Security and Risk Management

Verified

Added on  2023/01/12

|13
|3408
|76
AI Summary
This document discusses security and risk management in the context of a TV broadcasting firm. It covers threats in mobile devices, security protection techniques, ensuring availability of web service using Apache, impact on employees, and auditing tools for Linux server.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Security and Risk
Management

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Table of Contents
Introduction......................................................................................................................................3
Task 1...............................................................................................................................................3
Illustrate two types of threats in mobile devices along with their vulnerability to destruction
and abuse......................................................................................................................................3
Security protection techniques that can be utilized within mitigation of risks for mobile devices
......................................................................................................................................................5
Illustrate how firm can make sure availability of web service by using Apache.........................6
Impact on employees of information security along with risk management...............................7
Specify auditing tools for Linux server and way in which they will be utilized by MBC..........9
Task 2.............................................................................................................................................10
Creation of two directories.........................................................................................................10
Demonstrate different ways for creating three users.................................................................11
Conclusion.....................................................................................................................................12
References......................................................................................................................................13
Document Page
Introduction
Security and risk assessment refers to identification, assessment as well as execution of key
security controls within the application. It aids firm within emphasizing on prevention of apps
from security defects along with vulnerability. Basically, it furnishes firm with a enhanced way
through which they can acknowledge nature of security threats as well as interaction with them
(Amin, Valverde and Talla, 2020). To understand concept about and security and risk assessment
MBC is taken into account which is a TV broadcasting firm who permit their employees to
utilize own computing devices within the working premises. This report comprises of different
threats, protection techniques and their mitigation. Furthermore, it also furnishes ways to ensure
availability servers and impact on information security of employees along with different
auditing tools.
Task 1
Illustrate two types of threats in mobile devices along with their vulnerability to destruction and
abuse
Like spyware and viruses which impact systems like PC or laptop, there is wide range of
security threats which creates an impact on mobile devices. A security threat refers to risks
which can probably harm computer system and organization. This can be either due to physical
or non-physical aspects. Physical involves stealing the mobile devices which comprises of vital
information (Arora and Gigras, 2020). Like within MBC firm employees are allowed with their
own devices then it is obvious that those have some important information related with
organization. The non-physical aspects comprise of virus attacks like malware, ransomware, etc
which can create harm to information present within the system or even steal that. Basically,
non-physical attacks provide user with unauthorized access into the system of users or
organization. The mobile security threats which can be experienced by employees of MBC while
delivering their operations have been specified below:
Application based threats: When employees or any user download application they
comprises of different types of security issues which can be installed within mobile devices.
Any application do not illustrate whether they are malicious or not and are formulated with
an intent to carry out a fraud (Brashear, 2020). Even sometimes legitimate software is being
Document Page
exploited for carrying out fraudulent activities. With respect to MBC, there can experience
certain application based threats and might fit into any of the category specified beneath:
Malware: This implies software that is liable for carrying out malicious activities
when installed within mobile devices. User will not know about the changes which
will be made by malware within mobile like it can make charges to phone bills, send
messages to contact list or furnish control to third person who made this attack (What
is a mobile threat?, 2020).
Spyware: It is liable for collecting or making use of private data of users without
their knowledge and approval for them for any activity that is being carried out. Data
that is being attacked by this is text messages, browser history, contact list, user
location, private photos and many other aspects.
Privacy threats: It is not necessary that they are malicious but will make use of
sensitive data like contact list, photos, etc.
Vulnerable applications: They are the apps which comprises of flaws that can be
exploited for conducting malicious activities. Vulnerabilities aid attacker to have
access to sensitive information. Web based threats: As mobile devices are being connected to internet and are being used
frequently for accessing web based services. Employees of MBC can face various issues
for their mobile devices, they are as:
Phishing scams: Text messages, Twitter, email and Facebook is being utilized for
sending links to websites which are formulated for trick individuals into render
information such as account numbers, etc. It is difficult to identify whether they
are from legitimate user or not.
