Cyber Security Report: Access Control, Threats, and Solutions
VerifiedAdded on  2022/12/29
|24
|9360
|80
Report
AI Summary
This report delves into the multifaceted realm of cyber security, with a specific focus on access control mechanisms within organizations. It begins with an introduction to the core concepts of cyber security, defining it as the protection of digital systems and data from malicious attacks, and outlining the scope of the research, including its aims, objectives, and background. A comprehensive literature review then explores the key components of cyber security, such as people, processes, and technology, and categorizes various types of cyber security management, including network, application, and information security, as well as disaster recovery and end-user education. The review also examines different types of cyber threats, including malware, SQL injection, phishing, and denial-of-service attacks. The report then analyzes the concept of access control, discussing its role in limiting data access, authentication techniques, and the importance of strong passwords. Finally, it addresses the importance and limitations of using access control in an organization.
Report on Cyber
Security
Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................1
LITERATURE REVIEW................................................................................................................2
DISCUSSIONS..............................................................................................................................17
CONCLUSION..............................................................................................................................19
References:.....................................................................................................................................20
INTRODUCTION...........................................................................................................................1
LITERATURE REVIEW................................................................................................................2
DISCUSSIONS..............................................................................................................................17
CONCLUSION..............................................................................................................................19
References:.....................................................................................................................................20
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INTRODUCTION
Research topic: To understand the concept of access control on cyber security in an
organization
Research aim: To investigate about the principles of access control and it's emphasis on cyber
security in an organization
Research objectives:
ï‚· To analyse the concept of cyber security and it's effect on IT function in an organization
ï‚· To examine the consequences of requirements and recovery solutions given by cyber
security on the working of an organization
ï‚· To determine the effect of the concept of access control on the organizational
performance
ï‚· To identify the impact of working, components and types of access control on the
organizational operations
ï‚· To observe the outcome of relationship between the cyber security and access control on
the organizational management
ï‚· To study about the importance and limitations of using access control in an organization
Research background:
Cyber security can be defined as the prevention of the technical devices such as hardware
and software from unusual attacks from hackers. In other words, it is also known as electronic
information security or information technology security. It saves the network, computers,
servers, mobile devices, electronic systems and data from malicious attacks. It provides
securities in various forms such as network security, application security, information security,
operational security, disaster recovery, business continuity and end user education (Sun, Hahn
and Liu, 2018).
There are various types of cyber threats involved in it such as cyber crime, cyber attack
and cyber terrorism which uses different methods to attack such as using malware, viruses,
trojans, spyware, ransomware, adware, botnets, SQL injection, phishing, man in the middle
attack, denial of service attack, dridex malware, romance scams and emotet malware.
Therefore, in accordance of it, there are various safety tips are also provided from the end
user protection side such as frequently updating the software and operating system whenever it
feels that system is not working properly or automatically in some time, using anti virus software
1
Research topic: To understand the concept of access control on cyber security in an
organization
Research aim: To investigate about the principles of access control and it's emphasis on cyber
security in an organization
Research objectives:
ï‚· To analyse the concept of cyber security and it's effect on IT function in an organization
ï‚· To examine the consequences of requirements and recovery solutions given by cyber
security on the working of an organization
ï‚· To determine the effect of the concept of access control on the organizational
performance
ï‚· To identify the impact of working, components and types of access control on the
organizational operations
ï‚· To observe the outcome of relationship between the cyber security and access control on
the organizational management
ï‚· To study about the importance and limitations of using access control in an organization
Research background:
Cyber security can be defined as the prevention of the technical devices such as hardware
and software from unusual attacks from hackers. In other words, it is also known as electronic
information security or information technology security. It saves the network, computers,
servers, mobile devices, electronic systems and data from malicious attacks. It provides
securities in various forms such as network security, application security, information security,
operational security, disaster recovery, business continuity and end user education (Sun, Hahn
and Liu, 2018).
There are various types of cyber threats involved in it such as cyber crime, cyber attack
and cyber terrorism which uses different methods to attack such as using malware, viruses,
trojans, spyware, ransomware, adware, botnets, SQL injection, phishing, man in the middle
attack, denial of service attack, dridex malware, romance scams and emotet malware.
