CSI2102 Information Security | IT Security in Belsure Company

You are employed as a junior security advisor at ‘BelSecure’, an IT security consultancy.

Your manager has asked you to create a report to explain IT security threats, their impact on organisations and what physical and network measures can be taken by organisations to secure any threats to their systems

Task 1

Explain the impact of different types of threat on an organisation. Each of the types of threat outlined in the content should be considered.

You should provide at least one example of each of the types of threat that you explain. Remember organisations may suffer in a variety of ways and to varying extents, from relatively harmless nuisance effects to serious commercial impacts.

These include (but are not limited to) loss of service to customers, loss of business through loss of data, increased costs and loss of reputation.

Task 2

In this section of your report you should describe the physical measures that can be used to keep systems secure.

Task 3

Follow that by adding a section to describe features for software and network security.

Introduction

The report mainly discusses on proposing the better IT security in Belsure Company. The Belsure has been a recent launched ICT company who has been looking for a flourishing and a profitable future. The company unaware of the threats and security risk wanted to create a security plan in order to encounter these threats[1] and provide better understanding about the basics of the organization.

Potential Security Threats

The potential security[2] that are faced by the organisation are given by the organisation are as follows:

Malicious damage:

1. Shoulder surfing: the internal breach in an organisation through shoulder surfing and piggybacking. The data breach can cause minimal damage to major damage. The shoulder surfing is said to be done when the details or data of one user is used by another user without permission. Example: Facebook access through others passwords,
   
   
2. Hacking: the unauthorised access to any data, the company can face this threat externally or internally. The damage can just be small password to huge sensitive data and information that can hamper organization effectively. Example: Game of thrones hacking.
   
   
3. SQL Injection: the malicious code if injected can abruptly damage the application and the database. Example: SQl payload injection
   
   
4. Identity theft: Using the others id to access any sort of data is called identity theft. Example: the financial data loss in banks through sensitive data breach.

Threats related to E Commerce:

1. Cloud breach: the data breach that occurs through unauthorised access of the information that is store in the cloud. The cloud breach is the worst threat that can hamper the organization. Example: Uber data breach causing damage of 100
   
   
2. Ransom ware: The ransom ware is the malware that gain access to the system or the application and denies the services to the user until the one pays a ransom. Example: WannaCry.
   
   
3. Counterfeit Goods: The goods that are not bought through the authorised access of the system are highly prone to the security threats the system may contain the viruses , malware or worms that could hamper the computer system or can cause breach to the system.

Organizational impact:

The organizational impact can be caused by security issue can be minor as well as major the data breach can disrupt or misused to the system to potentially damage the organization. There have been recent cases like uber cloud bleed and wannacry that have shown that there is not just loss of data but also the physical harm and loss of life. The hacking and data breach have incurred a huge loss to finance as well. The ransom ware just denies the access, but there can be chances that leaking of sensitive information.

Security framework

In order to encounter the threats, the following measures can be taken:

1. The employees of the company should be instructed to make changes in their passwords frequently.
   
   
2. There must be licensed and original software used for work must be installed in the company.
   
   
3. There must be proper antivirus and other security framework to check the potential outputs to the organization.
   
   
4. There must be knowledge about the proper network ethics should be given to the organization.
   
   
5. The organization must have biometric identification[3] like fingerprints or retinal scan installed to ensure the data security and authorised access of data in and within organization.

Security and Network Features

The following features are discussed so that the stakeholders of the organisation has a brief idea about the organisation.

1. Encryption: the encryption is the most important feature that can create a defence against the threat the encryption helps in private access of data that could only be accessed if there is a private or a public key[4]. The private and public key are the digital signatures that is used to access information about the system.
   
   
2. Handshaking: the techniques help in ensuring the safety of data by sending a message when a signal is being sent and received.
   
   
3. Intruder detection: there are certain software that detects the software threats like malware, virus and worm. Any potential threat could be detected by the organization
   
   
4. Firewall: the firewall framework makes sure that system can access only the secure software.

Bibliography

Beberlein, L. T., G. Dias, K. N. Levitt, B. Mukherjee, and J. Wood. "Network attacks and an Ethernet-based network security monitor." (2017).

Chen, Gaojie, Yu Gong, Pei Xiao, and Jonathon A. Chambers. "Physical layer network security in the full-duplex relay system." IEEE transactions on information forensics and security 10, no. 3 (2015): 574-583.

White, Gregory B., Eric A. Fisch, and Udo W. Pooch. Computer system and network security. CRC press, 2017.

Roman, Rodrigo, Javier Lopez, and Masahiro Mambo. "Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges." Future Generation Computer Systems 78 (2018): 680-698.

[1] Roman, Rodrigo, Javier Lopez, and Masahiro Mambo. "Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges." Future Generation Computer Systems 78 (2018): 680-698.

[2] Beberlein, L. T., G. Dias, K. N. Levitt, B. Mukherjee, and J. Wood. "Network attacks and an Ethernet-based network security monitor." (2017).

[3] White, Gregory B., Eric A. Fisch, and Udo W. Pooch. Computer system and network security. CRC press, 2017.

[4] Chen, Gaojie, Yu Gong, Pei Xiao, and Jonathon A. Chambers. "Physical layer network security in the full-duplex relay system." IEEE transactions on information forensics and security 10, no. 3 (2015): 574-583.