Drive by downloads: This will automatically download application when web
page is visited and here users may or may not be prompted to take further actions
(Chopra and Chaudhary, 2020).
Browser exploits: They takes advantage from vulnerabilities which are present
within web browser of mobile like PDF reader, or flash player.
In above discussion two threats have been illustrated and probable impact they can create
on users. For an instance, by visiting an unsafe webpage, users by themselves trigger browser

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
which will exploit which will lead to carry out malicious activities or might install malware for
carrying out unauthenticated activities.
Security protection techniques that can be utilized within mitigation of risks for mobile devices
There are various firms which render mobile devices to employees or allow them to
utilize their own personal devices within working premises. MBC permits their workforce to
make use of their computing devices (Daza and Hargiss, 2020). But it is necessary that they must
establish adequate and strong security measures. The risk associated with this is very high which
is being understood from above section. Certain steps or techniques for mitigating threats
associated with mobile devices and can be utilized by MBC organization is illustrated below:
Establishment of precise mobile usage policy: While allowing cell phones within
working premises it is essential that they must be considered within organist ion security
policies. These must cover their acceptable usage, mandatory security settings, anti-theft
measures and many others. The policies framework must be included within compliance
monitoring along with remediation of deficiencies.
Segment apps and data on enterprise devices: This is good practice in which mobile
users can be segregated on the basis of role they have to carry out and accordingly access
privilege levels must be formulated. This will minimize exposed surface area in case if
one device is being compromised as only at particular level devices will be compromised
instead of all (Diaz and Muñoz, 2020). Along with this, unwanted software or
applications will not be installed.
Encrypting as well as minimizing visibility within devices in firm’s network: If any
mobile device is being compromised then its data must not be easily accessible to
malicious users. Along with this, mobile device must not become an entry into network
of MBC. This can be done by making use of IAM (identity and access management)
system (PHONE SECURITY: 20 WAYS TO SECURE YOUR MOBILE PHONE,
2020).
Install security software in mobile devices: It is primary and essential countermeasure
that must be taken up by MBC organization while allowing mobile phones within
working area. The security team must take them like any other hardware which is present
within their network.
Document Page
Monitor user behavior: Mobile users hardly know that whether their devices are
compromised or not and they put themselves at risk. Monitoring the activities carried out
by user will reveal anomalies which can lead to point out attack is on the way. Along
with this, automated monitoring proves important to ensure that security policies
formulated by MBC are not infringed.
Formulate mobile security awareness program by training: Individuals are accustomed
to freedom on their mobile devices. Thus, it becomes more crucial to build awareness
policies for corporate security risks within mobile technologies (Ellis, Hertig and
Metscher, 2020). Training must emphasize on making mobile devices secured, what kind
of activities carried belong to enterprise device along with what every day practices must
be implemented by them to ensure that they do not fall victim to common security
threats.
Illustrate how firm can make sure availability of web service by using Apache.
Apache is a web server and open source software. It is a modular as well as process based
web server application which is liable for creating new threads that are connected
simultaneously. Apache supports wide ranges of features which are compiled like a separate
module as well as their core functionalities are extended. Web service refers to standardized
medium that is being used for propagation of interaction among client and server application on
WWW. It is formulated for certain set of activities (Hubbard, 2020). As MBC has opted to make
use of Apache Web server for delivering their services, it is essential to ensure that it furnishes
high availability which will make it reliable to be accessed by different users. Brewer’s or CAP
theorem can be utilized by MBC organization as it states that database simultaneously cannot
ensure partition tolerance, consistency and availability. Network failures can occur at any time so
partition tolerance is required that prioritizes availability over consistency or vice-versa. Apache
Cassandra can be used by MBC as it is referred to as AP system (means availability over
consistency) which will ensure that data is being available even if consistency is being sacrificed.
