INF80043 IT Risk Management For Nefarious Activities and Abuse

Questions:

Answer the following Questions:

1) Provide a brief overview of the case study and prepare the ENISA Big Data security infrastructure.

2) Out of the ‘’Top threats’’ which threat would you regard to be the most significant and why?

3) Identify and discuss the key Threat Agents. What could be done to minimize their impact on the system? Based on the data provided, discuss the trends in threat probability.

4) How could the ETL process be improved? Discuss.

5) To sum up, should ENISA be satisfied with its current state of IT Security? Why? Or Why not?

Answers:

Introduction

Big data can be defined as the large set of data that are either semi structured, structured or unstructured in nature and utilized for any sort of information. The three Vs define the aspects of this big data. These three Vs are defined as if they complete big data (Chen & Zhang, 2014). The first V can be defined as the large volume or set of data involved. The next V can be defined as the velocity at which the data is processed. The last or the third V describes about the wide variety or large range of data involved in the information.

The following discussion is on the recognized and famous case study of ENISA. It is an agency that provides recommendations related to security to several people in Europe. The report provides a detailed description about the security challenges that can be involved in the information system. It further outlines about the Big Data Security Infrastructure of ENISA. It also covers the top threats and description about the most significant threat. It identifies the agents of threat and the how ETL process can be improved. The report also gives a detailed discussion about the satisfaction of ENISA with is curren

t IT security.

Discussion

Brief Overview of ENISA Big Data Threat Landscape

The full form of ENISA is the European Union Agency for Network and Information Security. It is the main point for several securities of network and security experts of information (Enisa.europa.eu., 2017). It provides security of information and network to the European Union, most of the citizens of Europe, the various member states of the European Union and also the private sectors of Europe. European Union Agency for Network and Information Security gives various suggestions, advices and recommendations to the associated groups about network security and information security. It provides such suggestions if they are working with ENISA. The information provided by them is a massive help for the groups and they are safe and secured in case of security threats. ENISA also helps the groups for improvising the overall structure of the network infrastructure and the critical information structure. ENISA is one of the best agencies for information and network security (Enisa.europa.eu., 2017). However, it has various threats and risks of security present in their agency. They have undertaken security measures to control these threats. Various big data assets are present in their agency, which can a high tendency of attracting security threats to them. These are needed to be shielded and avoided, as this can be reason into several vulnerabilities. ENISA cannot control the accidental threats as they are uncontrollable, but they try to mitigate them by adopting several securities. Their focus is on the intentional or deliberate threats. The Big Data Threat Landscape report is the overview of the entire security threats that are applicable to big data assets. The report includes the current threats as well as the emerging threats.

Most Significant Threat and Reason

There are several threats that can cause dangerous damage to the security of any information and network securities (Demchenko et al., 2013). These risks and threats can be sub divided into five classifications. The classifications are as follows:

Nefarious Activities and Abuse: This is the most vulnerable classification of network and information security (Thuraisingham, 2015). It has several threats including the malicious code, malicious software, denial of service attacks, danger of theft of authorization, danger of leakage of information, leakage of confidential information, theft of identity, receiving unsolicited emails from false ids.

Eavesdropping or Interception and Hijacking: This is the second most vulnerable classification of security threats. These are mostly caused intentionally (Patil & Seshadri, 2014). Various threats are classified under this classification. These threats include network traffic manipulation, information gathering, interception of information, main in the middle and session hijacking.

Unintentional Damage or Loss of Information or IT Assets: The third most vulnerable classification of threats, the unintentional damage can be defined as the threat that is not done intentionally (Vatsalan et al., 2017). The threats included in this classification are the destruction of records, leakage of data, loss of information in the cloud, damage caused by a third party, inadequate design and planning.

Legal Threats: This is the fourth dangerous threat classification in the big data threat infrastructure. The various threats under this dangerous classification include the violation of laws and regulations, breaching of legislation, failure to meet the requirements of a contract, judiciary decisions, court orders (Thuraisingham, 2015). These threats can lead a person to even prison.

Organizational: This particular threat is less vulnerable and dangerous compared to the other four. The organizational threats occur only when there is a lack of efficient and skilled employees in the organization (Sagiroglu & Sinanc, 2013). An organization becomes successful only if it has several skilled employees and workers working in it. The efficiency and hard work of the employees help the organization to meet its goals.

The most significant threat amongst the five threats is the nefarious activity and abuse. The threats involved in this classification are as follows:

Malicious Code and Software: The infected code or software that is spread in a system to corrupt and infect it is known as malicious code or software. This is extremely dangerous and vulnerable and cause serious problem to the system (Patil & Seshadri, 2014). This code has the specialty of replicating itself and thus if the code once enters a system, it is guaranteed that the rest of the system will also be affected.

Denial of Service Attacks: This is the second most dangerous type of security threat. In this type of attack, the intruder denies any type of service or activity of the system (Lu et al., 2014). The main problem with this threat is that the owner does not have any idea about the hacker or intruder in his system. Once the service is denied or data is lost, he gets to know but it is very late during that time.

