Information Security Planning: Website Security, Encryption & Policy

Verified

Added on 2023/06/11

AI Summary

This report delves into information security planning, emphasizing the critical security aspects of a new website business, including assets, threats, vulnerabilities, risks, and mitigation strategies. It discusses the use of the 3DES encryption algorithm, highlighting its strengths and weaknesses in securing data. Furthermore, the report analyzes how an Information Security (IS) policy can assist a company that has suffered a Spambot attack, detailing how such policies educate employees and set boundaries for internet usage. Finally, it explores the relationship between Spambot data attacks and the CIA/Parkerian models, explaining how these attacks challenge the confidentiality, integrity, and availability of information systems. Desklib offers a variety of resources, including past papers and solved assignments, to aid students in their studies.

Running head: INFORMATION SECURITY PLANNING
Information Security Planning
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION SECURITY PLANNING
Discussion of the security aspects of a new website business
Nowadays it has been very common to businesspersons about the security loopholes that exist
within the cyberworld. They are aware of the fact that the cyberworld is wary of numerous security
problems that encompass the entire system (Asghari, van Eeten & Bauer, 2015). Therefore, as it is
necessary for a business to go digitized, it is equally necessary that a businessperson be aware of the
solutions to tackle as well as prevent security threats to the new website business (Elyashar, 2016). There
are few general things that are absolutely necessary for businesspersons to take into consideration while
implementing the inception towards a website business. The following are the aspects of a website
business that needs to be taken care of for any businessperson to keep away the risks of cyber threats and
make the most of the online website business:
 Assets: In case of website businesses, the most important assets are considered to be the
domain, the website hosting, the website or CMS access, the emails accounts used for the
purpose, the advertising and other social media accounts, and the Customer Relationship
Management or CRM or the Customer Database. These aspects of the website business
needs to be taken care of as the breach of any one of these would lead to chaos in the
business process leading to further downfalls.
 Threats: There are various tools and processes that are able to be put into place that
safeguards a website business from cyber threats. It helps in the backing up of data that
may help in recovery of lost data if any breaches are likely to occur (Grant et al., 2014).
Threats that would have control over the computers and connecting devices would most
likely be curbed with the help of these tools and processes.
 Vulnerabilities: Any kind of website business needs to take care of the SQL injections,
Cross Site Scripting or XSS, broken authentication and session management, and security
misconfiguration. These should be taken care of to maintain complete security against the
vulnerabilities in the website business.

2INFORMATION SECURITY PLANNING
 Risks: Website businesses have previously been subjected to security risks and data
breaches. However, in a website business, it is not just that there is only one kind of
security risk. It can occur from the perspective of the business and the perspective of
technical risks as well. Both these risks are to be taken utmost care of as a risk can further
develop into an impending threat for a website business.
 Mitigation and protective measures: Hacking a website and processing threats against
the website organizations is a common phenomenon. Therefore, the owner of the website
business should focus on the steps that should be taken to reduce adverse effects of these
threats and hacks.
Discussion on the use of the 3DES encryption algorithm
In the year 1977, the DES block cipher was first introduced but it has been chided by many
cryptographers as a historical interest (Bhanot & Hans, 2015). However, triple DES has had practical
importance according to the cryptographers. This fact fall true for both 2 Key and 3 Key triple DES.
A 2 key or 3 key triple DES forms a symmetric block cipher that applies the DES cipher
algorithm thrice to each data block. Therefore it becomes extremely difficult as well as to much tenuous
for any hacker to go through each data block trying to hack the single data block thrice in a row. 2 Key
triple DES provides 80 bits of security and hence is much more powerful of an encryption process than
that of the 3 key triple DES (Amsler et al., 2016). Therefore, if any business organization opts for
adopting a 2 key triple DES encryption for its security process for blocking data, it would be absolutely
feasible and heavily recommended as an encryption process altogether.
However, a business organization has huge amount of data generating every day, and hence
encrypting data in accordance to these enormous amounts of generated data may need a huge storage
capacity, which is difficult to achieve unless cloud storage is implemented for the organization’s data
storage system.

