SBM4304 IS Security and Risk Management: IoT Security Threats Report
VerifiedAdded on  2023/01/12
|9
|2696
|50
Report
AI Summary
This report, focusing on IS Security and Risk Management (SBM4304), provides an overview of security challenges associated with Internet of Things (IoT) devices within an organization. It begins with an introduction to IoT devices and their applications, followed by an analysis of recent attacks, including data leakage, crypto-jacking, and data misuse. The report then outlines three key countermeasures: virtual private networks (VPNs), antivirus software, and multi-layered security systems. Furthermore, it delves into authentication protocols specific to IoT devices. The report concludes by emphasizing the importance of proactive security measures to safeguard data and maintain operational integrity in the face of evolving cyber threats. The report uses the MBC organization as a case study, a large private free-to-air satellite broadcasting company based in Dubai, United Arab Emirates.
SBM4304 IS Security and Risk
Management
1
Management
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
INTRODUCTION...........................................................................................................................3
Internet of Things Devices and Their Application......................................................................3
Resent Attacks against Internet of Devices.................................................................................4
Three Countermeasures used to prevent......................................................................................6
Authentication Protocols for Specific Internet of Things............................................................7
CONCLUSION................................................................................................................................8
REFERENCES................................................................................................................................9
2
INTRODUCTION...........................................................................................................................3
Internet of Things Devices and Their Application......................................................................3
Resent Attacks against Internet of Devices.................................................................................4
Three Countermeasures used to prevent......................................................................................6
Authentication Protocols for Specific Internet of Things............................................................7
CONCLUSION................................................................................................................................8
REFERENCES................................................................................................................................9
2
INTRODUCTION
All the computer devices are subject to security threats and privacy threats. Security and
privacy issues are now common in current time. There are different types of risk with mobile and
smart digital devices that are carry people in routine time (Sauerwein, Sillaber and Breu, 2018).
Risk management can be explained as process or practice that is used by the organization or
people to identify the potential risks in advance, analysing them and taking preventive decisions
and steps in order to minimise the chances of risk in organization operations and functions. This
report is about the MBC Organization which is one of the largest private free to air satellite
broadcasting company. Company was founded in year 1991 and headquarter of organization is in
Dubai, United Arab Emirates. This report is providing brief of security and privacy threats to the
internet things of Thing devices that are used by the people with in the organization. Different
type of protection techniques also will be explained in the report and the process will be
explained to mitigate the threat in order to keep information and data of people safe. Two
different authentication protocols are used for Internet of thing devices will be explained in the
report.
Internet of Things Devices and Their Application
Internet of the things is mainly explained as a technological system that is consists of
interrelated computing devices, digital machines and mechanical equipment and provided with
unique identifiers along with ability to transfer data over a network with out requiring any type
of interference human throughout the process. There are different devices which are considered
as internet of thing devices that are connected to customer. For example Smart Television, smart
speaker, Wearable devices, smart appliances, commercial security system, smart meter and smart
city technologies (Zarei and Sadoughi, 2016). For the business organization the Internet of thing
device sare considered as environment in which web enabled devices are connected with sensors,
hardware of communication devices, processers that are used to collect, process and share the
data between different computer networks. There are different internet of thing devices are used
in the business organization that are important for the internal and external operation of the
company. Some the main devices that are used in the business organization are- Sensors,
printers, Tablets, mobile phones and computer devices. These main devices that are used in
business organization to perform their operation with high efficiency. These devices are most
3
All the computer devices are subject to security threats and privacy threats. Security and
privacy issues are now common in current time. There are different types of risk with mobile and
smart digital devices that are carry people in routine time (Sauerwein, Sillaber and Breu, 2018).
Risk management can be explained as process or practice that is used by the organization or
people to identify the potential risks in advance, analysing them and taking preventive decisions
and steps in order to minimise the chances of risk in organization operations and functions. This
report is about the MBC Organization which is one of the largest private free to air satellite
broadcasting company. Company was founded in year 1991 and headquarter of organization is in
Dubai, United Arab Emirates. This report is providing brief of security and privacy threats to the
internet things of Thing devices that are used by the people with in the organization. Different
type of protection techniques also will be explained in the report and the process will be
explained to mitigate the threat in order to keep information and data of people safe. Two
different authentication protocols are used for Internet of thing devices will be explained in the
report.
