Case Study Analysis Report: Computer Security, OMA050-6

Verified

Added on 2023/01/13

AI Summary

This report presents a case study analysis of Relocate4U, an online real estate agency, focusing on its cybersecurity vulnerabilities and potential improvements. The analysis begins by outlining immediate recommendations for cybersecurity professionals, emphasizing the importance of developing robust cybersecurity policies, incorporating advanced software technologies, and implementing employee training programs. It also discusses the significance of frameworks like the UK's National Cyber Security Strategy and regulatory requirements such as firewalls and encryption. The report then critically discusses long-term initiatives to encourage positive change in assessing security risks and maintaining privacy, particularly in a corporate environment. It identifies and compares various security risk assessment methodologies, including penetration testing and the IDS-IPS approach, providing clear links to the case study. The report recommends implementing IDS-IPS to enhance data confidentiality and protect against cyber threats, considering the agency's interest in adopting advanced security monitoring tools. The analysis underscores the importance of proactive measures and strategic frameworks in strengthening an organization's cybersecurity posture. The report concludes by emphasizing the necessity for continuous evaluation and adaptation to evolving cyber threats.

Running head: Case Study Analysis
CASE STUDY ANALYSIS
Name of the Student
Name of the University
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1Computer Security
In order to implement a few immediate measures to effect positive changes,
what recommendations should cybersecurity professionals follow? Discuss
all available frameworks, legislation and regulatory requirements on which
information security professionals can base their proposal(s).
According to the provided case study, an online real estate agency Relocate4U is
offering the services of buying and selling the services to the population of the UK. However,
this agency has achieved significant popularity by their services the Cyber Security team has
mentioned that there is a necessity of enhancing the security policy in order to provide more
effective services which will help to gain more popularity not only in the UK but across the
world. Thus, being a Cyber Security analyst I have found several recommendations which
will surely help the organization to meet its desired objective. According to Abomhara
(2015), considering the three major aspects of Cyber Security which includes Confidentiality,
Integrity, and availability the recommendations are as follows, initially, the cybersecurity
team must develop effective cybersecurity policies as well as it must include new software
technologies which have high protecting capabilities compared to the older systems. Along
with that in order to effectively operate that system, training providing the knowledge about
that system is necessary. Followed by the above aspect it is also recommended to incorporate
such systems which can identify and alert the information network during or before any
malicious attack. In order to protect the resources from highly malicious attack, it is essential
the government should also introduce such a technique which can prevent the Cyber-attacks.
Apart from these aspects, it is also recommended to reduce the utilization of complex system
structure in the IT services, since the utilization of complex system increase the possibility of
getting hacked. Followed by the above risk mitigation techniques the organization must
incorporate employ training programme in order to educate the employees about prevention

2Computer Security
of new cyber-attacks as well as it will also help to provide the user guide of new
technologies. Apart from the above aspects the cyber security team must consider the data
confidentiality factor, integrity factors as well as the data availability factors thus it is
recommended to opt for strong password protection as well as the utilization of Virtual
Private Network (VPNs) which will help to enhance the information confidentiality and
information integrity as well (Guitton 2013). Thus based on the scenario provided in the case
study in order to enhance the service by improving the organizational cyber security the
Cyber Security developer should follow the above recommendation.
As a security analyst of the real estate agency it has been observed that the
organization must improve its security services since the vulnerability information network is
increasing rapidly day by day it is determined that in order to provide effective solution to the
Relocate4U for the betterment of their Cyber Security the framework of United Kingdom’s
National Cyber Security Strategy has been followed. The three major aspects of cybersecurity
is the information confidentiality, integrity, and availability. In order to improve the services
of Relocate4U, the Cyber Security manager must incorporate the techniques considering
these factors (Atoum, Otoom and Abu 2014). Thus, according to the strategies of UK’s
National Cyber Security, it has several significant objectives which can help to enhance the
cybersecurity procedure of an organization which includes the ability of the organization to
defend themselves from the cyber threats and it demands quick response to the cyber-attack
as well. Another significant objective of this framework is to provide effective threat
detection capability to all the organization in order to identify, detect and understand the
threat as well as it must decide what action needs to be taken in order to mitigate the threat
factors. Along with these is framework also demands the capability to develop such
technologies which will prevent the organization from the possible threats. Thus, followed by
these objectives the government of UK has assumed to get a safe long-term future of

3Computer Security
cyberspace for the betterment of the national economic status as well as the UK’s national
data security. Along with this, the regulatory requirements are needed to protect the
organizational information system as well as it will apply the rectification method to reduce
the threat factors of the organization Relocate4U. The regulatory elements are firewalls,
encryption process, anti-virus software, prevention methods, utilization of strong password as
well as the intrusion detection (Shackelford et al. 2015). Thus, being a Cyber Security analyst
it is suggested to the Cyber Security operation manager to consider the framework of UK’s
National Cyber Security and develop an effective cybersecurity policy for the betterment of
the mentioned organization along with this the developers are suggested to develop
innovative implementation which can be utilized to reduce the risk factor of the organization
as well as for the enhancement of the UK’s National Cyber Security Strategy.
Critically discuss long-term initiatives to encourage positive change with
regards to assessing security risk and maintain privacy in a corporate
environment. What kind of security risk assessment methodologies can be
identified for better mapping of the threat landscape? Provide a detailed
comparison of these methodologies with clear links to the case study.
According to the case study, it has been observed that the organization is assumed to
provide better privacy concern to the user. However, the organization has utilized the
penetration testing methodology in order to monitor the security concern the cybersecurity
manager wants to incorporate an advanced security monitoring methodology. Thus, in order
to provide an effective solution to enhance the service area a risk assessment is essential
which will provide a brief idea about where the new monitoring tool should mainly focus.
According to Carr (2016) in order to identify the enhancement factors present in the case
scenario, a security risk assessment should be conducted. Based on the case scenario it has