Information Leakage: This is another important and vulnerable threat that leaks the confidential data and information (Thuraisingham, 2015). This is dangerous for any information system of an organization.

Abuse of Authorization: The users who are authorized are denied of their authorization in this threat.

Receiving Unsolicited E-mails: In this type of threat, the user receives a false email from a fraud identity (Vatsalan et al., 2017). The dangerous fact about this email is that the moment the victim clicks on the open button of the mail, his system is open to the intruder and the confidential information is theft by them.

Identity Theft: In this type of security risk, the hacker or the intruder steals the identity of the victim and behaves like the user (Kao et al., 2014). He operates and investigates everything in his system and even modifies the system.

Unauthorized Update and Installation of Software: The installation of software plays the most important role in the inner functional module of all systems (Lu et al., 2014). When a user updates or installs software from unauthorized websites, the hackers get the IP address and they are able to get into the system easily.

Remote Activities: This is a type of malicious activity that occurs when an activity is executed without proper security measures (Wu et al., 2014). The system can even gets corrupted from this threat.

The nefarious activity or abuse is considered as the most significant threat because it causes maximum danger and losses to the security of an information system. This type of threat usually exploits the vulnerability to harm the security of a system (Lu et al., 2014). This type of threat is done intentionally or rather for wrong intentions. However, these threats can be mitigated and reduced to some extent with proper protection.

Threat Agents and What Could Be Done to Minimize Their Impact

Threat Agents	Description	What Could Be Done To Minimize Their Impact
1. Corporations	These are the various companies, enterprises and organizations, involved as well as engaged in various nasty tasks. These are constituted by several individuals and managing bodies.	The impact of such threat agents can be mitigated by adopting and implementing security policies in the system (Vatsalan et al., 2017). Security policies are a set of stands and rules, which help to protect and detect threats.
2. Cyber Criminals	These criminals do their offensive jobs sitting on the other side of a system. They hack the system, steals the confidential data and information (Kao et al., 2014). They are usually hostile in nature and are present nationally, internationally or in local regions.	The easiest way to stop this type of threat agents is to implement antivirus in all systems. This type of software stops the entry of an infected code in the system and thus the hackers will not be able to enter into the system.
3. Cyber Terrorists	Terrorists are those people, who cause trouble to an entire state or country. Unlike cyber criminals, they do not harm a particular organization or governing body (Kshetri, 2014). Rather they hack systems to exploit vulnerability for an entire nation. They are the most dangerous people present in the cyber world.	Two ways are present to stop this type of threat agents. First one is antivirus, which is a software that stops the entry of any malicious code in a system and the other one is the firewalls. They act as walls in the system and prevents all types of threats and risks.
4. Script Kiddies	The script kiddies are unskilled individuals, who do not have much talent or their talent is not identified for their wrong deeds (Hashem et al., 2015). These people take help of codes or several scripts to intrude in a particular system.	Encryption is the best way to minimize their impact. These people utilize scripts or code for hacking. However, if the scripts or codes will be encrypted, they will not be able to get access of them.
5. Online Social Hackers	The online social hackers are those people, who hack a particular system through social networking sites. Every organization or company has a registered website. These people hack the systems through that website.	Passwords are the best option for this type of threat agents. The passwords should be present in every system and they should be changed periodically (Vatsalan et al., 2017). Moreover, only authorized people will have access to those passwords.
6. Employees	Any organization depends on their employees and staff members. They have the knowledge of the confidential data and information of the organization (Erl, Khattak & Buhler, 2016). If any one of them leaks the data, it would cause a serious issue for the entire company. Therefore, they are the important agents of threat.	Digital authentication is the best way to minimize the impact of these threat agents (Kshetri, 2014). Only the authenticated employees will be allowed to access the system. The best examples of digital authentication are fingerprint recognition, digital signatures and face recognition software.
7. Nation States	The Nation States have several nasty abilities for attacking in the cyber world. They use their power for wrong and unethical acts.	There are two ways minimize their impact. They are the firewalls and the security policies (Wu et al., 2014). These two options will help to mitigate the security risks associated to them.

Trends in Threat Probability

There are various trends in threat probability. Few of them are discussed below:

Denial of Service: DoS attack or denial of service is one of the most common trend in threats. In this type of attack, the intruder denies any type of service or activity of the system. The main problem with this threat is that the owner does not have any idea about the hacker or intruder in his system (Kshetri, 2014). Once the service is denied or data is lost, he gets to know but it is very late during that time. This type of trend in decreasing in 2017 as all the systems has a special anti detector of DoS. Whenever, a hacker tries to deny the service, a message alert reaches the user and he is notified.

Brute Force Attack: This is an active attack, which happens in cryptography. The intruder utilizes a specific software to detect a password. This software provides a perfect combination of characters and the password is hacked (Chen, Mao & Liu, 2014). This trend is decreasing by 2014 as excess security is provided in all systems. The moment, the hacker tries to intrude in a system, a message is sent to the victim and he is alerted.