Certain aspects related with this are illustrated beneath:
Data availability can be ensured by replicas: When data is being written by making use
of Cassandra then multiple copies (normally three) are being formulated within distinct
clusters (Janssen, 2020). This is done to make sure that in case if data is lost from one
Document Page
node or it becomes unavailable. A replication is defined when database is being
formulated by MBC and they can control number of copies that have to be written. But, it
may take time for updating as well as propagate to remote hosts. There is a probability
that hosts might be unreachable or temporarily down. Cassandra provides the data but
there is no surety that data is up to date or not.
Tunable consistency within Cassandra: For addressing the problem illustrated in above
point tunable consistency is being maintained. When read or write operations are being
carried out then client must illustrate consistency level. This will illustrate number of
replicas which have to respond while carrying out operation (Wolf and Serpanos, 2020).
For an instance if non-critical data like number of comments on social media is not
necessary to have latest data. For this consistency levels can be set like one, two, three
and quorum. Here, quorum implies high consistency and user will be provided with latest
information.
This will lead MBC to ensure availability along with consistency by making use of Apache
Cassandra. Along with this, they can take different steps through which they can enhance
availability of their web services.
Impact on employees of information security along with risk management
The employees have critical role within making business vulnerable. For an instance
employee who have local administrator rights disabled security solutions within their computers
and allowed spread of infection such as WannaCry ransomware (Amin, Valverde and Talla,
2020). The certain aspects that can be faced by MBC in this context are specified below:
Risk from within: This takes place due to irresponsible as well as uniformed employees.
The biggest armor against cyberattack are employees of organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Illustration 1: Where do businesses feel vulnerable? Top five fears
This is due to the reason that they share inappropriate data through usage of their mobile
devices, their cell phones are lost which makes data of MBC more vulnerable, inadequate
usage of IT resources by employees along with this there are incidents in which data that
is being shared with suppliers is modified (The Human Factor in IT Security: How
Employees are Making Businesses Vulnerable from Within, 2020). Such kind of
activities of employees may cost heavy to organization.
Employees actions lead to cybersecurity incidents: Employees make mistakes while
putting their data on systems either they are careless or accidently slip up. The reason
behind this is that they are not adequately trained with respect to ways in which business
can be protected (Arora and Gigras, 2020).
Illustration 2: Types of security event experienced
Document Page
The major risks faced by firm is attack from malware, viruses or Trojans, careless
attitude, hardware theft or targeted attacks. Basically, it has been identified that
employees click on unauthorized links as well as download application which leads them
to certain attacks.
As MBC has permitted their employees to use mobile phones within working premises, firm
need to ensure that they have restricted access to services provided to them. For an instance,
VPN can be used so that they cannot use whatsapp or any other social media through usage of
their wireless networks as it makes them more prone to certain attacks (Brashear, 2020). Along
with this, adequate training must be provided to them so that they can understand concept of
cyber security along with identifies the applications which can make their mobile phones prone
to attack.
Specify auditing tools for Linux server and way in which they will be utilized by MBC.
Auditing as well as checking server is essential to make sure that total security is
maintained. With respect to Linux system that is being used by MBC organization, some tools
are illustrated below for monitoring as well as analyzing different aspects:
Fluentd: When organization has peculiar data sources and exists in different
environments and it is necessary to centralize them otherwise the performance cannot be
monitored and it will also be difficult to prevent from security threats. Fluentd furnishes a
robust solution to collect data but it aids within organizing via distinct pipelines (Chopra
and Chaudhary, 2020). It will aid MBC organization within extending their logging data
within other applications and have better analysis by making minimized efforts.
Nagios: It is a reliable open source tool that is being used for management of log data. It
will aid MBC within collecting data by making information more accessible for system
administrators and it is usually used for monitoring security of local networks.
These tools can be utilized by MBC to monitor as well as carry out analysis of problems
associated with security, web servers along with other applications such as email.