3INFORMATION SECURITY PLANNING
Discussion on how IS policy may assist a company that suffered a Spambot attack
Spambot is generally a computer application that has been designed in order to generate and send
a huge amount of spam emails to random users in heaps. It has the ability to collect email addresses
automatically from different sources on the internet randomly. Spambot usually starts sending a pile load
of junk mail by creating a mail list out of the collected email ids. A Spambot mail might carry any sort of
ransomware attack that would help the hackers or spammers to carry out attacks on website servers. If
this kind of an attack happens within a company, there are high chances that they would be under a huge
threat of data breaches and losing of intricate and confidential data. This is where an Internet Security
policy or an IS Policy comes into action to save a company and assist them from a Spambot attack. Since
and IS Policy is meant to set boundaries for an employee in an organization for internet usage, it would
educate an individual employee about Spambots and the threat they bring along for the company (Watad,
Washah & Perez, 2018). It is essentially mentioned within an IS Policy that any kind of suspicious mails
are forbidden to access, hence the company is mostly protected from any kind of Spambot attack. They
are trained well about the procedures to adopt for protecting and managing systems in the company
through an IS Policy and hence assists the company in suffering from Spambot attacks further.
Discussion on how Spambot data attacks relate to the CIA/Parkerian models
A CIA/Parkerian Model hexad is a set of six elements of information security. This concept was
proposed by Donn B. Parker in the year 1998. The Parkerian hexad adds three additional attributes to the
otherwise tradition three-classic-security attributes of the CIA triad which is namely confidentiality,
integrity and availability (Mitchell, 2016). On the other hand, Spambot is generally a computer
application that has been designed in order to generate and send a huge amount of spam emails to random
users in heaps. It has the ability to collect email addresses automatically from different sources on the
internet randomly (Navatha, Kumar & Ganguly, 2017).The CIA Triad is a venerable, well-known model
for security policy development, used to identify problem areas and necessary solutions for information
security (Leelasankar, Chellappan & Sivasankar, 2018). It identifies or relates with the Spambot data

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4INFORMATION SECURITY PLANNING
attacks as these are the three regions where confidentiality, integrity and availability of a system is
challenged. In any cases a spambot attacks a system through confidential email ids, derailing the integrity
of data according to the availability of the innocent users to fall into the malware data threat attacks.

5INFORMATION SECURITY PLANNING
Reference
Amsler, D. B., Allen, N., Messer, S., & Healy, T. (2016). U.S. Patent No. 9,258,321. Washington, DC:
U.S. Patent and Trademark Office.
Asghari, H., van Eeten, M. J., & Bauer, J. M. (2015). Economics of fighting botnets: Lessons from a
decade of mitigation. IEEE Security & Privacy, 13(5), 16-23.
Bhanot, R., & Hans, R. (2015). A review and comparative analysis of various encryption
algorithms. International Journal of Security and Its Applications, 9(4), 289-306.
Elyashar, A. (2016). The Security of Organizations and Individuals in Online Social Networks. arXiv
preprint arXiv:1607.04775.
Grant, K., Edgar, D., Sukumar, A., & Meyer, M. (2014). ‘Risky business’: Perceptions of e-business risk
by UK small and medium sized enterprises (SMEs). International Journal of Information
Management, 34(2), 99-122.
Leelasankar, K., Chellappan, C., & Sivasankar, P. (2018). Successful Computer Forensics Analysis on the
Cyber Attack Botnet. In Handbook of Research on Network Forensics and Analysis
Techniques (pp. 266-281). IGI Global.
Mitchell, C. J. (2016). On the security of 2-key triple DES. IEEE Transactions on Information
Theory, 62(11), 6260-6267.
Navatha, K., Kumar, J. T., & Ganguly, P. (2017). An efficient FPGA Implementation of DES and Triple-
DES Encryption Systems. Communication and Power Engineering, 348.
Saxena, M., & Khan, P. M. (2015, March). Spamizer: An approach to handle web form Spam.
In Computing for Sustainable Global Development (INDIACom), 2015 2nd International
Conference on (pp. 1095-1100). IEEE.

6INFORMATION SECURITY PLANNING
Watad, M., Washah, S., & Perez, C. (2018). It Security Threats and Challenges for Small Firms:
Managers’ Perceptions. International Journal of the Academic Business World, 23.