Therefore, in accordance of it, there are various safety tips are also provided from the end
user protection side such as frequently updating the software and operating system whenever it
feels that system is not working properly or automatically in some time, using anti virus software
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
is most common method used by the people to defend their systems from virus attacks, using
strong passwords is a basic etiquettes that every must follow to safeguard their systems and data,
avoid opening emails from the sender who are unknown to the user and the most importantly,
ignore the open Wi Fi networks to connect for safety purpose.
Access control can be defined as the technique or method of cyber security which
supports an organization or an individual to limit the access or to control the access on their data
and information either it is important, private or confidential. It can be used by a person for it's
personal or can be used by an organization to safeguard their privacy of data. It allows to access
those people only who are authorised to control that data or information, authentication is
necessarily required to reach out the data if access control method has been applied by the firm.
It helps and supports the company in minimizing the risks of losses or data breaches which can
be caused if access control is not used because it limits or restricts the connections to data,
systems files or folders and computer networks. The best access control systems are Salto, Kisi,
honeywell, Bosch, Schlage, Paxton, HID and ADT (Carley, Cervone, Agarwal and Liu, 2018).
The following discussions are based on the concept of cyber security and it's essentials in
an organization, concept of access control which includes the configuration authentication
technique, password cracking of operating systems such as of Linus and Windows, working of
access control, various components that are associated with the access control, different types
access control it consist, importance and limitations of using the access control approach of
cyber security in an organization with proper findings and conclusions.
LITERATURE REVIEW
Concept of Cyber security
Cyber security is referred to as the security against the internet crime either intentional or
unintentional that occurs due to the cyber threats. It involves the whole process which includes
it’s categories, types, threats and protection which is required to get knowledge by each and
every employee in an organization (Gupta, 2018). It has mainly three components involved in
cyber security that are people, processes and technology, explanation are as follows:
People
It is one of the most important component of cyber security because human beings are the
ones who are responsible for the development of the technology, misusing of technology and
2
strong passwords is a basic etiquettes that every must follow to safeguard their systems and data,
avoid opening emails from the sender who are unknown to the user and the most importantly,
ignore the open Wi Fi networks to connect for safety purpose.
Access control can be defined as the technique or method of cyber security which
supports an organization or an individual to limit the access or to control the access on their data
and information either it is important, private or confidential. It can be used by a person for it's
personal or can be used by an organization to safeguard their privacy of data. It allows to access
those people only who are authorised to control that data or information, authentication is
necessarily required to reach out the data if access control method has been applied by the firm.
It helps and supports the company in minimizing the risks of losses or data breaches which can
be caused if access control is not used because it limits or restricts the connections to data,
systems files or folders and computer networks. The best access control systems are Salto, Kisi,
honeywell, Bosch, Schlage, Paxton, HID and ADT (Carley, Cervone, Agarwal and Liu, 2018).
The following discussions are based on the concept of cyber security and it's essentials in
an organization, concept of access control which includes the configuration authentication
technique, password cracking of operating systems such as of Linus and Windows, working of
access control, various components that are associated with the access control, different types
access control it consist, importance and limitations of using the access control approach of
cyber security in an organization with proper findings and conclusions.
LITERATURE REVIEW
Concept of Cyber security
Cyber security is referred to as the security against the internet crime either intentional or
unintentional that occurs due to the cyber threats. It involves the whole process which includes
it’s categories, types, threats and protection which is required to get knowledge by each and
every employee in an organization (Gupta, 2018). It has mainly three components involved in
cyber security that are people, processes and technology, explanation are as follows:
People
It is one of the most important component of cyber security because human beings are the
ones who are responsible for the development of the technology, misusing of technology and
2
recovery solution of the same as well. That is why people are the most necessary component who
can evolve the whole processes of cyber security.
Processes
It is another component of cyber security because it includes the overall process in an
organization which mainly follows the whole procedure such as formation of technical systems,
hardware or software, formation of team management, hiring technical specialist, safety of
technical devices, data and information. This whole plan of action helps an organization to build
up it’s information technology function (El Mrabet, Kaabouch, El Ghazi and El Ghazi, 2018).
Technology
It is a component without which cyber security can be impossible to execute because if
there is no proper technology to safeguard the technical devices of the company as safety and
security is the most essential part of the information technology department because they are one
who will be responsible to install or design those technology in the company which can be
appropriately support the firm in protecting their data or information.
