Data and System Security Assignment - [Course Name] Overview

Verified

Added on 2020/03/13

AI Summary

This assignment delves into the multifaceted realm of data and system security, encompassing a range of critical topics. It begins by categorizing security policies into regulatory, advisory, and informative types, highlighting their distinct purposes. The assignment then outlines the responsibilities of a security director, emphasizing their role in coordinating security strategies, managing security components, and overseeing risk management. A significant portion is dedicated to exploring emerging technologies in hardware authentication, specifically focusing on their application in protecting databases and securing networks. The discussion includes the problems addressed, such as password management and security sourcing, as well as the business benefits like cost efficiency and enhanced accountability. Furthermore, the assignment addresses the impact of the internet on ICT systems and the evolving expectations of businesses regarding information technology, emphasizing the integration of wireless technologies and the need for efficient service delivery. The conclusion underscores the importance of wireless appliances and services in improving business operations and facilitating constant communication with stakeholders. The assignment incorporates references to support its claims and analysis.

Running head: DATA AND SYSTEM SECURITY
Assignment
[Student Name Here]
[Institution’s Name Here]
[Professor’s Name Here]
[Date Here]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DATA AND SYSTEM SECURITY 2
Question 1
Security policies categories
a. Regulatory – a security policy that outlines the legal statements of an entity,
answering the questions of what and why they are required. In most cases, this group
of polices are used for audit and compliance purposes.
b. Advisory – Based on security best practices, this policy category advises the parties
involved, businessmen and the likes, on the policies related to computer systems.
c. Informative – A default or catch all policy type that handles all other policies not
covered by the previous two. Therefore, it will apply to any entity, from business
units to vendors.
Question 2
Responsibilities of a security director:
a. The coordination of all security strategies, including the goals of the business.
b. Secondly, the management of all security component of a business, which
includes business assets and vendors i.e. components such as intellectual property
and ICT systems.
c. Oversees the identification of protection objectives based on the strategic plans.
d. Managing the implementation process of all security policies i.e. standards,
guidelines and procedures for maintaining security.
e. Engaging local and other law enforcement agencies to maintain a good working
relationship.
f. Heading all investigations pertaining to security breaches.
g. Assessing an organization’s risk management frameworks.

DATA AND SYSTEM SECURITY 3
h. Finally, coordinating with independent bodies in order to execute an
organization’s security audits (Rhodes-Ousley, 2013).
Question 3
Emerging technology: Hardware authentication
Topic one: Protecting Databases using hardware authentication
Description: Traditional security systems such as firewalls and other applications, expose
databases too many security problems as they operate based on single operational factors i.e.
passwords. This problem can be solved using hardware encryption where the overall access
to systems is done at a physical level of the servers themselves i.e. the Integrated circuits
(Shahrak, 2016).
Problems addressed by the technology
Managing passwords - Users today have to contend with many access passwords, this
includes database administrators who manage countless servers in organizations. Through
hardware authentication, special factors such as those of physically unclonable functions
(PUF) can replace passwords all together in server systems (Lindemann, 2014).
Storage efficiency - conventional authentication techniques require proprietary servers i.e.
storage which increases the storage requirement. However, with the technology outlined
above, each physical component can serve as its own security structure.
Business benefits
First, it's cost efficient to an organization as minimal resources would be needed to protect a
single database component. Therefore, instead of having a special proprietary server for
access control, each server (database storage) can hold its own authentication procedures.
Secondly, the room for errors is greatly narrowed as few individuals can clone the access

