) cd(is used to go to home root) ls –l(to check permissions of SBM4304) chmod 777 SBM4304(will alter the permissions for the directory by assigning it with read write execute access means a complete access is being provided)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Illustration3: Create directory and set permissions Demonstrate different ways for creating three users Users imply people who have access to system. Basically, they are assigned within account and possess restricted or limited access to critical system directories and files. useradd u1 useradd u2 useradd u3 useradd is a command which is being used for adding user into a system.
Illustration4: Create user Conclusion From above, it can be concluded that, security and risk management implies process that is related with usage of information technology and comprises of determination, assess as well as treating risks to maintain confidentiality, availability and integrity of assets of firm. There are different type of mobile threats which makes devices vulnerable. Therefore, it is important that firm must make use of different policies to avoid these attacks. Along with this, different ways can be used by firm to ensure the availability of web servers which is being used by them so that their users can have access to relevant information. Furthermore, there exist different tools that can be used to audit the activities conducted within.
References Books and Journal Amin, A., Valverde, R. and Talla, M., 2020. Risk Management via Digital Dashboards in Statistics Data Centers.International Journal of Information Technologies and Systems Approach (IJITSA),13(1), pp.27-45. Arora, M. and Gigras, Y., 2020. Security,Privacy,ForensicsAnalysisfor Smartphones. InForensicInvestigationsandRiskManagementinMobileandWireless Communications(pp. 1-25). IGI Global. Brashear, J.P., 2020. Managing Risk to Critical Infrastructures, Their Interdependencies, and the RegionTheyServe:ARiskManagementProcess.InOptimizingCommunity Infrastructure(pp. 41-67). Butterworth-Heinemann. Chopra,A.andChaudhary,M.,2020.RiskManagementApproach.InImplementingan Information Security Management System(pp. 77-102). Apress, Berkeley, CA. Daza,R.andHargiss,K.M.,2020.FactorsComprisingEffectiveRiskCommunication, Decision-Making,andMeasurementofITandIARisk.InStart-UpsandSMEs: Concepts, Methodologies, Tools, and Applications(pp. 814-833). IGI Global. Diaz, E.O. and Muñoz, M., 2020. Strategy for Performing Critical Projects in a Data Center Using DevSecOps Approach and Risk Management.International Journal of Information Technologies and Systems Approach (IJITSA),13(1), pp.61-73. Ellis, J., Hertig, C.A. and Metscher, R., 2020. Concepts and Evolution of Asset Protection and Security. InThe Professional Protection Officer(pp. 3-18). Butterworth-Heinemann. Hubbard, D.W., 2020.The failure of risk management: Why it's broken and how to fix it. John Wiley & Sons. Janssen, S.A.M., 2020. Capturing Agents in Security Models: Agent-based Security Risk Management using Causal Discovery. Wolf, M. and Serpanos, D., 2020. Safety and Security Design Processes. InSafe and Secure Cyber-Physical Systems and Internet-of-Things Systems(pp. 11-33). Springer, Cham. Online What is a mobile threat?. 2020. [Online]. Available through: <https://www.lookout.com/know- your-mobile/what-is-a-mobile-threat>. PHONE SECURITY: 20 WAYS TO SECURE YOUR MOBILE PHONE.2020. [Online]. Availablethrough:<https://preyproject.com/blog/en/phone-security-20-ways-to-secure- your-mobile-phone/>. The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within.2020.[Online].Availablethrough:<https://www.kaspersky.com/blog/the- human-factor-in-it-security/>.