Saturday, December 7, 2019

Risk Management Cyber Artificial Security - MyAssignmenthelp.com

Question: Discuss about the Risk Management Cyber Artificial Security. Answer: Introduction: There are a number of risk that is associated with the use of the various information technology software. There should be proper security to the threats posed by the usage of information technology. There are a number of ways by which the It security risks can be overcome. The various methods are cyber security, cloud security, internet of things and many such technologies. With the risks updating with the passage of time, the risk management has to advance to cope with the risks (Rid Buchanan, 2015). Maintaining, updating and monitoring of the risks regularly is of prime importance in order to get rid of the risks. The risks of IT reduce the productivity of the company and puts on a negative impact. Such risks are responsible for the destruction of a well-established business. The report discusses about the use of cyber security in order to protect the data from breach. Cyber security is one of the advanced technologies that is developed in the recent years to protect the data of an organization. Cyber security not only puts forward any particular technology but it is a group of technologies that are brought together to provide a solution (Genge, Haller Kiss, 2017). The cyber security is not only responsible for the management of data risk but also it handles network errors and is also responsible for protection of the hardware. Cyber security protects the programs that are executed. The software is the integral part of the work of all the sectors and the chance of threat is the most in this area. There are various forms of threats that are managed by the help of cyber security. The various risks may arise in the field of applications, or information. Operation security and network security are the other major sectors where there is major use of cyber security. Discussion: Threats And Solutions To The Threats By Use Of Cyber Security: Application Security: The first threat that is present and may be overcome by cyber security is the application threat. Applications are used more frequently nowadays. Applications are accessed over the networks and the use of applications have increased in the previous years. Hence, the hackers look forward to attack the application to get into the host server. This will allow the unauthorized access to data. The important data may be modified or may be deleted. Often, these data are important for the organization. It may so happen that the unauthorized user may get access to the other sensitive files (He, Tian Shen, 2015). These sensitive files may involve the planning of the company, the deals it is looking to conduct in the coming years. Often, the rival companies gets access of the important quotes that the company is looking to set in its next order. Such continuous attacks may be conducted without even the knowledge of the organization. Such attacks may result in the closing down of the organizati on. The threat of application software can be overcome by the use of cyber security. The primary purpose of the cyber security may be the use of application firewall (Gol Shah, 2015). Setting up an application firewall limits the information or the data that a person can view. The use of an application firewall does not allow a person to access any of the confidential information by any means (Giffin, 2017). The application does not show information beyond the allowed limit. For instance, in the website of Gigantic Corporation or the application only those information of the company is available that should be available. Many of the business stakeholders before dealing with the organization use the application as a medium to fetch information about the organization. It is only after confirmation of the deal that the business firms dealing with Gigantic Corporations are provided with further information. There should also be an appropriate alert, which would convey a message if any intruder has tried to access the data. This is also possible with the help of cyber security technology. The use of various encryption programs and the use of spyware detection programs may be used to provide the alert. There can be a number of biometric authentication systems as well to recognize the intruder. The security of applications can be enhanced by regular monitoring of the application and how these applications affect the enterprise. Information Security: The valuable information about the organization should be preserved in a proper manner and prevented from outside threat. The threat may be digital information or non- digital information. The unauthorized parties often seek to obtain the information about the organization to gain profit. The information security process is responsible for the protection of the information by the help of the various business processes. The information security consist of a set of approach or tools and policies that are useful in the protection of data or prevent unauthorized access (Peltier, 2016). The application threat is a way of the information breach. Direct information breach may also take place in a non digital form by the casual attitude of employees who fall prey to the unauthorized parties while communicating and give away important information. At Gigantic Corporation, rigorous training is provided to the professionals who are responsible for communicating directly with the client. With th e help of cyber security alerts are set for the client dealing with the organization (Karyda Mitrou, 2016). Therefore, even if the passwords of the organization portal is passed on to any of the client it would not be possible for them to access the portal. The Gigantic Corporation follows the CIA approach to protect the information of the organization. The CIA approach corresponds Confidentiality, integrity and availability of the IT systems. This approach ensured that the sensitive information is only accessible by the authorized users and it is prevented from the unauthorized parties. The threats to the sensitive information comes in various forms which may include malware attacks and the phishing attacks (Gupta, 2017). The effect of information security in an organization is that the whole structure of the organization is saved when the sensitive information is protected. It has been evident from various number of organizations that the company was forced to shut down because i t failed to save its information. Therefore, all the organizations should look to protect the information for the smooth running of the organization. Network Security: The other major issue of risk lies in