Computer Security Engineering Report: Frameworks, Standards, and Risks
VerifiedAdded on  2020/04/21
|25
|5476
|324
Report
AI Summary
This report provides a comprehensive overview of computer security engineering, differentiating between security frameworks and standards, and analyzing their applications in protecting sensitive information. It delves into the differences between security management standards and information security frameworks, highlighting the role of standards like ISO/IEC 27000 and frameworks such as NIST and CIS. The report explores various risk factors associated with information security, including technological vulnerabilities, social media attacks, and mobile malware, while also examining control approaches like deterrent, preventive, detective, corrective, and recovery measures. Furthermore, it discusses the importance of maintaining confidentiality, integrity, and availability of information assets. The report concludes by emphasizing the critical need for organizations to develop and implement robust information security frameworks to mitigate risks and protect against external threats.
Running head: COMPUTER SECURITY ENGINEERING
Computer Security Engineering
Name of the student:
Name of the university:
Computer Security Engineering
Name of the student:
Name of the university:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1COMPUTER SECURITY ENGINEERING
Table of Contents
Introduction..........................................................................................................................2
1. Description and explanation of the difference between security framework and
standards..........................................................................................................................................3
2. Background of information security standard and framework........................................4
3. Review of Information security approach.......................................................................9
3.1 Risks with Information Security................................................................................9
3.2 Control approaches for Information Security..........................................................12
3.3 Behavior of Information Security............................................................................14
3.4 Standardization for Information Security................................................................16
3.5 Technologies associated to Information Security....................................................17
Conclusion.........................................................................................................................20
Bibliography......................................................................................................................21
Table of Contents
Introduction..........................................................................................................................2
1. Description and explanation of the difference between security framework and
standards..........................................................................................................................................3
2. Background of information security standard and framework........................................4
3. Review of Information security approach.......................................................................9
3.1 Risks with Information Security................................................................................9
3.2 Control approaches for Information Security..........................................................12
3.3 Behavior of Information Security............................................................................14
3.4 Standardization for Information Security................................................................16
3.5 Technologies associated to Information Security....................................................17
Conclusion.........................................................................................................................20
Bibliography......................................................................................................................21
2COMPUTER SECURITY ENGINEERING
Introduction
According to the current edge of security concerns it has been defined that Information
Security management standard provides the business organization a direction to save their
confidential information secured from external assaults1. On the other hand information security
framework is a processed series of documentation used to determine the procedures and policies
for securing the information stored in the data server. Based upon business type and business
environment the information securities are designed by the management authorities. This report
focuses upon the difference between the information security management system and
information security standards.
The ISO/IEC 27000 security helps the business organizations to keep the data such as
financial data, employee’s personnel data secured from the external attacks. Each requirement
associated to the Information security management system is served properly by the ISO
standards2. In the ISO 27000 family a dozen of standards are available. Information Standard
Management System (ISMS) is referred to as a systematic approach that would save the sensitive
information from unauthenticated users. For organizational risk management also this is very
much helpful.
1 Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered information
security: Managing a strategic balance between prevention and response." Information &
Management 51, no. 1 (2014): 138-151.
2 Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,
Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert methods
used to analyze information security risk in modern wireless networks." Life Sciences Journal 23 (2014):
1239.
Introduction
According to the current edge of security concerns it has been defined that Information
Security management standard provides the business organization a direction to save their
confidential information secured from external assaults1. On the other hand information security
framework is a processed series of documentation used to determine the procedures and policies
for securing the information stored in the data server. Based upon business type and business
environment the information securities are designed by the management authorities. This report
focuses upon the difference between the information security management system and
information security standards.
The ISO/IEC 27000 security helps the business organizations to keep the data such as
financial data, employee’s personnel data secured from the external attacks. Each requirement
associated to the Information security management system is served properly by the ISO
standards2. In the ISO 27000 family a dozen of standards are available. Information Standard
Management System (ISMS) is referred to as a systematic approach that would save the sensitive
information from unauthenticated users. For organizational risk management also this is very
much helpful.
1 Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered information
security: Managing a strategic balance between prevention and response." Information &
Management 51, no. 1 (2014): 138-151.
