WIE3003 - Evaluating Information System Security in Facebook

Verified

Added on 2023/06/13

AI Summary

This research paper delves into the information system security challenges within Facebook, focusing on core concepts such as confidentiality, integrity, availability, non-repudiation, authentication, and authorization. It examines specific areas like registration and login processes, access control models, and secure communication channels, highlighting vulnerabilities and potential threats in each. The paper discusses issues arising from social logins, consulting access policies, and the security of message exchanges, emphasizing the risks of data breaches, unauthorized access, and impersonation. Ultimately, the report recommends measures to enhance Facebook's security, including enforcing HTTPS browsing, implementing two-factor authentication, educating users, employing parental controls, tightening privacy settings, and ensuring complete account deletion to mitigate privacy and security risks.

Running head: INFORMATION SYSTEM SECURITY IN FACEBOOK
Information System Security in Facebook
Name of the Student
Name of the University
Authors Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SYSTEM SECURITY IN FACEBOOK
Introduction
Facebook is a most popular social media that has garnered popularity all over the world.
However, there are security issues with Facebook that are discussed in this research paper
(Zlatolas et al., 2015). The information security concepts that are examined in this research paper
are confidentiality, integrity, availability, non-repudiation, authentication and authorization
related to Facebook. The given information security concepts are necessary to prevent
information of Facebook from being corrupted, unauthorized access and modified. The purpose
of this research paper is to analyze the information security concepts related to Facebook along
with the challenges posed by this concepts.
Discussion
Registration and login
The registration and login in Facebook gives authority to the user to be a member in
Facebook or use their account. The social login is the aspect of registration and login in
Facebook (Wang et al., 2014). The registration and login in Facebook uses basic information
every time an individual log in and the issues related with Facebook are given in the following
paragraph.
The issues in Facebook due to social login aspect in terms of confidentiality, integrity,
availability, non-repudiation, authentication, and authorization are as follows. The confidentiality
issue in Facebook are concerns that sensitive information of users can be collected by the
Facebook (Miron & Ravid, 2015). This can result in data breach where hackers can hack
Facebook and misuse the data and Facebook through collects sensitive data shows that there are
issues with it. The integrity issue in Facebook is that anonymously searching on Facebook can be
dangerous as attackers can identify the user and its data that can be misused (Gritzalis et al.,
2014). The availability issue in Facebook is that the users always do not make difficult
passwords to login in Facebook as they find it difficult to remember the password. This poses
issues that people can be attacked using simple hacking technique (Zhang et al., 2014). The non-
repudiation issue in Facebook is that users can be attacked with real-time proxy where there is
less control on losing of data. This is a serious issue where users are on a verge of loss of data.
The authentication issue in Facebook is that the encryption of text or data in Facebook can be
broken and stole to view the text or message (White, 2016). This proves that there is limited
scope of safety of messages and data in Facebook. The authorization issue in Facebook is that
people with multiple accounts can have issues related to authorization where the userid is
sometimes not reliable to access Facebook.
Access Control
The access control model in Facebook is a systemization of composed polices that are
based on a particular set of functions and features in the information system. This model
facilitates regulation and authorization to access data (Oh et al., 2016). The most important
access model is access model based on consulting access policies. This access control model is
important in Facebook due to various factors. Facebook has lots of people and some of them are
real and some are fake. However, there are several issues that arise due to consulting access
policies. They are described in the following paragraph.
The issues in Facebook due to consulting access policies, in terms of confidentiality,
integrity, availability, non-repudiation, authentication and authorization are as follows. The

