Managing Risk, Security, & Privacy in Information Systems (Essay Sample)
For this assignment, you must write a two-column, two-page journal article presenting the results of your analysis and initial data discovery (eDiscovery) in which you briefly answer the following questions:
• What solutions can you employ to reduce or even eliminate the possibility of collusion in the financial organization?
• How would you address the need to segregate duties (SOD) and rotate tasks, for it is a requirement by laws applicable to financial and savings institutions like Sarbanes Oxley (SOX) and Gramm Leach Bliley Act (GLBA)?
• What actions or changes in server setting and configuration must be made to avoid MAC address collision and server compromise?
A template for the journal formatting is available in the weekly resources. Be sure to set all margins to 1-inch. Use single spacing and 12-point Times New Roman font.
You article must also include the following:
• An introduction that addresses the essence of a security risk assessment. In this introduction, you will explain and defend the importance of having a risk management program in place, the main elements of a risk program, and the benefits derived from incorporating this strategy as part of the corporate security program.
• Discussion of the primary threats enterprises are currently facing, the impact, and a comprehensive analysis of how security must address these threats, attacks, and vulnerabilities.
• Different regulatory requirements that warrant a security risk analysis.
• Taxonomy of risk elements for cyber-risk management as part of the security risk analysis. Define the concept of taxonomy and its importance as part of the risk assessment and management process. Develop a table and relation diagram.
• Information needed to initiate a security risk analysis—eDiscovery process flowchart and explanation.
• A minimum of 3 scholarly references listed at the bottom of the paper.
• Length: two-column, two-page journal article
Assess Discovery Risks
Managing Risk, Security, & Privacy in Information Systems
Cyber-attacks have greatly impacted the IT industry, and the attacks have progressively improved. Attacks have become increasingly complex and sophisticated, targeting different areas, including the network, databases, systems, and employees through social engineering. Security risk assessment is the process of identifying loopholes with the organizations that hackers can exploit. These vulnerabilities will pose a threat that will initiate an attack. Therefore, why do we need a risk management program? A risk management program is crucial in ensuring that the data is safe from exploitation, such as distributed denial of services, IP Spoofing, botnets attacks, and SQL injections. However, the most important reason is that the program creates awareness of hazards and risks about cyber-attacks and the newly developed attacks methods such as social engineering. The risk program includes four elements: assets identifications, risk analysis, risk likelihood and impacts, and fourthly the costs of the solution to the threat. The process is crucial as it ensures that the company is potentially safe from current threats and new ones.
The financial company, NCU-FSB, is currently facing problems that pertain to channel of communications, databases, infrastructure, and poorly designed software.
These problems include MAC address conflicts resulting from poor configuration of routers, servers, or switches. The collisions of processes result from the poor configuration of the database that does not allow concurrency control. Concurrency control ensures that the system can simultaneously manage operations without conflicting with each other.
The second problem is the potential attacks from external international sources indicated by the constant alert from the server – server constant peeping can result from overload and processing anonymous data. The constant firewall alerts signify that there are unknown packets that are passing through the network.
Data inconsistencies can be referred to as mismatches between data generated from the software and the database architecture. The main reason is poor software design and poor normalization and database schema. Poor software design results in “try and catch” exceptions of data.
These threats can be categorized as both hardware and software threats. Poor designs are the main reason for the problems foreseen in the company.
Conducting a Successful Risk Assessment of the Company
Requirements for a Risk Assessment
Why are the signs that a company needs a risk assessment program? There are main signs that warrant a need for a risk assessment. These signs cut across the channel of communications, databases, infrastructure, and software (Liu et al., 2012).
Signs of attacks
There are main signs of cyber-attacks that warrant a need for risks assessment. They include: distributed denial of services, slow than normal internet speeds this is due to a spike in traffic – computer “hanging” or crash – files unexpectedly encrypted, or blocked access, accounts suspended, suspicious pop-ups or unknown applications running, and missing files and software (MOH, 2021). All these signs are signs of potential attacks. In the case of NCU Financial Saving Bank, the key signs were constant security warning from the email servers and proxy, firewalls attacks, and foreign IP addresses accessing the system.