Categories of cyber security
There are various types of management which is essentially required in the company for
better safety and security of important, private and confidential data and information (Srinivas,
Das and Kumar, 2019). Such management categories are necessary to execute in an organization
so that functional requirements and operations can be maintained in the firm. Such management
are as follows:
Network Security
It is a type of security where network is being the most necessary thing to make secure
because it is the thing which is maximum and most easily attacked by the people or intruders
whose main motive is to disrupt the network security. Therefore, it is essential to safeguard the
network first because it is the easiest way to enter into the systems so there should be the proper
network security in an organization (Apruzzese, Colajanni, Ferretti and Marchetti, 2018).
Application security
It is a security which focuses on securing the various applications like software or devices
from viruses and many other attacks which usually harms the working of the systems and mainly
targets the operating systems of the computer which generally also leads to the corruption of it
3
can evolve the whole processes of cyber security.
Processes
It is another component of cyber security because it includes the overall process in an
organization which mainly follows the whole procedure such as formation of technical systems,
hardware or software, formation of team management, hiring technical specialist, safety of
technical devices, data and information. This whole plan of action helps an organization to build
up it’s information technology function (El Mrabet, Kaabouch, El Ghazi and El Ghazi, 2018).
Technology
It is a component without which cyber security can be impossible to execute because if
there is no proper technology to safeguard the technical devices of the company as safety and
security is the most essential part of the information technology department because they are one
who will be responsible to install or design those technology in the company which can be
appropriately support the firm in protecting their data or information.
Categories of cyber security
There are various types of management which is essentially required in the company for
better safety and security of important, private and confidential data and information (Srinivas,
Das and Kumar, 2019). Such management categories are necessary to execute in an organization
so that functional requirements and operations can be maintained in the firm. Such management
are as follows:
Network Security
It is a type of security where network is being the most necessary thing to make secure
because it is the thing which is maximum and most easily attacked by the people or intruders
whose main motive is to disrupt the network security. Therefore, it is essential to safeguard the
network first because it is the easiest way to enter into the systems so there should be the proper
network security in an organization (Apruzzese, Colajanni, Ferretti and Marchetti, 2018).
Application security
It is a security which focuses on securing the various applications like software or devices
from viruses and many other attacks which usually harms the working of the systems and mainly
targets the operating systems of the computer which generally also leads to the corruption of it
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
which results in loss of data and information. Therefore, it is significant to safeguard and secure
the application in an organization.
Information security
It is a security which targets the private and large amount of information and data and it
is considered as the most important security because data in every organization has a great value
in terms of estimation and forecasting anything related to the finance, profits or losses, so loss in
data can cause the high loss for the company, therefore in order to maintain and secure the
important data and information, it is significant to safeguard the data and information by using
various technical elements of data security (Al-Mhiqani, Ahmad, Yassin and Abdulkareem,
2018).
Operational security
It is a security where operations of the organization which are stored in the systems are
secured because there are various software of human resource, finance, marketing, research and
development, production and many more which contains their data to operate and it helps the
company in smooth functioning. Hence, it is required to safeguard such operations in the systems
on which the major function of the organization is dependent on.
Disaster recovery or business continuity
It is the security where the company must focus on the recovery solution after being the
victim of cyber-attack or crime. Organization should have the better solutions to cope up with all
such crimes and adopt the measures to fight against such attacks so that they can save their
important resource of the company and cannot go in a huge loss (Nguyen and Reddi, 2019).
End-user education
It is the security which can be adopted by the casual employees of the company which
means that they must take care while working on the system that they should not perform any
action which can harm the system and an organization in any way. Therefore, their training is
required to teach them that how they can operate the system without get affected from the
unusual attacks.
Mobile security
It is the security of mobile devices of the company in which organization’s data and
important information is stored. Mobile security is essential because now a days people don’t
carry their systems everywhere so they carry their data and important resources in their mobile
4
the application in an organization.
Information security
It is a security which targets the private and large amount of information and data and it
is considered as the most important security because data in every organization has a great value
in terms of estimation and forecasting anything related to the finance, profits or losses, so loss in
data can cause the high loss for the company, therefore in order to maintain and secure the
important data and information, it is significant to safeguard the data and information by using
various technical elements of data security (Al-Mhiqani, Ahmad, Yassin and Abdulkareem,
2018).