Internet of Things Devices and Their Application
Internet of the things is mainly explained as a technological system that is consists of
interrelated computing devices, digital machines and mechanical equipment and provided with
unique identifiers along with ability to transfer data over a network with out requiring any type
of interference human throughout the process. There are different devices which are considered
as internet of thing devices that are connected to customer. For example Smart Television, smart
speaker, Wearable devices, smart appliances, commercial security system, smart meter and smart
city technologies (Zarei and Sadoughi, 2016). For the business organization the Internet of thing
device sare considered as environment in which web enabled devices are connected with sensors,
hardware of communication devices, processers that are used to collect, process and share the
data between different computer networks. There are different internet of thing devices are used
in the business organization that are important for the internal and external operation of the
company. Some the main devices that are used in the business organization are- Sensors,
printers, Tablets, mobile phones and computer devices. These main devices that are used in
business organization to perform their operation with high efficiency. These devices are most
3
common in business organization and important to maintain their business operation in target
market.
Computer Devices
Computer devices are most common in the business organization. Most of operations of
the organization are based on the computer. These devices are used by the organization for the
monitoring of all operations around the word (Tupa, Simota and Steiner, 2017). All the
organizations uses these computer devices that are used by the organization to collect, store,
process and distribute the information within the computer network to maintain effective transfer
of information within the organization.
Mobile Devices
As per the operations of the MBC organization the employees are allowed to use their
personal devices in the organization to complete their assigned operations. Mobile devices are
mainly used by the employees to maintain effective communication between various
departments of the company to maintain effective operations within the organization.
Printers
Printer are use in the organization to generate the hard copy of the data and information
available to the company (Singh and Joshi, 2017). These devices are provided to each
department in the organization. Printers are most common in the organizations like MBC which
is based on data sharing and broadcasting.
Sensors
Sensors are used in the organization to improve their operations in organization. The
sensors that are used in the organization in various equipment and systems to collect data and
information from various systems (Sauerwein, Sillaber and Breu, 2018). These sensors are used
by the organization to maintain effective flow of information in the organization procedure.
There are some common internet of things devices that are used in the business
organizations for maintain their effective performance in the internal operations. main operations
of these devices is to maintain effective communication and data transfer.
Resent Attacks against Internet of Devices
Data Leakage
4
market.
Computer Devices
Computer devices are most common in the business organization. Most of operations of
the organization are based on the computer. These devices are used by the organization for the
monitoring of all operations around the word (Tupa, Simota and Steiner, 2017). All the
organizations uses these computer devices that are used by the organization to collect, store,
process and distribute the information within the computer network to maintain effective transfer
of information within the organization.
Mobile Devices
As per the operations of the MBC organization the employees are allowed to use their
personal devices in the organization to complete their assigned operations. Mobile devices are
mainly used by the employees to maintain effective communication between various
departments of the company to maintain effective operations within the organization.
Printers
Printer are use in the organization to generate the hard copy of the data and information
available to the company (Singh and Joshi, 2017). These devices are provided to each
department in the organization. Printers are most common in the organizations like MBC which
is based on data sharing and broadcasting.
Sensors
Sensors are used in the organization to improve their operations in organization. The
sensors that are used in the organization in various equipment and systems to collect data and
information from various systems (Sauerwein, Sillaber and Breu, 2018). These sensors are used
by the organization to maintain effective flow of information in the organization procedure.
There are some common internet of things devices that are used in the business
organizations for maintain their effective performance in the internal operations. main operations
of these devices is to maintain effective communication and data transfer.
Resent Attacks against Internet of Devices
Data Leakage
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
This is the most common issue that is faced by the digital devices that are connected to
the internet. Data Leakage is related to the stealing of data from people by practices like hacking.
There are different people are connected to the internet and they used to save their information
on these devices for quicker access (Peltier, 2016). This information can be steal by the hacker
by accessing the personal information saved on their personal devices which are used within the
company premises. There are different applications are stored in the storage of the device. In the
computer and internet server there are some gaps in the internet band widths. These gaps can be
used by the hackers to hack into the storage devices used by the employees (Agrawal, 2017). The
applications that are consists of malware also can harm the network through the personal mobile
phone when it is connected to the company network. This type of incident was occur in year may
2019 where data of 137 million people was leaked from Canva Australian Graphic Design tool
website. Effective firewaa can be used in the organization o prevent data loss also multy layer
security system can be used in the MBC organization to maintain security process in the
company operations.
Crypto Jacking Attacks
The other common threat for the personal digital devices like mobile phone and network.