2 Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,
Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert methods
used to analyze information security risk in modern wireless networks." Life Sciences Journal 23 (2014):
1239.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3COMPUTER SECURITY ENGINEERING
1. Description and explanation of the difference between security framework
and standards
After analyzing the details of Information Security management system and information
security standard it has been assumed that there is a huge difference between Security
management standard and Information security framework. The confusion between Information
security standard and information security framework rises, while conducting research about
software development, business running approaches, methodologies to be followed for securing
information from the external attackers or external assaults3. From the definition itself it could be
determined that, security standards are the best known practices those are usually followed and
on the other hand, framework is asset that normally put into the practices during the absence of
well defined security practices. In almost each and every enterprise based field applications ISO
has a set of standard those means following standard practices those are accepted eventually.
It has been defined that, sometimes most of the security standards are not defined as
applicable thus the management authority itself has to define a framework to meet the
managerial purposes. IS standard is a generally acceptable and solid plan those might be used in
the professional business practices4. IS standards are completely flexible and reliable from both
the business and consumer’s perspectives. Framework is not a complete picture rather it is a
3 Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges in
information security risk management." Information Management & Computer Security 22, no. 5 (2014):
410-430.
4 Yang, Yu-Ping Ou, How-Ming Shieh, and Gwo-Hshiung Tzeng. "A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment." Information Sciences 232 (2013):
482-500.
1. Description and explanation of the difference between security framework
and standards
After analyzing the details of Information Security management system and information
security standard it has been assumed that there is a huge difference between Security
management standard and Information security framework. The confusion between Information
security standard and information security framework rises, while conducting research about
software development, business running approaches, methodologies to be followed for securing
information from the external attackers or external assaults3. From the definition itself it could be
determined that, security standards are the best known practices those are usually followed and
on the other hand, framework is asset that normally put into the practices during the absence of
well defined security practices. In almost each and every enterprise based field applications ISO
has a set of standard those means following standard practices those are accepted eventually.
It has been defined that, sometimes most of the security standards are not defined as
applicable thus the management authority itself has to define a framework to meet the
managerial purposes. IS standard is a generally acceptable and solid plan those might be used in
the professional business practices4. IS standards are completely flexible and reliable from both
the business and consumer’s perspectives. Framework is not a complete picture rather it is a
3 Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges in
information security risk management." Information Management & Computer Security 22, no. 5 (2014):
410-430.
4 Yang, Yu-Ping Ou, How-Ming Shieh, and Gwo-Hshiung Tzeng. "A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment." Information Sciences 232 (2013):
482-500.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4COMPUTER SECURITY ENGINEERING
guideline that helps the company to proceed towards the required direction. In order to complete
the job perfectly, standard never allows the management authority follow any specified choice.
According to Hajli, Nick, and Xiaolin Lin the main difference between the IS standard
and IS framework is that standard are specific in nature whereas the framework are completely
general5. In addition to this, IS standards are accepted as the security level best practice whereas,
frameworks are the generally employed practices.
2. Background of information security standard and framework
The security framework is referred to as a methodological approach that helps the
enterprises to acknowledge the security framework and security standard. However this
particular approach follows a completely pragmatic direction. Again there is no such business
organization that maintains both Information System standard and Information security
framework as well. The ISS and ISF are elaborated n the below section:
ISO 27002:2013: In order to secure the information those are stored within the
organizational server, sometimes ISO 2700:2013 is used as a guideline to the organizational data
set. It also offers practices for security management, information selection and implementation of
control management. The organizational information security ambiance considers both standards
in most of the cases but if the standards are found to be inefficient the corresponding framework
should be developed. It has been found that, Information system standard is one of the most
widely used data security standard in Europe but its outcome implies that the stakeholders
associated to the this particular design could simply interpret the outline.
5 Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking sites:
The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016): 111-123.
guideline that helps the company to proceed towards the required direction. In order to complete
the job perfectly, standard never allows the management authority follow any specified choice.
According to Hajli, Nick, and Xiaolin Lin the main difference between the IS standard
and IS framework is that standard are specific in nature whereas the framework are completely
general5. In addition to this, IS standards are accepted as the security level best practice whereas,
frameworks are the generally employed practices.