the manipulation of the network risks. Network security is the adoption of the various processes and policies that are adopted in order to protect the misuse of the networks of the computer of the organization (Khan Hasan, 2017). It may so happen that the unauthorized parties get access of the organization sensitive information or data by entering the network system of the organization. All the important data is sent over the network. There are a number of important business transactions that are made over network. Many of the unauthorized users as a result chose the network as a medium to carry out illegal activities. The malicious activity may be carried out by intruding illegally into the network while the transaction takes place. During the time of transaction intruding into the network would mean the organizations involved in the transactions would lose not only the money being transacted but also all the important data of both the organiza tions. Therefore, network threat is more dangerous from the point of view that both the organization would lose all the important information. In all the other cases, only one organization is involved in losing all the information but in network security both the ends will end up losing the important data. Network attacks can be of two types- the first being active where the intruder sends commands in order to disrupt the normal operation of the network. The second type of attack is passive where the intruder gets hold of the data that is being transferred through the network directly. The Gigantic Corporation in order to protect its network from being attacked has set up a firewall which only allows the registered user to join the network while blocking any other user who wish to join (Knapp Langill, 2014). A notification has to be approved by the organization if any user wants to join the network. The firewall is active even when transaction is not taking place over the network. At the same time Gigantic Corporation installs the same firewall in the network of all its clients, thus disallowing the entry of any unauthorized user from the other end as well. The use of cyber security has thus been helpful even in protecting the most dangerous form of cyber security threat. Operation Security: The operational security analyses a particular process and determines the areas which need to be controlled. The operational security also takes care of the information database. The management of the information and its protection has become an important aspect for the success of a private sector organization. Professionals are hired just to handle the security of the organization(Mancuso et al., 2014). The operation security is a five step process. The first process is the Identity critical information. The identity critical information is used to determine the data which would be harmful for the organization. The files which may be harmful for the organization has to be avoided. The data which may harm the organization include the personal files uploaded by the employees or the customers. The financial statements uploaded by the various partner organizations may affect the company. The next step to ensure proper operation security is to identify the sources, which have a possibility to harm the organization. The determination of these threats is the most important process in order to protect the same. Gigantic Corporation considers its rivals and the most common hackers are also taken into consideration and special protection is taken against these most probable attackers. The next step involves the analysis of the weak point of the security of the organization and improving it. The analysis of the areas which is open to attack. The organization ranks the risk of the various tasks and assess them accordingly. The more critical the threat the more important for the organization to assess it and provide some preventive measure as soon as possible. After identification of the risks and all the related information the appropriate measures need to be taken to safeguard the valuable information of the company. With the help of cyber security, the tasks of operation s ecurity can be carried out with ease. The operation security needs trained professionals for the purpose of handling operation security. In case an unsuitable person is allotted the job then the organization may face major drawbacks. The Gigantic Corporation makes the use of all the above strategies in order to get rid of the security issues. Only trained personnel are hired by the organization for the position of monitoring of the security issues. The organization spend ample amount of time to analyze any particular issue and follows all the five steps that are involved in the operational security. The Gigantic Corporation uses Cyber security as the tool to avoid the IT risk issues. Till date the organization has not faced any major issues with regards to security. All necessary firewalls and network systems have been set up by the organization. Literature Review: The report reviews the risk management is important in three sectors namely in the DNS servers, in the edge servers and the overlay networks. To protect the DNS it is most important first of all to deploy a huge number of name servers in a particular location. Otherwise the most common attack that takes place is the Denial of server attack(Dos attack)( Adi, Baig Hingston, 2017). In Dos the hacker floods the server with a number of request as a result of which the network cannot handle such a huge number of requests. As a result the new request from authorized users cannot be accessed. The unauthorized party may get hold of the network in such a case and the organizations may end up losing valuable information to the intruder (Gillman et al., 2015). The installation of large number of name servers will get rid of this issue. Not only there should be a good number of name servers available but also the processing speed should be quite high so that the processing of multiple request is possible. The numerous number of switches available due to the installation of the large number of ports balance the huge traffic by hashing source port. There should be firewalls present in the confidential applications of each organization in order to protect the DNS request of unauthorized users. The firewalls help to identify the unauthorized users and block the requests of these parties. The common strategy followed by the users is that the attackers keep coming back a number of times to attack. The attackers look for an idle time, when there is no watch on the particular website to carry out the attack. The attackers follow different strategies each time for carrying out the attack. The