Taxonomy of Risk
Taxonomy refers to all data elements or attributes, their various characteristics, and their relation to a given domain. Taxonomy of risk refers to the hierarchy of potential vulnerability as manifested within an organization. Diagraming the taxonomy of risk highlights the possible sources of risks, vulnerabilities, and loopholes that can serve as a basis to implement attacks (Simmons et al., 2009).
The diagram above illustrates the possible taxonomy of risks of NCU Financial Savings Bank
This process highlights how risk analysis will be carried out in the NCU Financial Savings Banks
This stage is important to point out the critical assets within the NCU-FSB that require protects such as the databases, the network, servers, and building facilities.
Risk analysis points out how the threat might occur, which requires identifying the vulnerability in the assets in the NCU-FSB and a threat that could exploit the vulnerability. For example, check the connection to the database; if the java program is used, check where the Statement query (not secure) or Prepared Statement (secure from SQL injection) are used.
Calculate each risk on the scale risk and identity where they fall within the predetermined level of acceptance. The highest risks should be prioritized.
Risk Treatment Options:
After evaluation and prioritizing, the NCU bank should act immediately by accepting the risks, mitigating them, and terminating the risk.
Possible Solution to the Problems
The following are the solution that can prove vital to the NCU-FSB
MAC Address Conflicts
MAC address conflict can result from IP spoofing; one impersonates a trusted device to gain privileged access. MAC address conflict is a major problem has it can be hard to distinguish between untrusted and trusted devices. Therefore, the solution for NCU-FCB is to reconfigure the entire architecture. In addition, the solution using packets filtering by examining the IP packets or every device will be effective. Moreover, using authentication via public key infrastructure technology ensures that trust devices.
Security Warns from the Proxy and Email Servers
Email servers have security features configured to display a warning when an email arrives outside the organization. Therefore, the NCU-FSB is breached with spam emails and phished by attackers. This problem can be tackled through the use of Email Filtering by using a secure email gateway to remove harmful and malicious emails. Another mechanism is to use Post-Delivery Protection, which filters phishing within the internal organization that is had to spot. Other mechanism includes web filtering and email isolation.
Collision Financial of Process in NCU-FSB
The collision of processes is a result of poor concurrency control in database management systems (DBMS). Concurrency control allows the managing of procedures simultaneously without conflicts or deadlocks. Preventing collisions of financial processes requires using control mechanisms such as timestamps and lock-based protocols (Rungta & Peterson, 2021).
Inconsistencies of Data Transmission
Inconsistency of data results from poor architecture, poorly designed software, and databases result in inconsistent data transmission between the source an
- Best Practices in Data VisualizationDescription: Data visualization is a graphical representation of information that makes the reporting process more exciting and easier to understand (Maltese et al., 2015). This reporting technique provides an easier way to understand trends, patterns and outliers in data. However, for the data to provide in-depth ...8 pages/≈2200 words| 5 Sources | APA | IT & Computer Science | Essay |
- Litecoin and Ethereum’s Similarities and DifferencesDescription: A Blockchain is an immutable, peer-to-peer, append-only, secure dispersed ledger that can be restructured only via bargain among peers. It is mainly linked with Bitcoin, but additional cryptocurrencies are linked with it. Cryptocurrencies can either fit into a decentralized or centralized system of ...1 page/≈275 words| 1 Source | APA | IT & Computer Science | Essay |
- Artificial Intelligence of DeepfakeDescription: My reactions when I first heard about the artificial intelligence of deepfake come as a surprise to me. I had no idea that someone else can take the image and use it to make the memes and other contents against the wish of an individual. According to my thinking is that the deceptive technologies like the...1 page/≈275 words| No Sources | APA | IT & Computer Science | Essay |