2. Background of information security standard and framework
The security framework is referred to as a methodological approach that helps the
enterprises to acknowledge the security framework and security standard. However this
particular approach follows a completely pragmatic direction. Again there is no such business
organization that maintains both Information System standard and Information security
framework as well. The ISS and ISF are elaborated n the below section:
ISO 27002:2013: In order to secure the information those are stored within the
organizational server, sometimes ISO 2700:2013 is used as a guideline to the organizational data
set. It also offers practices for security management, information selection and implementation of
control management. The organizational information security ambiance considers both standards
in most of the cases but if the standards are found to be inefficient the corresponding framework
should be developed. It has been found that, Information system standard is one of the most
widely used data security standard in Europe but its outcome implies that the stakeholders
associated to the this particular design could simply interpret the outline.
5 Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking sites:
The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016): 111-123.
5COMPUTER SECURITY ENGINEERING
In order to resolve the issues associated to the information security standard it become
necessary for the system developers to design proper security framework. The different security
frameworks are discussed below:
NIST security framework: This particular security framework which has been put
frontward by the body of US standardization is mainly designed for the cyber security cell6. The
deigned IS framework include different components such as standard, guidelines, promotional
practices, critical infrastructure protection etc. In order to manage the cyber security oriented
issues the factors of the framework such as prioritization, flexibility, cost effectiveness,
repeatability etc are determined as very much helpful. For dealing with the cyber attacks, the
pliability and attentiveness the organizations offers effective view to the consumers.
CIS critical security control: Under the consideration of the former name called as
SANS 20, critical Security control is defined as the most known one. It helps to serve a set of
recommended action against the most pervasive and dangerous cyber attacks7. The Critical
Security Control approach is related to cyber security because these are generally rationalized by
professional cyber security experts considering the proper information those have been pulled
from the private and public threat resources. It offers two different kinds of approaches such as
bottom up and top down. However, between these two the most effective approach is the bottom
up approach. Over the targeted threats, it helps to focus on the prioritized security level functions
which are enough effective in nature.
6 Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information security
management: A literature review." (2014).
7 Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
In order to resolve the issues associated to the information security standard it become
necessary for the system developers to design proper security framework. The different security
frameworks are discussed below:
NIST security framework: This particular security framework which has been put
frontward by the body of US standardization is mainly designed for the cyber security cell6. The
deigned IS framework include different components such as standard, guidelines, promotional
practices, critical infrastructure protection etc. In order to manage the cyber security oriented
issues the factors of the framework such as prioritization, flexibility, cost effectiveness,
repeatability etc are determined as very much helpful. For dealing with the cyber attacks, the
pliability and attentiveness the organizations offers effective view to the consumers.
CIS critical security control: Under the consideration of the former name called as
SANS 20, critical Security control is defined as the most known one. It helps to serve a set of
recommended action against the most pervasive and dangerous cyber attacks7. The Critical
Security Control approach is related to cyber security because these are generally rationalized by
professional cyber security experts considering the proper information those have been pulled
from the private and public threat resources. It offers two different kinds of approaches such as
bottom up and top down. However, between these two the most effective approach is the bottom
up approach. Over the targeted threats, it helps to focus on the prioritized security level functions
which are enough effective in nature.
6 Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information security
management: A literature review." (2014).
7 Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6COMPUTER SECURITY ENGINEERING
Software assurance maturity model: Software assurance maturity model is referred to as
one of the open frameworks that offer enterprises to formulate and implement the business
strategies8. Different small, medium and even large organizations utilize this particular model for
the development style. This particular model could be applied in the wide organizational range,
single business lines and even in the separate projects as well.
Different types of security frameworks are available in the marketplace that implies the
following:
Governance: Two different functionalities associated to Governance security framework
are breakdowns or frameworks.
Checklist: The checklist generally deploys the control list.
Risk management: The different types of risk management approaches are infosec,
business, banking and process orientation9.
Audit and assurances: Audit and insurance are the other type of framework designed by
the Information System standards.
With the frequent rise of technologies the chances of error occurrence is also increasing
rapidly which are needed to be mitigated soon. Since 2000, security concern has become one of
the biggest challenges to most of the business organization including small, medium and large as
8 Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security
management." Journal of Information Security 4, no. 02 (2013): 92
9 Williams, Susan P., Catherine A. Hardy, and Janine A. Holgate. "Information security
governance practices in critical infrastructure organizations: A socio-technical and institutional logic
perspective." Electronic Markets 23, no. 4 (2013): 341-354.