Document Page
Task 2
Creation of two directories
In this section commands that can be used within Linux for creation of two directories
within SBM4304 which is a main directory. They are illustrated below:
mkdir SBM4304 (Used to create a directory with name SBM4304)
cd SBM4304 (From root directory will change to SBM4304)
mkdir StudentID1 (directory named StudentID1 will be created within SBM4304)
mkdir StudentID2 (directory named StudentID2 is created within SBM4304)
ls (used to check the directories craeted)
ls –l (will illustrate permissions of both StudentID1 and StudentID2)
cd (is used to go to home root)
ls –l (to check permissions of SBM4304)
chmod 777 SBM4304 (will alter the permissions for the directory by assigning it with
read write execute access means a complete access is being provided)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Illustration 3: Create directory and set permissions
Demonstrate different ways for creating three users
Users imply people who have access to system. Basically, they are assigned within
account and possess restricted or limited access to critical system directories and files.
useradd u1
useradd u2
useradd u3
useradd is a command which is being used for adding user into a system.
Document Page
Illustration 4: Create user
Conclusion
From above, it can be concluded that, security and risk management implies process that is
related with usage of information technology and comprises of determination, assess as well as
treating risks to maintain confidentiality, availability and integrity of assets of firm. There are
different type of mobile threats which makes devices vulnerable. Therefore, it is important that
firm must make use of different policies to avoid these attacks. Along with this, different ways
can be used by firm to ensure the availability of web servers which is being used by them so that
their users can have access to relevant information. Furthermore, there exist different tools that
can be used to audit the activities conducted within.
Document Page
References
Books and Journal
Amin, A., Valverde, R. and Talla, M., 2020. Risk Management via Digital Dashboards in
Statistics Data Centers. International Journal of Information Technologies and Systems
Approach (IJITSA), 13(1), pp.27-45.
Arora, M. and Gigras, Y., 2020. Security, Privacy, Forensics Analysis for Smartphones.
In Forensic Investigations and Risk Management in Mobile and Wireless
Communications (pp. 1-25). IGI Global.
Brashear, J.P., 2020. Managing Risk to Critical Infrastructures, Their Interdependencies, and the
Region They Serve: A Risk Management Process. In Optimizing Community
Infrastructure (pp. 41-67). Butterworth-Heinemann.
Chopra, A. and Chaudhary, M., 2020. Risk Management Approach. In Implementing an
Information Security Management System (pp. 77-102). Apress, Berkeley, CA.
Daza, R. and Hargiss, K.M., 2020. Factors Comprising Effective Risk Communication,
Decision-Making, and Measurement of IT and IA Risk. In Start-Ups and SMEs:
Concepts, Methodologies, Tools, and Applications (pp. 814-833). IGI Global.
Diaz, E.O. and Muñoz, M., 2020. Strategy for Performing Critical Projects in a Data Center
Using DevSecOps Approach and Risk Management. International Journal of Information
Technologies and Systems Approach (IJITSA), 13(1), pp.61-73.
Ellis, J., Hertig, C.A. and Metscher, R., 2020. Concepts and Evolution of Asset Protection and
Security. In The Professional Protection Officer (pp. 3-18). Butterworth-Heinemann.
Hubbard, D.W., 2020. The failure of risk management: Why it's broken and how to fix it. John
Wiley & Sons.
Janssen, S.A.M., 2020. Capturing Agents in Security Models: Agent-based Security Risk
Management using Causal Discovery.
Wolf, M. and Serpanos, D., 2020. Safety and Security Design Processes. In Safe and Secure
Cyber-Physical Systems and Internet-of-Things Systems (pp. 11-33). Springer, Cham.
Online
What is a mobile threat?. 2020. [Online]. Available through: < https://www.lookout.com/know-
your-mobile/what-is-a-mobile-threat>.
PHONE SECURITY: 20 WAYS TO SECURE YOUR MOBILE PHONE. 2020. [Online].
Available through: <https://preyproject.com/blog/en/phone-security-20-ways-to-secure-
your-mobile-phone/>.
The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from
Within. 2020. [Online]. Available through: <https://www.kaspersky.com/blog/the-
human-factor-in-it-security/>.
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]