Operational security
It is a security where operations of the organization which are stored in the systems are
secured because there are various software of human resource, finance, marketing, research and
development, production and many more which contains their data to operate and it helps the
company in smooth functioning. Hence, it is required to safeguard such operations in the systems
on which the major function of the organization is dependent on.
Disaster recovery or business continuity
It is the security where the company must focus on the recovery solution after being the
victim of cyber-attack or crime. Organization should have the better solutions to cope up with all
such crimes and adopt the measures to fight against such attacks so that they can save their
important resource of the company and cannot go in a huge loss (Nguyen and Reddi, 2019).
End-user education
It is the security which can be adopted by the casual employees of the company which
means that they must take care while working on the system that they should not perform any
action which can harm the system and an organization in any way. Therefore, their training is
required to teach them that how they can operate the system without get affected from the
unusual attacks.
Mobile security
It is the security of mobile devices of the company in which organization’s data and
important information is stored. Mobile security is essential because now a days people don’t
carry their systems everywhere so they carry their data and important resources in their mobile
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
devices which are easy to carry and work with. Therefore, it is important to secure the mobile
devices as well for better protection of the firm’s resources in an efficient manner (Berman,
Buczak, Chavis and Corbett, 2019).
Types of cyber security
Cyber crime
It is a crime related to the internet and which is expanded across the world and any one
can misuse the information stored on the internet especially if it is on public mode. It is involves
mainly people whose motive is to gain the financial satisfaction or to take revenge from someone
by destroying someone’s systems by hacking or doing something illegal with other people.
Cyber attack
It is the attack done on the internet and via internet by the people whose main motive is to
gather the data or information which is private and confidential just to know about the data and
can blackmail another person to not to leak or destroy the data and demands for money in place
of that or any other reason (Gunduz and Das, 2020)(Petrenko, 2018).
Cyber terrorism
It is a terrorism which is mainly caused to bring panic or fear in someone about losing
their system security or destroy something technical which is necessary for an organization. This
is similar to the cyber crime and cyber attack because this is also done to blackmail people for
their personal benefits.
Threats of cyber security
Malware
It is a type of malicious software which attacks the internal software of the systems which
is especially unauthorized access by the user. They are in the forms of viruses, Trojans, spyware,
ransom ware, adware and botnets. These are the different ways in which they attack the system
in an organization who have no or less protection from cyber attacks (Li, He, Xu and Yuan,
2019).
SQL injection
It is known as the structured query language injection which means that attacks are done
through the data and database which are extracted through it for gaining information so that it
can be used or misused for further usage of it. It has the platform of SQL to gather the important
5
devices as well for better protection of the firm’s resources in an efficient manner (Berman,
Buczak, Chavis and Corbett, 2019).
Types of cyber security
Cyber crime
It is a crime related to the internet and which is expanded across the world and any one
can misuse the information stored on the internet especially if it is on public mode. It is involves
mainly people whose motive is to gain the financial satisfaction or to take revenge from someone
by destroying someone’s systems by hacking or doing something illegal with other people.
Cyber attack
It is the attack done on the internet and via internet by the people whose main motive is to
gather the data or information which is private and confidential just to know about the data and
can blackmail another person to not to leak or destroy the data and demands for money in place
of that or any other reason (Gunduz and Das, 2020)(Petrenko, 2018).
Cyber terrorism
It is a terrorism which is mainly caused to bring panic or fear in someone about losing
their system security or destroy something technical which is necessary for an organization. This
is similar to the cyber crime and cyber attack because this is also done to blackmail people for
their personal benefits.
Threats of cyber security
Malware
It is a type of malicious software which attacks the internal software of the systems which
is especially unauthorized access by the user. They are in the forms of viruses, Trojans, spyware,
ransom ware, adware and botnets. These are the different ways in which they attack the system
in an organization who have no or less protection from cyber attacks (Li, He, Xu and Yuan,
2019).
SQL injection
It is known as the structured query language injection which means that attacks are done
through the data and database which are extracted through it for gaining information so that it
can be used or misused for further usage of it. It has the platform of SQL to gather the important
5
data and information and those people use this method who have a good knowledge about coding
and SQL.