Software assurance maturity model: Software assurance maturity model is referred to as
one of the open frameworks that offer enterprises to formulate and implement the business
strategies8. Different small, medium and even large organizations utilize this particular model for
the development style. This particular model could be applied in the wide organizational range,
single business lines and even in the separate projects as well.
Different types of security frameworks are available in the marketplace that implies the
following:
Governance: Two different functionalities associated to Governance security framework
are breakdowns or frameworks.
Checklist: The checklist generally deploys the control list.
Risk management: The different types of risk management approaches are infosec,
business, banking and process orientation9.
Audit and assurances: Audit and insurance are the other type of framework designed by
the Information System standards.
With the frequent rise of technologies the chances of error occurrence is also increasing
rapidly which are needed to be mitigated soon. Since 2000, security concern has become one of
the biggest challenges to most of the business organization including small, medium and large as
8 Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security
management." Journal of Information Security 4, no. 02 (2013): 92
9 Williams, Susan P., Catherine A. Hardy, and Janine A. Holgate. "Information security
governance practices in critical infrastructure organizations: A socio-technical and institutional logic
perspective." Electronic Markets 23, no. 4 (2013): 341-354.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7COMPUTER SECURITY ENGINEERING
well 10. If proper security perspectives are not taken by the management authority of the business
enterprises then, the company would suffer from many issues. Respective deterrent, prevention,
corrective and recovery options for the Information security are elaborated below:
Factors Deterrent Preventive Detectiv
e
Corrective Recover
y
Compensatio
n
Administratio
n
Policy and
procedure
s
Registratio
n for the
user
procedure
Violation
reports
on
review
Terminatio
n
Disaster
recovery
plan
Job rotation
Technical Banner for
security
warning
Login, IPS Logs,
IDS
Unplug,
isolation
Tape
backup,
RAID
Diskless
workstation
Physical
-
Barrier Sentry,
CCTV
Fire
resistance
Rebuild Proper defense
In order to protect the information asset from the external assaults, it is necessary for the
enterprise authorities to develop an Information Security framework. The main purpose of
developing such model would help to provide document based guidance. The main purpose of
the Information Security framework is to establish protection guidelines to the organizations to
keep the informant secured from the external attackers and external assaults. In order to address
10 Cots, Santi, and Martà Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
well 10. If proper security perspectives are not taken by the management authority of the business
enterprises then, the company would suffer from many issues. Respective deterrent, prevention,
corrective and recovery options for the Information security are elaborated below:
Factors Deterrent Preventive Detectiv
e
Corrective Recover
y
Compensatio
n
Administratio
n
Policy and
procedure
s
Registratio
n for the
user
procedure
Violation
reports
on
review
Terminatio
n
Disaster
recovery
plan
Job rotation
Technical Banner for
security
warning
Login, IPS Logs,
IDS
Unplug,
isolation
Tape
backup,
RAID
Diskless
workstation
Physical
-
Barrier Sentry,
CCTV
Fire
resistance
Rebuild Proper defense
In order to protect the information asset from the external assaults, it is necessary for the
enterprise authorities to develop an Information Security framework. The main purpose of
developing such model would help to provide document based guidance. The main purpose of
the Information Security framework is to establish protection guidelines to the organizations to
keep the informant secured from the external attackers and external assaults. In order to address
10 Cots, Santi, and Martà Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
8COMPUTER SECURITY ENGINEERING
the key control based aspects it is very much necessary for the enterprises to access or utilize
accurate framework.
Information security is referred to as a model that helps to maintain information
confidentiality, integrity and availability as well.
Confidentiality: This IS standard property helps to keep the information secured from
the external attackers. For maintaining cyber security proper entities, authorized individual and
processes are needed to be considered by the management authority to keep the information
secured11. Information confidentiality must not be exploited by the organizational members or
else it would hamper the general data flow.
Integrity: In order to defend the correctness and wholeness of assets it is necessary to
maintain the information integrity accurately.
Availability: Based on the importance of different information it is necessary for the
developers to make the data available to the employees12. This property would help to make the
data available to the authorized consumers depending upon the authenticated entity.
The concerns those must be considered for this particular Information Security standard
are very much important. Not only this but also the responsible person for this concern and its
reasons are as follows:
11 Rebollo, Oscar, Daniel Mellado, Eduardo Fernández-Medina, and Haralambos Mouratidis.
"Empirical evaluation of a cloud computing information security governance framework." Information
and Software Technology 58 (2015): 44-57.