2INFORMATION SYSTEM SECURITY IN FACEBOOK
confidentiality issue in Facebook can be explained through an example of a new client dealing
with the company (Hajli & Lin, 2016). The new client is dealing with the company but somehow
the deal does not resulted any profit. The company’s manager will be curious to find the
employee on Facebook to know about him/her personal life. This shows that there is
confidentiality issue where a person requires to check a person on Facebook to know about
him/her only for personal reasons (Kang et al., 2015). The integrity issue in Facebook can be
explained by the example of a firm. A firm’s owner asked his staff to get maximum likes for his
firm and workers tried to make a fake page to like the firm by clicking a button. This shows that
Facebook has integrity issue where fake and real cannot be distinguished (Turban et al., 2017).
The availability issue in Facebook is that everything available on Facebook is sometimes not
correct or genuine. The attackers generate the fake pages or contents or links to trap users. The
availability issue in Facebook are also where online advertisement are whether criticized or
appreciated resulting in whether growth or decrease of company’s business (Nadeem et al.,
2015). The non-repudiation issue in Facebook are when a user is not able to verify its own
account on Facebook. The users make more than one account and it poses difficulty to identify
which one is real and which one is fake. The access to Facebook account poses an issue due to
non-repudiation as user can be affected due to fake people posing as the person from which a
user was expecting message in Facebook (Marwick & Boyd, 2014). The authentication issue in
Facebook is that it can affect people if they are not authenticated to do any further processes in
Facebook. The authentication issue poses problem as people can be breached if not authenticated
and their sensitive information will be lost (Townsend & Wallace, 2016). The authorization issue
in Facebook is that it can affect an individual in a way that user without authorization can be a
hacker who is trying to misuse Facebook and steal its information.
Secure Communication
The secure communication in Facebook is represented as messages going in and out of
Facebook. The secure communication in Facebook poses several issues due to the aspects that
communications may be secure or insecure (Watson & Rodrigues, 2018). There are several
issues of secure communication in Facebook that poses threats for privacy and security of
Facebook.
The issue in Facebook due to aspect of secure communication can be described in terms
of confidentiality, integrity, availability, non-repudiation, authentication, and authorization. The
confidentiality issue in Facebook is that insecure communication is not confidential completely
as it goes through third party providers in Facebook (Zhang, & Gupta, 2016). This poses issue
that communication through messages can be misused and publicized in very negative way. The
integrity issue in Facebook is that messages can be modified if attacked by any third party
causing major havoc (Gafni & Nissim, 2014). This will result in user getting wrong or
misleading information that can trap the user. The availability issue in Facebook is that messages
are available to third parties and they cannot be trusted whether they will be available in its
initial form to the recived person or in a modified way ((Fox-Brewster, 2016)). This issue poses
challenges for secure communication where there is no guarantee of available data to be original
if attacked by the hackers (Titcomb, 2017). The non-repudiation issue in Facebook is that the
communication in Facebook through messages or post can be impersonated to confuse the user
in the other end. This issue can confuse the other end user and they might get trapped in the
attackers messages where not only security or privacy issues are concerned but social issues such
as harassment can also occur (Kumar, Saravanakumar & Deepa, 2016). The authentication issue