DATA AND SYSTEM SECURITY 4
procedures. In fact only those with physical access, which provides another added benefit to a
business, that of accountability (Shahrak, 2016).
Topic two: Hardware authentication in networks
Description: Secure entry into networks is usually done using secret keys and cryptographic
systems that use other additional secret keys. Although readily sufficient today, they are not-a
–fit-all solution and have their own problems more so, if they are compromised. Hardware
authentication would integrate security chips into network devices to anchor the software
authentication services. These chips would, therefore, secure the access keys and
cryptographic processes (Klimke & Haid, 2016).
Problems solved
Security sourcing and certification – having a unique hardware storage for access codes or
keys can guarantee the certification of the access data provided. This outcome is met by
assessing the source of the access factors (Shahrak, 2016)
Security tampering - software security packages are easy to read and re-write which makes it
easier to extract access keys. However, hardware security components such as security
controllers can house secret keys similar to the storage of confidential documents in a vault.
Benefits to business
First, a business is able to protect its intellectual property as there are minimal duplication
instances. This outcome facilitates the growth of businesses as new ideas are capitalised on
by an organization. Secondly, it decreases the resources used to offer access to network
components as they are all sourced from the security controller. Furthermore, it increases
accountability in an enterprise as log files are provided when accessing the hardware security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DATA AND SYSTEM SECURITY 5
structures. Therefore, hardware authentication in networks would offer a functionality similar
to that seen when in accessing physical devices (Lindemann, 2014).
Question 4
Yes, the internet is a major driving force of ICT systems, for one, consider the advances seen
in telecommunication where information is easily transferred using IP (internet protocol)
structures. This outcome has helped integrate data of various form such as voice and video
into one medium. In fact, consider the example of VoIP (Voice over IP) which has helped
increase the reach of telecommunication services over a much wider audience. Furthermore,
consider the networks that are seen today, more so, the wireless connections such as WLAN
that include Wi-Fi hotspots. It is the peoples’ desire to connect to the worldwide web that has
led to these advancements in network technology. Finally, consider the general IT systems
such as information systems and other forms of data/information dissemination. The internet
has increased their reach exponentially as users can access them from any location and even
time (Borcuch, Pilat-Borcuch & Kaczor, 2005).
Question 5
Business today no longer view information technology as a supplementary tool as seen in the
past, instead, its components such as the internet, intranet and extranet as seen as vital
operational components that can shift business outcomes (Belleghem, 2016). Therefore,
businessmen and women expect these components to yield better results as they hold more
information with regards to the consumers. Moreover, consider the consumer themselves who
expect rapid and efficiently delivered services which were unheard of in the past. In essence,
a business minded individual expects clever solutions from the internet and its affiliated
systems so as to build stronger and better relations with the customers. A justification of this
conclusion are the figures given by Eurostat studies where over 77 percent of businesses

DATA AND SYSTEM SECURITY 6
today use the internet for business operations more so, through online adverts that are
estimated to have an 80 percent preference (Eurostat, 2016).
Question 6
First, the question should not even consider a future outcome as the results are already seen
today. Wireless appliances, information and services have helped improve business through
the positive reinforcements they provide. For one, through mobile gadgets such as
smartphones, tablets and laptops information is readily provided to the users such as
businesses and end users. This outcome increases the availability of services which increases
the business operations through the regular access of computerised business services.
Furthermore, wireless information enables businesses to have constant contacts with their
audiences such as customers, suppliers and employees (BSR, 2012).
References
Belleghem. S. (2016). How technology is changing your customers’ expectations. Chartered
management institute. Retrieved 11 August, 2017, from:
http://www.managers.org.uk/insights/news/2016/august/how-technology-is-changing-
your-customers-expectations
Borcuch. A, Piłat-Borcuch. M & Świerczyńska-Kaczor. U. (2005). The Influence of the
Internet on globalization process. Journal of Economics and Business Research.
Retrieved 11 August, 2017, from:
http://www.uav.ro/jour/index.php/jebr/article/download/348/pdf_111
BSR. (2012). Socioeconomic Impacts of Wireless Technology. A Review of Opportunities
and Challenges in Health Care, Finance, Education and Community Empowerment.

DATA AND SYSTEM SECURITY 7
Retrieved 11 August, 2017, from:
http://g3ict.org/download/p/fileId_920/productId_233.
Eurostat. (2016). Internet advertising of businesses - statistics on usage of ads. Statistics
explained. Retrieved 11 August, 2017, from: http://ec.europa.eu/eurostat/statistics-
explained/index.php/Internet_advertising_of_businesses_-
_statistics_on_usage_of_ads
Klimke. M & Haid. J. (2016). Hardware-based Secure Identities for machines in smart
factories. Infineon. Retrieved 11 August, 2017, from:
https://www.infineon.com/dgdl/Infineon-Hardware-
based+Secure+Identities+for+machines+in+smart+factories-WP-v06_16-EN.pdf?
fileId=5546d46254e133b401557ce235c85850
Lindemann. R. (2014). The Evolution of Authentication. The Role of Secure Hardware in
Overcoming Authentication Challenges. Retrieved 11 August, 2017, from:
https://fidoalliance.org/wp-content/uploads/2014/12/fido.pdf
Rhodes-Ousley. M. (2013). Information Security. The complete reference. Retrieved 11
August, 2017, from:
http://www.flow.com.sa/EN/img/books/InformationSecurityEnglish.pdf
Shahrak. M. (2016). Secure and lightweight hardware authentication using isolated physical
unclonable function. University of Nebraska – Lincoln. Retrieved 11 August, 2017,
from: http://digitalcommons.unl.edu/cgi/viewcontent.cgi?
article=1120&context=computerscidiss