In current time these attacks are continuously increasing and affecting many people around the
world. In this is process employee or organization receives a mail that is consists of malware
program that is consists of ransom ware malware. These malware is consists of program that get
installs in the device as it is open in the device (Hoffmann, Kiedrowicz and Stanik, 2016). As it
runs on the ram it starts to convert the information and data available in the device into
cryptography with unknown. This is how user will not be able the data available in the personal
device (Hoffmann, Kiedrowicz and Stanik, 2016). The people who made these malware then ask
for ransom from the user to extract the information that is encrypted by the malware. This is how
this is major threat for the organization like MBC. This type of attack was occur in year 2018
and 2019 where people of the specific organizations has been targeted by the hackers to collect
ransom in return of data recovery. This type of security attacks can be prevented by using better
antivirus system and virtual private network for the IOT devices in organization.
Data Misusing
5
the internet. Data Leakage is related to the stealing of data from people by practices like hacking.
There are different people are connected to the internet and they used to save their information
on these devices for quicker access (Peltier, 2016). This information can be steal by the hacker
by accessing the personal information saved on their personal devices which are used within the
company premises. There are different applications are stored in the storage of the device. In the
computer and internet server there are some gaps in the internet band widths. These gaps can be
used by the hackers to hack into the storage devices used by the employees (Agrawal, 2017). The
applications that are consists of malware also can harm the network through the personal mobile
phone when it is connected to the company network. This type of incident was occur in year may
2019 where data of 137 million people was leaked from Canva Australian Graphic Design tool
website. Effective firewaa can be used in the organization o prevent data loss also multy layer
security system can be used in the MBC organization to maintain security process in the
company operations.
Crypto Jacking Attacks
The other common threat for the personal digital devices like mobile phone and network.
In current time these attacks are continuously increasing and affecting many people around the
world. In this is process employee or organization receives a mail that is consists of malware
program that is consists of ransom ware malware. These malware is consists of program that get
installs in the device as it is open in the device (Hoffmann, Kiedrowicz and Stanik, 2016). As it
runs on the ram it starts to convert the information and data available in the device into
cryptography with unknown. This is how user will not be able the data available in the personal
device (Hoffmann, Kiedrowicz and Stanik, 2016). The people who made these malware then ask
for ransom from the user to extract the information that is encrypted by the malware. This is how
this is major threat for the organization like MBC. This type of attack was occur in year 2018
and 2019 where people of the specific organizations has been targeted by the hackers to collect
ransom in return of data recovery. This type of security attacks can be prevented by using better
antivirus system and virtual private network for the IOT devices in organization.
Data Misusing
5
This type of cyber issues are mostly faced by the organization that are authorised to hold the
data of people including their personal information. For example in year 2017 Cambridge
Analytica was involves in a data harvesting scandal where the company have harvested the
personal data and information of Facebook to make the digital election promotion for the
presidential candidate (Barafort, Mesquida and Mas, 2017). This is one of the most famous
cyber crime case that includes political assets with in the scandal. Effective data storing process
and data encryption can be used by the organization to prevent the data los with in the
organization.
This is how the mobile devices that are used by the people in the company server can affect
the security and safety of the network. It also can affect the company information and data which
is important for their business.
There are different concerns organization have regarding information security and safety. There
are different issues organization have due to their employees. This issues are related to the
actions of the employees with in the function of the organization (Peltier, 2016). Security issues
are important for the performance of the organization in the market place. If the employees of the
company are loyal to the company and supporting to the actions of the company this is positive
sign for the performance of the company. For the other conditions this is not good for the internal
and external functions of the company. There are different process can be used by the
organization to make positive development in the security consideration of the organization.
Some of the process can be used by the organization can be considered by the company
to improve their issues related to the employees. For example employee motivation can be used
by the organization to make them loyal for organization. There are some other process also can
be used by the organization to make improvement in their security and safety (Zarei and
Sadoughi, 2016). By following various protocols organization can make certain improvement in
the business organization to maintain security and safety of data. Maintain security updates and
maintain effective monitoring organization can effectively improve the performance of the
organization in the target market.
6
data of people including their personal information. For example in year 2017 Cambridge
Analytica was involves in a data harvesting scandal where the company have harvested the
personal data and information of Facebook to make the digital election promotion for the
presidential candidate (Barafort, Mesquida and Mas, 2017). This is one of the most famous
cyber crime case that includes political assets with in the scandal. Effective data storing process
and data encryption can be used by the organization to prevent the data los with in the
organization.
This is how the mobile devices that are used by the people in the company server can affect
the security and safety of the network. It also can affect the company information and data which
is important for their business.
There are different concerns organization have regarding information security and safety. There
are different issues organization have due to their employees. This issues are related to the
actions of the employees with in the function of the organization (Peltier, 2016). Security issues
are important for the performance of the organization in the market place. If the employees of the
company are loyal to the company and supporting to the actions of the company this is positive
sign for the performance of the company. For the other conditions this is not good for the internal
and external functions of the company. There are different process can be used by the
organization to make positive development in the security consideration of the organization.