12 Ali, Syed Mubashir. "Integration of information security essential controls into information
technology infrastructure library-A proposed framework." International Journal of Applied 4, no. 1
(2014).
the key control based aspects it is very much necessary for the enterprises to access or utilize
accurate framework.
Information security is referred to as a model that helps to maintain information
confidentiality, integrity and availability as well.
Confidentiality: This IS standard property helps to keep the information secured from
the external attackers. For maintaining cyber security proper entities, authorized individual and
processes are needed to be considered by the management authority to keep the information
secured11. Information confidentiality must not be exploited by the organizational members or
else it would hamper the general data flow.
Integrity: In order to defend the correctness and wholeness of assets it is necessary to
maintain the information integrity accurately.
Availability: Based on the importance of different information it is necessary for the
developers to make the data available to the employees12. This property would help to make the
data available to the authorized consumers depending upon the authenticated entity.
The concerns those must be considered for this particular Information Security standard
are very much important. Not only this but also the responsible person for this concern and its
reasons are as follows:
11 Rebollo, Oscar, Daniel Mellado, Eduardo Fernández-Medina, and Haralambos Mouratidis.
"Empirical evaluation of a cloud computing information security governance framework." Information
and Software Technology 58 (2015): 44-57.
12 Ali, Syed Mubashir. "Integration of information security essential controls into information
technology infrastructure library-A proposed framework." International Journal of Applied 4, no. 1
(2014).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9COMPUTER SECURITY ENGINEERING
 The security standards would affect the users the most
 The system support personnel are required to deploy and adopt the information
security standard
 For associated cost of the policy and procedure and data protection the executive
management is very much concern
3. Review of Information security approach
3.1 Risks with Information Security
The Information Security standard and Information security framework are two
completely different things that most of the business organizations use in their operational and
functional activities13. It has been assumed that, most of the big industries are fundamentally
dependent upon their corresponding Information system. For the business operation, structure
and strategies vast implication approaches are there. However, many risks are associated to
Information security and those are as follows:
Technology with a lack of security: It has been found that many new technologies are
evolving each day. On the other hand there are certain cases where the access of internet is
necessary but necessary security aspects are not there. Serious amount of risks might occur due
to this reason. It has been assumed that each of these insecure connections leads the
organizational operation towards vulnerability. For the innovators rapid technology development
is a testament, though security lags in each and every case.
13 Attrapadung, Nuttapong. "Dual system encryption via doubly selective security: Framework,
fully secure functional encryption for regular languages, and more." In Annual International Conference
on the Theory and Applications of Cryptographic Techniques, pp. 557-577. Springer, Berlin, Heidelberg,
2014.
 The security standards would affect the users the most
 The system support personnel are required to deploy and adopt the information
security standard
 For associated cost of the policy and procedure and data protection the executive
management is very much concern
3. Review of Information security approach
3.1 Risks with Information Security
The Information Security standard and Information security framework are two
completely different things that most of the business organizations use in their operational and
functional activities13. It has been assumed that, most of the big industries are fundamentally
dependent upon their corresponding Information system. For the business operation, structure
and strategies vast implication approaches are there. However, many risks are associated to
Information security and those are as follows:
Technology with a lack of security: It has been found that many new technologies are
evolving each day. On the other hand there are certain cases where the access of internet is
necessary but necessary security aspects are not there. Serious amount of risks might occur due
to this reason. It has been assumed that each of these insecure connections leads the
organizational operation towards vulnerability. For the innovators rapid technology development
is a testament, though security lags in each and every case.
13 Attrapadung, Nuttapong. "Dual system encryption via doubly selective security: Framework,
fully secure functional encryption for regular languages, and more." In Annual International Conference
on the Theory and Applications of Cryptographic Techniques, pp. 557-577. Springer, Berlin, Heidelberg,
2014.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10COMPUTER SECURITY ENGINEERING
Social media attack: In order to distribute cyber attack as a complex approach, the
cyber criminals are using the social media as a distribution medium14. The main risk associated
to this implies that with the usage of social media, set of operational and functional activities of
the websites might be interrupted.