Phishing
It is the attack which is done via emails which mean attackers send emails, spams,
attachments and many more different forms of things, if user opens them or clicks on them, then
attackers get the knowledge of their systems for hacking and they hack their systems and get
over the controlled on their software and hardware (Husák, Komárková, Bou-Harb and Čeleda,
2018).
Man in the middle attack
It is a type of threat which is done to hamper the communication between two people
which means whatever the resources are being shared between two people can be accesses by
that person who is seeking for hacking their private data or information for further use or misuse
the same.
Denial of service attack
This type of attack states that if an organization wants to pursue some function over the
internet and highly needs the large range of network connection, so this attack prevents the
company in performing the functions that are very vital for an organization and denies the
request to follow or providing services the firm is asking for (Kure, Islam and Razzaque, 2018).
Social engineering
It is a type of attack which is mainly done for money or to extracting out the card details
so that they can steal the money from the person whose card details they have gathered. They
gather information by clicking on any site and sometimes because of their greediness, hackers
use such methods to make the use of fraud sites to attract the users to steal money from them.
Protection of cyber security
Update
It is important to update each and every software and technical device in an organization
so that security can be maintained and there could be less chances of cyber crime and attacks
because it has a direct relationship between updates and cyber crime which means if devices are
up to date then there is less possibilities of hacking and vice versa (von Solms and von Solms,
2018).
Antivirus
6
and SQL.
Phishing
It is the attack which is done via emails which mean attackers send emails, spams,
attachments and many more different forms of things, if user opens them or clicks on them, then
attackers get the knowledge of their systems for hacking and they hack their systems and get
over the controlled on their software and hardware (Husák, Komárková, Bou-Harb and Čeleda,
2018).
Man in the middle attack
It is a type of threat which is done to hamper the communication between two people
which means whatever the resources are being shared between two people can be accesses by
that person who is seeking for hacking their private data or information for further use or misuse
the same.
Denial of service attack
This type of attack states that if an organization wants to pursue some function over the
internet and highly needs the large range of network connection, so this attack prevents the
company in performing the functions that are very vital for an organization and denies the
request to follow or providing services the firm is asking for (Kure, Islam and Razzaque, 2018).
Social engineering
It is a type of attack which is mainly done for money or to extracting out the card details
so that they can steal the money from the person whose card details they have gathered. They
gather information by clicking on any site and sometimes because of their greediness, hackers
use such methods to make the use of fraud sites to attract the users to steal money from them.
Protection of cyber security
Update
It is important to update each and every software and technical device in an organization
so that security can be maintained and there could be less chances of cyber crime and attacks
because it has a direct relationship between updates and cyber crime which means if devices are
up to date then there is less possibilities of hacking and vice versa (von Solms and von Solms,
2018).
Antivirus
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
It is a type of software which protects the system from virus attack. It is highly important
and most required software in any system as it prevents the any type of virus from attacking the
system. Moreover, it notifies the system before hand only that that this site or this file is
corrupted and riskier to open in the systems because of unknown sources.
Passwords
It is a method of prevention from attacking before becoming the victim that is using
strong passwords as suggested by the site or system. They usually suggest of using uppercase
and lower case letters, number and symbols for password generation because combination of
such passwords proves difficult for the hacker to take over the control or break it in any way.
Such pass words are mainly used in highly private data or information (Hildreth, Qualcomm Inc,
2018).
Emails
Emails are something which are generally used to mail some official or professional
message to some organization or corporates. Apart from this, many companies use emails for
marketing and bulk emailing to create awareness for their products. But some hackers use this
feature for misusing to steal money and data from the users by sending them fraud mails or links
or attachments in which lottery content are written so that user's greediness can be the victim of
cyber crime. Therefore, it is important for every one to resist themselves and take care and
ensures that the email they are opening are not fraud but safe for using.
Wi-Fi
There are various Wi-Fi networks revolves around for the internet connection which
surrounds the organization. Some are open networks which means any one can connect to them
and some are encrypted with passwords. It is important for the company to stay away from the
open networks because all open networks are not safe, they intentionally wants that someone
could connect their Wi-Fi and they can get the access in their systems for stealing data and
information or any other purpose. Therefore, it is essential that not to connect any unknown open
network and only use the organization's Wi-Fi for working and safeguarding their systems
(Zhang, Kasahara, Shen and Wan, 2018).