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4Computer Security
been noticed that the organization is mainly concerned about the confidentiality of
organizational as well as the user information whereas by the utilization of Penetration testing
it has grown to a huge extent the Cyber Security manager has expressed the interest toward
the enhancement of the information handling. In order to provide an effective solution for the
betterment of the information confidentiality to the online real estate website named
Relocate4U, the advanced cybersecurity approach has offered an effective strategy. In order
to provide high security to the organization as well as to the user information, the
organization should opt for a data confidentiality strategy which will include the process of
securing the information by applying strong passwords to the information resources (Singh
2013). Apart from this, the strategy should also opt for the utilization of cloud storage which
will help to reduce the possibility of data loss. Followed by the above approaches they should
also incorporate the concept of cryptography, as this method offers the concept of securing
data by the encryption and decryption (Bennett and Brassard 2014). However. Before
applying these strategies to protect the data there is a significant responsibility to analyze and
determine the sensitive areas.
Based on the aspects of information confidentiality there are many security
monitoring methods are present however Relocate4U has utilized the penetration testing in
order to provide protection to their information. According to the study of Liao et al. (2013)
as it is my responsibility to suggest new trending, as well as an effective methodology,
monitor the security concerns of the organization, the method of IDS-IPS has been chosen in
which IDS stands for Intrusion Detection System and IPS stands for Intrusion Prevention
System. IDS is one of the most effective network monitoring technique which detects the
malicious actives from the information network or organizational server, along with this it
also filters the fake alerts from a significant number of alerts present in any organizational
network and responds with the identification of risk alert. This is an effective process of

5Computer Security
threat detection as this works in several fields which includes the network field and the host
field. Along with these, the approach has two types of threat detection method such as
Signature-based and Anomaly-based. Signature-based detection process follows the detection
by analyzing the network traffic whereas the Anomaly-based detection process utilizes the
machine learning concept in order to detect the threats (Modi et al. 2013). Followed by the
above threat detection approaches in order to complete the security monitoring process IPS-
the Intrusion Prevention System needs to be implemented. According to Buczak et al. (2016)
IPS works to prevent the system from the malicious attacks based on the observation report
of the previous attacks. This approach offers the prevention technique in different fields
which includes Network-based IPS, Wireless IPS, Network Behaviour Analysis, Host-based
IPS followed by the application of three detection techniques which includes Signature-based
detection, Statistical Anomaly-Based Detection, Stateful protocol analysis detection (Modi et
al. 2013). According to the case scenario, the real estate agency has decided to follow-up
advance technology to improve their approach towards information confidentiality, it is
suggested to implement IDS-IPS into their cybersecurity model.
The incorporation of IDS-IPS can have a significant effect on the betterment of the
computer security or cybersecurity of the mentioned organization. As customer data security
is one of the major aspects of Relocate4U agency it is essential to incorporate the advance
security methodology. Whereas, according to the case study the organization is using the
Penetration Test to monitor the concerns of cyber security which has led the organization to a
high extent by engaging significant numbers users to their website, they have expressed
interest towards incorporating advance monitoring tools. Thus, the application of IDS-IPS
has been suggested to the Cyber Security team of Relocate4U which will surely enhance the
information confidentiality of the mentioned organization. Along with this, it will also help
the organization to achieve its desired goal.

6Computer Security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7Computer Security
Reference:
Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats,
intruders and attacks. Journal of Cyber Security and Mobility, 4(1), pp.65-88.
Atoum, I., Otoom, A. and Abu Ali, A., 2014. A holistic cyber security implementation
framework. Information Management & Computer Security, 22(3), pp.251-264.
Bennett, C.H. and Brassard, G., 2014. Quantum cryptography: public key distribution and
coin tossing. Theor. Comput. Sci., 560(12), pp.7-11.
Liao, H.J., Lin, C.H.R., Lin, Y.C. and Tung, K.Y., 2013. Intrusion detection system: A
comprehensive review. Journal of Network and Computer Applications, 36(1), pp.16-24.
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A. and Rajarajan, M., 2013. A survey of
intrusion detection techniques in cloud. Journal of network and computer applications, 36(1),
pp.42-57.
Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity
framework on shaping reasonable national and international cybersecurity practices. Tex. Int'l
LJ, 50, p.305.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2),
pp.1153-1176.

8Computer Security
Carr, M., 2016. Public–private partnerships in national cyber-security
strategies. International Affairs, 92(1), pp.43-62.
Guitton, C., 2013. Cyber insecurity as a national threat: overreaction from Germany, France
and the UK?. European Security, 22(1), pp.21-35.
Bibliography:
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Xing, T., Huang, D., Xu, L., Chung, C.J. and Khatkar, P., 2013, March. Snortflow: A
openflow-based intrusion prevention system in cloud environment. In 2013 Second GENI
Research and Educational Experiment Workshop (pp. 89-92). IEEE.