Virus: This is the most common trend in all threats. A malicious code infects and corrupts an entire system and the confidential data is stolen (Wu et al., 2014). This trend is increasing day by day as the source of this trend varies for different systems. However, it can be mitigated to some extent by installing antivirus software.

How Could ETL Process Be Improved

There are two distinct ways to improve the Extraction, Transformation and Loading of data or ETL (Baumer, 2017). It is the process to extract data from several sources and getting all of them into one warehouse of data. The two ways are as follows:

i) Batching: This is procedure of mitigating the complexities of a process (Bansal & Kagemann, 2015). This can be adopted to improve the entire process of ETL.

ii) Loading of Changed Rows: This particular act can also be adopted to improve the entire process of ETL (Bansal, 2014). The simplest way to loading of changed rows is to take a picture within the source of the altered resources.

Should ENISA Be Satisfied With Its Current State of IT Security?

ENISA is doing its job of securing the processing with utmost security. They protect and cover the system from various vulnerabilities and threats by generating various rules and strategies. However, the current state or position of ENISA is not at all safe and secured (Hashem et al., 2015). The emerging threats are extremely vulnerable for the system and are mostly caused with wrong intentions. The most significant threat is the nefarious abuse or activity. Thus, it can be said that ENISA should not satisfied with its current state of IT security and should make more strategies to mitigate them.

Conclusion

Therefore, from the above discussion it can be concluded that, the European Union Agency for Network and Information Security or ENISA gives various suggestions, advices and recommendations to the associated groups about network security and information security. It provides such suggestions if they are working with ENISA. The information provided by them is a massive help for the groups and they are safe and secured in case of security threats. Big data can be defined as the large set of data that are either semi structured, structured or unstructured in nature and utilized for any sort of information. Big data is adopted by various organizations for their information system. This makes the calculation and evaluation of information extremely easy and simple. Several big data assets are needed to be protected. The above report provides a detailed description about the security challenges that can be involved in the information system. It further outlines about the Big Data Security Infrastructure of ENISA. It also covers the top threats and description about the most significant threat. It identifies the agents of threat and the how ETL process can be improved. The report also gives a detailed discussion about the satisfaction of ENISA with is current IT security.

References

Bansal, S. K. (2014, June). Towards a semantic extract-transform-load (ETL) framework for big data integration. In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 522-529). IEEE.

Bansal, S. K., & Kagemann, S. (2015). Integrating big data: A semantic extract-transform-load framework. Computer, 48(3), 42-50.

Baumer, B. S. (2017). A Grammar for Reproducible and Painless Extract-Transform-Load Operations on Medium Data. arXiv preprint arXiv:1708.07073.

Chen, C. P., & Zhang, C. Y. (2014). Data-intensive applications, challenges, techniques and technologies: A survey on Big Data. Information Sciences, 275, 314-347.

Chen, M., Mao, S., & Liu, Y. (2014). Big data: A survey. Mobile Networks and Applications, 19(2), 171-209.

Demchenko, Y., Grosso, P., De Laat, C., & Membrey, P. (2013, May). Addressing big data issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 48-55). IEEE.

Enisa.europa.eu. (2017). Big Data Threat Landscape — ENISA. [online] Available at: https://www.enisa.europa.eu/publications/bigdata-threat-landscape [Accessed 14 Sep. 2017].

Erl, T., Khattak, W., & Buhler, P. (2016). Big data fundamentals: concepts, drivers & techniques. Prentice Hall Press.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Kao, R. R., Haydon, D. T., Lycett, S. J., & Murcia, P. R. (2014). Supersize me: how whole-genome sequencing and big data are transforming epidemiology. Trends in microbiology, 22(5), 282-291.

Kshetri, N. (2014). Big data? s impact on privacy, security and consumer welfare. Telecommunications Policy, 38(11), 1134-1145.

Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46-50.

Patil, H. K., & Seshadri, R. (2014, June). Big data security and privacy issues in healthcare. In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 762-765). IEEE.

Sagiroglu, S., & Sinanc, D. (2013, May). Big data: A review. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 42-47). IEEE.

Thuraisingham, B. (2015, March). Big data security and privacy. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 279-280). ACM.

Vatsalan, D., Sehili, Z., Christen, P., & Rahm, E. (2017). Privacy-Preserving Record Linkage for Big Data: Current Approaches and Research Challenges. In Handbook of Big Data Technologies (pp. 851-895). Springer International Publishing.

Wu, X., Zhu, X., Wu, G. Q., & Ding, W. (2014). Data mining with big data. IEEE transactions on knowledge and data engineering, 26(1), 97-107.

Buy INF80043 IT Risk Management For Nefarious Activities and Abuse Answers Online

Talk to our expert to get the help with INF80043 IT Risk Management For Nefarious Activities and Abuse Answers to complete your assessment on time and boost your grades now

The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks.Â The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.

Get Online Support for INF80043 IT Risk Management For Nefarious Activities and Abuse Assignment Help Online

); }

Not the Exact Question you were looking for ? Post your question for assignment help and get instant help on your homework and assignment questions from our experts