Some of the process can be used by the organization can be considered by the company
to improve their issues related to the employees. For example employee motivation can be used
by the organization to make them loyal for organization. There are some other process also can
be used by the organization to make improvement in their security and safety (Zarei and
Sadoughi, 2016). By following various protocols organization can make certain improvement in
the business organization to maintain security and safety of data. Maintain security updates and
maintain effective monitoring organization can effectively improve the performance of the
organization in the target market.
6
Three Countermeasures used to prevent
There are different processes and techniques are used by network provider and mobile
service provider companies to keep the personal network and device safe from the cyber attacks
and data leakage problem in the devices due to hacking. These technologies are provide by the
company to keep the information and data safe from attacks (Azhmukhamedov, Vybornova and
Brumshtein, 2016). The main processes that are used by the business organization are- Virtual
private network and installing antivirus application. These are most common processes that are
used by the network provider and software designing companies to provide secure browsing to
the people.
Virtual Private Network
This technique is one of the best process to keep the data and information of the
employees personal device safe from hacking and data loss. In the virtual private network IT
department of organization develop a virtual network for the employees of the MBC. These
network are mostly protected by the password and all the information that is transferred with in
the network. These network only can be accessed form the company premises and these only can
be accessed on the personal server of the company (Singh and Joshi, 2017). This network that is
created by the Information technology department is protected with the protected fire walls that
are used to manage the access and security access of the people in the company network. This is
how by managing the access of the employees in the company server the information of the
company and employee can be protected effectively.
Installation of Antivirus on Devices
This process is used in most of devices to keep device safe from the malwares and other
threats like hackers and cyber jacking. The antivirus that in install in the personal devices is
consists of software that is able to detect, prevent and removal of malware form the personal
mobile phone of employees. This antivirus software are updated by the software manufacturing
companies in order to maintain the safety and security of the mobile device. For example as a
malware get installed with in the personal device of the employee these antivirus will detect this
abnormal software from the analysis process (Barafort, Mesquida and Mas, 2017). After the
detection process found malware is removed from the storage and processor of the device to
keep device and network safe from issues like data loss and hacking.
7
There are different processes and techniques are used by network provider and mobile
service provider companies to keep the personal network and device safe from the cyber attacks
and data leakage problem in the devices due to hacking. These technologies are provide by the
company to keep the information and data safe from attacks (Azhmukhamedov, Vybornova and
Brumshtein, 2016). The main processes that are used by the business organization are- Virtual
private network and installing antivirus application. These are most common processes that are
used by the network provider and software designing companies to provide secure browsing to
the people.
Virtual Private Network
This technique is one of the best process to keep the data and information of the
employees personal device safe from hacking and data loss. In the virtual private network IT
department of organization develop a virtual network for the employees of the MBC. These
network are mostly protected by the password and all the information that is transferred with in
the network. These network only can be accessed form the company premises and these only can
be accessed on the personal server of the company (Singh and Joshi, 2017). This network that is
created by the Information technology department is protected with the protected fire walls that
are used to manage the access and security access of the people in the company network. This is
how by managing the access of the employees in the company server the information of the
company and employee can be protected effectively.
Installation of Antivirus on Devices
This process is used in most of devices to keep device safe from the malwares and other
threats like hackers and cyber jacking. The antivirus that in install in the personal devices is
consists of software that is able to detect, prevent and removal of malware form the personal
mobile phone of employees. This antivirus software are updated by the software manufacturing
companies in order to maintain the safety and security of the mobile device. For example as a
malware get installed with in the personal device of the employee these antivirus will detect this
abnormal software from the analysis process (Barafort, Mesquida and Mas, 2017). After the
detection process found malware is removed from the storage and processor of the device to
keep device and network safe from issues like data loss and hacking.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Authentication Protocols for Specific Internet of Things
There are different protocols are used by the organization for the authentication of the IOT
devices with in the organization computer network system. These are msin IOT authentication
protocols that are used by the business organization for effective security in the network system
of company. Some of main IOT authentication protocols that are used in the business
organization are- Machine to Machine communication, internet of vehicle, internet of energy and
internet of sensors. The main authentication protocols that are used in business organization are-
M2M and Internet od Sensors (Agrawal, 2017). The M2M is considered as where two or more
machine performs the communication of data and information in order to conduct their operation
successfully. The internet of sensors is known as the interconnection of various sensors in the
organization function for effective exchange of information between the organization
departments and machines.