3INFORMATION SYSTEM SECURITY IN FACEBOOK
in Facebook is that people who are not authenticated on Facebook, they can use Facebook for
stalking and harassing other users with luring comments and messages. This can turn into a
major issue where the user receiving this message is unknown with the real identity of the person
(Lillington, 2016). The authorization issue in Facebook is that people who are not authorized
with Facebook to share or communicate, finds alternate ways to communicate. This poses issue
where people who are not authorized uses fake identity to create account and poses as an
authorized person to misuse the data of victims available on Facebook.
Conclusion and recommendations
The above discussions shows that there is a need to take some important measures to
solve the issues of Facebook related to privacy and security. The solutions for issues related to
privacy and security of Facebook are as follows.
 Enforcing full HTTPS Browsing- This will ensure that no one is able to snoop into
user’s conversation even if Facebook is browsed through any untrusted connection.
 Implementation of Two-Factor authentication- The two-factor authentication will
improve the security and privacy of Facebook which will require two layers of security.
 Educating users- Users should be educated about Facebook security and privacy as there
are still some areas which are not understood by users or they do not know.
 Parental controls- Parental controls will prevent children from misusing Facebook and
will allow them limited access to Facebook.
 Tightening recommended privacy control- Recommendation privacy control will help
to allow filtering unknown people from Facebook list and improving the way people
search other people on Facebook.
 Deleting account permanently- Facebook account should be properly deleted for
permanently along with all the data available on Facebook. This should ensure that there
is no data left related to an individual’s Facebook account.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SYSTEM SECURITY IN FACEBOOK
References
Fox-Brewster, T. (2016). Forbes Welcome. Forbes.com. Retrieved 12 April 2018, from
https://www.forbes.com/sites/thomasbrewster/2016/06/29/facebook-location-tracking-
friend-games/#798aa39835f9
Gafni, R., & Nissim, D. (2014). To social login or not login? Exploring factors affecting the
decision. Issues in Informing Science and Information Technology, 11, 57-72.
Gritzalis, D., Kandias, M., Stavrou, V., & Mitrou, L. (2014). History of information: the case of
privacy and security in social media. In Proc. of the History of Information
Conference(pp. 283-310).
Hajli, N., & Lin, X. (2016). Exploring the security of information sharing on social networking
sites: The role of perceived control of information. Journal of Business Ethics, 133(1),
111-123.
Kang, R., Dabbish, L., Fruchter, N., & Kiesler, S. (2015, July). my data just goes everywhere:”
user mental models of the internet and implications for privacy and security.
In Symposium on Usable Privacy and Security (SOUPS) (pp. 39-52). Berkeley, CA:
USENIX Association.
Kumar, S., Saravanakumar, K., & Deepa, K. (2016). On Privacy and Security in Social Media–A
Comprehensive Study. Procedia Computer Science, 78, 114-119.
Lillington, K. (2016). Is Facebook facing up to privacy and security concerns?. The Irish Times.
Retrieved 12 April 2018, from https://www.irishtimes.com/business/technology/is-
facebook-facing-up-to-privacy-and-security-concerns-1.2285942
Marwick, A. E., & Boyd, D. (2014). Networked privacy: How teenagers negotiate context in
social media. New Media & Society, 16(7), 1051-1067.
Miron, E., & Ravid, G. (2015). Facebook Groups as an Academic Teaching Aid: Case Study and
Recommendations for Educators. Journal of Educational Technology & Society, 18(4).
Nadeem, W., Andreini, D., Salo, J., & Laukkanen, T. (2015). Engaging consumers online
through websites and social media: A gender study of Italian Generation Y clothing
consumers. International Journal of Information Management, 35(4), 432-442.
Oh, S. J., Benenson, R., Fritz, M., & Schiele, B. (2016, October). Faceless person recognition:
Privacy implications in social media. In European Conference on Computer Vision(pp.
19-35). Springer, Cham.
Titcomb, J. (2017). Five ways you can change your Facebook profile to take your privacy
back. The Telegraph. Retrieved 12 April 2018, from
https://www.telegraph.co.uk/technology/2016/03/18/five-tricks-to-take-back-your-
privacy-on-facebook/
Townsend, L., & Wallace, C. (2016). Social media research: A guide to ethics. University of
Aberdeen.

5INFORMATION SYSTEM SECURITY IN FACEBOOK
Turban, E., Outland, J., King, D., Lee, J. K., Liang, T. P., & Turban, D. C. (2017). Electronic
Commerce 2018: A Managerial and Social Networks Perspective. Springer.
Wang, Y., Leon, P. G., Acquisti, A., Cranor, L. F., Forget, A., & Sadeh, N. (2014, April). A field
trial of privacy nudges for facebook. In Proceedings of the SIGCHI conference on human
factors in computing systems (pp. 2367-2376). ACM.
Watson, H., & Rodrigues, R. (2018). Bringing Privacy into the Fold: Considerations for the Use
of Social Media in Crisis Management. Journal of Contingencies and Crisis
Management, 26(1), 89-98.
White, C. M. (2016). Social media, crisis communication, and emergency management:
Leveraging Web 2.0 technologies. CRC press.
Zhang, K., Liang, X., Shen, X., & Lu, R. (2014). Exploiting multimedia services in mobile social
networks from security and privacy perspectives. IEEE Communications
Magazine, 52(3), 58-65.
Zhang, Z., & Gupta, B. B. (2016). Social media security and trustworthiness: overview and new
direction. Future Generation Computer Systems.
Zlatolas, L. N., Welzer, T., Heričko, M., & Hölbl, M. (2015). Privacy antecedents for SNS self-
disclosure: The case of Facebook. Computers in Human Behavior, 45, 158-167.