Managing Risk, Security, & Privacy in Information Systems (Essay Sample)

Assess Discovery Risks
Your name
Managing Risk, Security, & Privacy in Information Systems
Date
Introduction
Cyber-attacks have greatly impacted the IT industry, and the attacks have progressively improved. Attacks have become increasingly complex and sophisticated, targeting different areas, including the network, databases, systems, and employees through social engineering. Security risk assessment is the process of identifying loopholes with the organizations that hackers can exploit. These vulnerabilities will pose a threat that will initiate an attack. Therefore, why do we need a risk management program? A risk management program is crucial in ensuring that the data is safe from exploitation, such as distributed denial of services, IP Spoofing, botnets attacks, and SQL injections. However, the most important reason is that the program creates awareness of hazards and risks about cyber-attacks and the newly developed attacks methods such as social engineering. The risk program includes four elements: assets identifications, risk analysis, risk likelihood and impacts, and fourthly the costs of the solution to the threat. The process is crucial as it ensures that the company is potentially safe from current threats and new ones.
Discussion
The financial company, NCU-FSB, is currently facing problems that pertain to channel of communications, databases, infrastructure, and poorly designed software.
Poor Configuration
These problems include MAC address conflicts resulting from poor configuration of routers, servers, or switches. The collisions of processes result from the poor configuration of the database that does not allow concurrency control. Concurrency control ensures that the system can simultaneously manage operations without conflicting with each other.
Cyber Attacks
The second problem is the potential attacks from external international sources indicated by the constant alert from the server – server constant peeping can result from overload and processing anonymous data. The constant firewall alerts signify that there are unknown packets that are passing through the network.
Data Inconsistency
Data inconsistencies can be referred to as mismatches between data generated from the software and the database architecture. The main reason is poor software design and poor normalization and database schema. Poor software design results in “try and catch” exceptions of data.
These threats can be categorized as both hardware and software threats. Poor designs are the main reason for the problems foreseen in the company.
Conducting a Successful Risk Assessment of the Company
Requirements for a Risk Assessment
Why are the signs that a company needs a risk assessment program? There are main signs that warrant a need for a risk assessment. These signs cut across the channel of communications, databases, infrastructure, and software (Liu et al., 2012).
Signs of attacks
There are main signs of cyber-attacks that warrant a need for risks assessment. They include: distributed denial of services, slow than normal internet speeds this is due to a spike in traffic – computer “hanging” or crash – files unexpectedly encrypted, or blocked access, accounts suspended, suspicious pop-ups or unknown applications running, and missing files and software (MOH, 2021). All these signs are signs of potential attacks. In the case of NCU Financial Saving Bank, the key signs were constant security warning from the email servers and proxy, firewalls attacks, and foreign IP addresses accessing the system.
Taxonomy of Risk
Taxonomy refers to all data elements or attributes, their various characteristics, and their relation to a given domain. Taxonomy of risk refers to the hierarchy of potential vulnerability as manifested within an organization. Diagraming the taxonomy of risk highlights the possible sources of risks, vulnerabilities, and loopholes that can serve as a basis to implement attacks (Simmons et al., 2009).
The diagram above illustrates the possible taxonomy of risks of NCU Financial Savings Bank
eDiscovery Process
This process highlights how risk analysis will be carried out in the NCU Financial Savings Banks
Identification:
This stage is important to point out the critical assets within the NCU-FSB that require protects such as the databases, the network, servers, and building facilities.
Threats:
Risk analysis points out how the threat might occur, which requires identifying the vulnerability in the assets in the NCU-FSB and a threat that could exploit the vulnerability. For example, check the connection to the database; if the java program is used, check where the Statement query (not secure) or Prepared Statement (secure from SQL injection) are used.
Evaluation:
Calculate each risk on the scale risk and identity where they fall within the predetermined level of acceptance. The highest risks should be prioritized.
Risk Treatment Options:
After evaluation and prioritizing, the NCU bank should act immediately by accepting the risks, mitigating them, and terminating the risk.
Possible Solution to the Problems
The following are the solution that can prove vital to the NCU-FSB
MAC Address Conflicts
MAC address conflict can result from IP spoofing; one impersonates a trusted device to gain privileged access. MAC address conflict is a major problem has it can be hard to distinguish between untrusted and trusted devices. Therefore, the solution for NCU-FCB is to reconfigure the entire architecture. In addition, the solution using packets filtering by examining the IP packets or every device will be effective. Moreover, using authentication via public key infrastructure technology ensures that trust devices.
Security Warns from the Proxy and Email Servers
Email servers have security features configured to display a warning when an email arrives outside the organization. Therefore, the NCU-FSB is breached with spam emails and phished by attackers. This problem can be tackled through the use of Email Filtering by using a secure email gateway to remove harmful and malicious emails. Another mechanism is to use Post-Delivery Protection, which filters phishing within the internal organization that is had to spot. Other mechanism includes web filtering and email isolation.
Collision Financial of Process in NCU-FSB
The collision of processes is a result of poor concurrency control in database management systems (DBMS). Concurrency control allows the managing of procedures simultaneously without conflicts or deadlocks. Preventing collisions of financial processes requires using control mechanisms such as timestamps and lock-based protocols (Rungta & Peterson, 2021).
Inconsistencies of Data Transmission
Inconsistency of data results from poor architecture, poorly designed software, and databases result in inconsistent data transmission between the source an