Training and awareness
Some employees in an organization do not have any knowledge of information
technology and cyber crime, hence it is significant to set and organize a proper and an
7
and most required software in any system as it prevents the any type of virus from attacking the
system. Moreover, it notifies the system before hand only that that this site or this file is
corrupted and riskier to open in the systems because of unknown sources.
Passwords
It is a method of prevention from attacking before becoming the victim that is using
strong passwords as suggested by the site or system. They usually suggest of using uppercase
and lower case letters, number and symbols for password generation because combination of
such passwords proves difficult for the hacker to take over the control or break it in any way.
Such pass words are mainly used in highly private data or information (Hildreth, Qualcomm Inc,
2018).
Emails
Emails are something which are generally used to mail some official or professional
message to some organization or corporates. Apart from this, many companies use emails for
marketing and bulk emailing to create awareness for their products. But some hackers use this
feature for misusing to steal money and data from the users by sending them fraud mails or links
or attachments in which lottery content are written so that user's greediness can be the victim of
cyber crime. Therefore, it is important for every one to resist themselves and take care and
ensures that the email they are opening are not fraud but safe for using.
Wi-Fi
There are various Wi-Fi networks revolves around for the internet connection which
surrounds the organization. Some are open networks which means any one can connect to them
and some are encrypted with passwords. It is important for the company to stay away from the
open networks because all open networks are not safe, they intentionally wants that someone
could connect their Wi-Fi and they can get the access in their systems for stealing data and
information or any other purpose. Therefore, it is essential that not to connect any unknown open
network and only use the organization's Wi-Fi for working and safeguarding their systems
(Zhang, Kasahara, Shen and Wan, 2018).
Training and awareness
Some employees in an organization do not have any knowledge of information
technology and cyber crime, hence it is significant to set and organize a proper and an
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
appropriate training and development session especially for teaching theoretically and practically
about the cyber crime and what activities they must not perform while working on the systems
and what things they need to take care of while using internet connection so that they can be
protected from cyber attack.
Risk assessments
It is the term used for evaluating and analysing the risks in the systems because if systems
are updated then they can notify beforehand only about any risk associated with the file or
website but sometimes they do not notify so it is important to check the systems and assessing
the risk before only so that any harm to the systems can be prevented and protected on an early
basis (Verweyst, Cochran and Sivathanu, Google LLC, 2019).
Backing up data
It is one of the most preventive technique because in case in future there is a loss of data
due to any windows corruption or any other reason, it is necessary to backup data so that
recovery can be easy of that information for further use, because if data is not backed up then it
can be impossible for the user to gain back that data and company can suffer a huge loss out of it.
Therefore, it is important to immediately back up the important or even unimportant information
on the servers of an organization so that company can recover that easily.
Encryption
It is defined as the coded language from a certain people to some people which means
that some data or information which is highly confidential and private must be encoded among
those people only who can understand that language for further use. Decryption is an opposite
word which means decoding that data or information after work has been accomplished without
any leaking and hindrance of data. Therefore, it is necessary for the employees to communicate
with the data in the form of encryption and decryption so that no one can unlock that coded
language (Ravidas, Lekidis, Paci and Zannone, 2019).
Secure designing
It is a preventive measure which must be taken care at the time of designing of the
system's software or in the installation process. At the time of coding, there is a security code
which is required to be written down so that security can be in built in the system which helps
the organization to work freely with the system but it needs to be updated timely. This process is
performed by the IT specialist in software designing.
8
about the cyber crime and what activities they must not perform while working on the systems
and what things they need to take care of while using internet connection so that they can be
protected from cyber attack.
Risk assessments
It is the term used for evaluating and analysing the risks in the systems because if systems
are updated then they can notify beforehand only about any risk associated with the file or
website but sometimes they do not notify so it is important to check the systems and assessing
the risk before only so that any harm to the systems can be prevented and protected on an early
basis (Verweyst, Cochran and Sivathanu, Google LLC, 2019).