CONCLUSION
This report is concluding the importance of the security and safety of organization
network to maintain their performance effective in the market place. Various threats related to
the network security and safety has been discussed in the report to develop knowledge about the
major threats for the server and network of company. There are some technologies and processes
are used by the business organization to improve the safety of company data and information.
These tools also has been explained in the study. Various IOT authentication protocols that are
used in business organization has been concluded in the report. Different cyber attack has been
studied in the report to develop understanding of organization information and data safety.
8
There are different protocols are used by the organization for the authentication of the IOT
devices with in the organization computer network system. These are msin IOT authentication
protocols that are used by the business organization for effective security in the network system
of company. Some of main IOT authentication protocols that are used in the business
organization are- Machine to Machine communication, internet of vehicle, internet of energy and
internet of sensors. The main authentication protocols that are used in business organization are-
M2M and Internet od Sensors (Agrawal, 2017). The M2M is considered as where two or more
machine performs the communication of data and information in order to conduct their operation
successfully. The internet of sensors is known as the interconnection of various sensors in the
organization function for effective exchange of information between the organization
departments and machines.
CONCLUSION
This report is concluding the importance of the security and safety of organization
network to maintain their performance effective in the market place. Various threats related to
the network security and safety has been discussed in the report to develop knowledge about the
major threats for the server and network of company. There are some technologies and processes
are used by the business organization to improve the safety of company data and information.
These tools also has been explained in the study. Various IOT authentication protocols that are
used in business organization has been concluded in the report. Different cyber attack has been
studied in the report to develop understanding of organization information and data safety.
8
REFERENCES
Book and Journal
Agrawal, V., 2017. A Comparative Study on Information Security Risk Analysis
Methods. JCP. 12(1). pp.57-67.
Azhmukhamedov, I.M., Vybornova, O.N. and Brumshtein, Y.M., 2016. Management of
information security risks in a context of uncertainty. Automatic Control and Computer
Sciences. 50(8). pp.657-663.
Barafort, B., Mesquida, A.L. and Mas, A., 2017. Integrating risk management in IT settings from
ISO standards and management systems perspectives. Computer Standards &
Interfaces. 54. pp.176-185
Hoffmann, R., Kiedrowicz, M. and Stanik, J., 2016. Risk management system as the basic
paradigm of the information security management system in an organization. In MATEC
Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press..
Sauerwein, C., Sillaber, C. and Breu, R., 2018. Shadow cyber threat intelligence and its use in
information security and risk management processes. Multikonferenz
Wirtschaftsinformatik (MKWI 2018).
Singh, U.K. and Joshi, C., 2017. Information Security Risk Management Framework for
University Computing Environment. IJ Network Security. 19(5). pp.742-751.
Tupa, J., Simota, J. and Steiner, F., 2017. Aspects of risk management implementation for
Industry 4.0. Procedia Manufacturing. 11. pp.1223-1230.
Zarei, J. and Sadoughi, F., 2016. Information security risk management for computerized health
information systems in hospitals: a case study of Iran. Risk management and healthcare
policy. 9. p.75.
9
Book and Journal
Agrawal, V., 2017. A Comparative Study on Information Security Risk Analysis
Methods. JCP. 12(1). pp.57-67.
Azhmukhamedov, I.M., Vybornova, O.N. and Brumshtein, Y.M., 2016. Management of
information security risks in a context of uncertainty. Automatic Control and Computer
Sciences. 50(8). pp.657-663.
Barafort, B., Mesquida, A.L. and Mas, A., 2017. Integrating risk management in IT settings from
ISO standards and management systems perspectives. Computer Standards &
Interfaces. 54. pp.176-185
Hoffmann, R., Kiedrowicz, M. and Stanik, J., 2016. Risk management system as the basic
paradigm of the information security management system in an organization. In MATEC
Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press..
Sauerwein, C., Sillaber, C. and Breu, R., 2018. Shadow cyber threat intelligence and its use in
information security and risk management processes. Multikonferenz
Wirtschaftsinformatik (MKWI 2018).
Singh, U.K. and Joshi, C., 2017. Information Security Risk Management Framework for
University Computing Environment. IJ Network Security. 19(5). pp.742-751.
Tupa, J., Simota, J. and Steiner, F., 2017. Aspects of risk management implementation for
Industry 4.0. Procedia Manufacturing. 11. pp.1223-1230.
Zarei, J. and Sadoughi, F., 2016. Information security risk management for computerized health
information systems in hospitals: a case study of Iran. Risk management and healthcare
policy. 9. p.75.
9
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.