Mobile Malware: The experts of Information security have highlighted that the rate of
risk is increasing in mobile devices also from the very early connectivity stage. Due to lack
security concerns most of the mobile phone mediums are frequently getting attacked by the
external information hijackers. These kinds of risks are referred to as the catastrophic risks.
Negligence in system configuration: In order to fix the entrepreneurial requirements
with proper customization, big data tool is highlighted as very much helpful. Due to lack of
properly configured security concerns, this kind of risks occurs.
Obsolete security software: Due to lack of usage of different security software the
technology based management practices and big data protection approaches would be interrupted
completely15. In order to preserve the known security threats software are required to be
developed by the management authority of the business organizations.
Lack of encryption algorithm: Encryption algorithm is referred to as one of the most
important things that are strictly required to be considered by the management authority. It
14 Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
15 Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption
framework: A security framework for business clouds." Future Generation Computer Systems57 (2016):
24-41.
Social media attack: In order to distribute cyber attack as a complex approach, the
cyber criminals are using the social media as a distribution medium14. The main risk associated
to this implies that with the usage of social media, set of operational and functional activities of
the websites might be interrupted.
Mobile Malware: The experts of Information security have highlighted that the rate of
risk is increasing in mobile devices also from the very early connectivity stage. Due to lack
security concerns most of the mobile phone mediums are frequently getting attacked by the
external information hijackers. These kinds of risks are referred to as the catastrophic risks.
Negligence in system configuration: In order to fix the entrepreneurial requirements
with proper customization, big data tool is highlighted as very much helpful. Due to lack of
properly configured security concerns, this kind of risks occurs.
Obsolete security software: Due to lack of usage of different security software the
technology based management practices and big data protection approaches would be interrupted
completely15. In order to preserve the known security threats software are required to be
developed by the management authority of the business organizations.
Lack of encryption algorithm: Encryption algorithm is referred to as one of the most
important things that are strictly required to be considered by the management authority. It
14 Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
15 Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption
framework: A security framework for business clouds." Future Generation Computer Systems57 (2016):
24-41.
11COMPUTER SECURITY ENGINEERING
would help the business operations and enterprise functions to protect information from the
external assaults.
Insufficient Security technology: After investing and monitoring the application level
details of the software it has been assumed that, for different technologies and software
application different security level technologies are needed. It would help the business
organizations to gain effective managing tools16. Currently most of the business organizations are
relied upon the technologies. Therefore, complete protection from the external attackers is very
much necessary.
Corporate data security: It is necessary for the business organizations to store the
corporate information in proper devices. If information is stored in the personnel devices then,
those could be easily accessed by the unauthenticated users17. Therefore, for keeping the data
server secured from the external attackers it is necessary to adopt proper security approaches
otherwise high level security issues will occur in the business organization.
Entry from the third party: Every least resistance path is always preferred by the cyber
criminals. For any vast network, target is referred to as the poster child. Thus, through the third
party entry point major level attacks might occur. Due to lack of security concern in the third
party entry point, hijackers might enter to the system very easily which is a major issue for the
business organizations.
16 Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
17 Cavelty, Myriam Dunn, and Victor Mauer. Power and security in the information age:
Investigating the role of the state in cyberspace. Routledge, 2016.
would help the business operations and enterprise functions to protect information from the
external assaults.
Insufficient Security technology: After investing and monitoring the application level
details of the software it has been assumed that, for different technologies and software
application different security level technologies are needed. It would help the business
organizations to gain effective managing tools16. Currently most of the business organizations are
relied upon the technologies. Therefore, complete protection from the external attackers is very
much necessary.
Corporate data security: It is necessary for the business organizations to store the
corporate information in proper devices. If information is stored in the personnel devices then,
those could be easily accessed by the unauthenticated users17. Therefore, for keeping the data
server secured from the external attackers it is necessary to adopt proper security approaches
otherwise high level security issues will occur in the business organization.
Entry from the third party: Every least resistance path is always preferred by the cyber
criminals. For any vast network, target is referred to as the poster child. Thus, through the third
party entry point major level attacks might occur. Due to lack of security concern in the third
party entry point, hijackers might enter to the system very easily which is a major issue for the
business organizations.
16 Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
17 Cavelty, Myriam Dunn, and Victor Mauer. Power and security in the information age:
Investigating the role of the state in cyberspace. Routledge, 2016.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.