Backing up data
It is one of the most preventive technique because in case in future there is a loss of data
due to any windows corruption or any other reason, it is necessary to backup data so that
recovery can be easy of that information for further use, because if data is not backed up then it
can be impossible for the user to gain back that data and company can suffer a huge loss out of it.
Therefore, it is important to immediately back up the important or even unimportant information
on the servers of an organization so that company can recover that easily.
Encryption
It is defined as the coded language from a certain people to some people which means
that some data or information which is highly confidential and private must be encoded among
those people only who can understand that language for further use. Decryption is an opposite
word which means decoding that data or information after work has been accomplished without
any leaking and hindrance of data. Therefore, it is necessary for the employees to communicate
with the data in the form of encryption and decryption so that no one can unlock that coded
language (Ravidas, Lekidis, Paci and Zannone, 2019).
Secure designing
It is a preventive measure which must be taken care at the time of designing of the
system's software or in the installation process. At the time of coding, there is a security code
which is required to be written down so that security can be in built in the system which helps
the organization to work freely with the system but it needs to be updated timely. This process is
performed by the IT specialist in software designing.
8
Concept of access control
Access control is referred to as a part of cyber security which states that the access is
being controlled on the private data or information and only those people will access who are
authorised and can maintain authenticity with the confidential information. Following are the
different concepts of access control studied which are as follows:
Configuration authentication
It is defined as the authentication which must be configured at the time of formation of
private data and information which states that who will going to access and who will not
(Schuster, Shmatikov and Tromer, 2018). There are various types of authentication such as
password based authentication which needs the strong password, certificate based authentication
which means only those people can access who are certified to open the file, biometric
authentication which means the usage of finger prints, eyes, face, heart beat and many more
signs which relates to the human body to unlock the file access, token based authentication
which means that token is provided to the people who can access the file and can use that token
for using the same and multi factor authentication which means that more than one
authentication techniques is applied on the same file to access for strong protection and high
privacy system.
Using Two-factor authentication to secure the firewall
It is similar to the multi factor authentication system which states that more than one
methods are used to safeguard the system or private data and information. Firewall can be
secured using two factor authentication in three different types such as first is knowledge factors
which means that something which user already knows to unlock the network such as the email
address, passwords, user name, security questions, CVV number, card details and many more.
Second is possession factors which means that something which the user owns such as the
mobile phones, USB token, card reader and many more. Third is inherent factors which means
that something the user has such as the physical attributes of the user related with their body
parts like finger prints, retinal scans, voice recognition and many more just similar to biometric
authentication (He, Golla, Padhi and Ur, 2018).
Password cracking with Linux
There are various tools used in password cracking with Linux such as CeWL tool which
states that they follows the external links and outputs for cracking the password by suing list of
9
Access control is referred to as a part of cyber security which states that the access is
being controlled on the private data or information and only those people will access who are
authorised and can maintain authenticity with the confidential information. Following are the
different concepts of access control studied which are as follows:
Configuration authentication
It is defined as the authentication which must be configured at the time of formation of
private data and information which states that who will going to access and who will not
(Schuster, Shmatikov and Tromer, 2018). There are various types of authentication such as
password based authentication which needs the strong password, certificate based authentication
which means only those people can access who are certified to open the file, biometric
authentication which means the usage of finger prints, eyes, face, heart beat and many more
signs which relates to the human body to unlock the file access, token based authentication
which means that token is provided to the people who can access the file and can use that token
for using the same and multi factor authentication which means that more than one
authentication techniques is applied on the same file to access for strong protection and high
privacy system.
Using Two-factor authentication to secure the firewall
It is similar to the multi factor authentication system which states that more than one
methods are used to safeguard the system or private data and information. Firewall can be
secured using two factor authentication in three different types such as first is knowledge factors
which means that something which user already knows to unlock the network such as the email
address, passwords, user name, security questions, CVV number, card details and many more.
Second is possession factors which means that something which the user owns such as the
mobile phones, USB token, card reader and many more. Third is inherent factors which means
that something the user has such as the physical attributes of the user related with their body
parts like finger prints, retinal scans, voice recognition and many more just similar to biometric
authentication (He, Golla, Padhi and Ur, 2018).
Password cracking with Linux
There are various tools used in password cracking with Linux such as CeWL tool which
states that they follows the external links and outputs for cracking the password by suing list of
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 24
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.