organizations should set up a proper system to identify the attackers. This can be done by keeping a track of the clients and only give access to its client. The other strategy is that the company can keep track of the previous visitors. The IP address can be checked and based on the behavior on the behavior in the past visits the user is either enabled access or denied. For instance, the CAPTCHA ensures that a person trying to access the data is not a robot (Gafni Nagar, 2016). Hence, it is sure that no program is being run to get hold of the access of the data or information. The organization should keep a secondary network that is the trusted network system through which a request should be passed. The origin server or the original server only interacts with the users which pass through the previous network system. The origin server may deny the users which are directly trying to communicate with it without passing the request through the primary network system. The primary servers act as an defense mechanism to protect the actual source from attack. The primary network system only allows those IP addresses to access the actual source which had no malicious activity in the past or are registered as legal. The advancement of cyber security technology is also necessary to tackle the new advancement in the threats. If update is not implemented on the previous technology then the hackers will easily be able to find a solution to attack the data of the organization. Implementation of cloud computing can be helpful in advancing the cyber security technology. The cloud computing technology provides a much more secure method for the prevention of data and information breach (Xu et al., 2015). Artificial intelligence is another method, which will make the securities stronger (Kasprick et al., 2016). Conclusion: Thus from the above report it can be concluded that there are various IT risks that is faced by the various organizations. There are various kinds of security management processes such as network management, operation management, information management. Out of these the network security is most important. The solutions of handling these risks is provided by cyber security. The various approaches of avoiding the risk of cyber security is provided in the report. The article that is referred to, shows the ways in which cyber security can be overcome. The various scenario of how Gigantic Corporation overcome the risk of data and information breach by the use of cyber security is also given. Recommendations: The number of IT threats can be reduced if not completely eliminated. The fight has been unending and the risks continue to advance with the passage of time. As a result the advancement of the technologies is also necessary. The advancement of the cyber security technology can be done. The Gigantic Corporation has planned to make use of the cloud services for the process of cyber security. With the help of cloud services and providing the private keys to the authorized customers the cyber security can reach a new level. The creation of snapshots, which also falls under the strategy of Gigantic Corporation is also very helpful in cyber security. The basic processes of cyber security involve the usage of trained personnel to handle the database of the company efficiently. Besides that, the organization can make proper use of the cyber security technology in identification of the possible sources of threats and rectifying them. Cyber security brings together a number of processes that m ay be used to block the potential threats and safeguard the hardware and the software components of the systems of the organization. The introduction of the firewalls of all the application of the system through which the attack may take place is a preventive measure. Another firewall should be introduced on both ends of in case a business transaction is conducted over a network. Artificial intelligence is another emerging area and introduction of the same in the field of cyber security can give a new perspective to the security field. It may post a blow to the hackers. The use of artificial intelligence will present an advantage of carrying out the security task faster as compared to when it is conducted manually. The same kind of threat may not require to perform the same rigorous task for numerous times. The same set of security program can be executed automatically to counter the attack. The automation security will not require someone to be present in person for monitoring the applications or the system for the occurrence of threat. The threat can be overcome as soon as the threat occurs. The Gigantic Corporation is eyeing the use of artificial intelligence to provide security to the applications that occur at frequent intervals. References: Adi, E., Baig, Z., Hingston, P. (2017). Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services.Journal of Network and Computer Applications,91, 1-13. Gafni, R., Nagar, I. (2016). CAPTCHASecurity affecting User Experience.Issues in Informing Science and Information Technology,13. Genge, B., Haller, P., Kiss, I. (2017). Cyber-security-aware network design of industrial control systems.IEEE Systems Journal,11(3), 1373-1384. Giffin, D., Levy, A., Stefan, D., Terei, D., Mazires, D., Mitchell, J., Russo, A. (2017). Hails: Protecting data privacy in untrusted web applications.Journal of Computer Security,25(4-5), 427-461. Gillman, D., Lin, Y., Maggs, B., Sitaraman, R. K. (2015). Protecting websites from attack with secure delivery networks.Computer,48(4), 26-34. Gol, D., Shah, N. (2015). Web Application security tool to identify the different Vulnerabilities using RUP model.International Journal of Emerging Trends in Electrical and Electronics (IJETEE),11(2). Gupta, B. B., Tewari, A., Jain, A. K., Agrawal, D. P. (2017). Fighting against phishing attacks: state of the art and future challenges.Neural Computing and Applications,28(12), 3629-3654. He, W., Tian, X., Shen, J. (2015). Examining Security Risks of Mobile Banking Applications through Blog Mining. InMAICS(pp. 103-108). Karyda, M., Mitrou, L. (2016). Data Breach Notification: Issues and Challenges for Security Management. InMCIS(p. 60). Kasprick, R., Hoffman, J., Straub, J., Kim, E. (2016). Cyber Security Artificial Intelligence Expert System. Khan, R., Hasan, M. (2017). Network threats, attacks and security measures: a review.International Journal,8(8). Knapp, E. D., Langill, J. T. (2014).Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress. Mancuso, V. F., Strang, A. J., Funke, G. J., Finomore, V. S. (2014, September). Human factors of cyber attacks: a framework for human-centered research. InProceedings of the Human Factors and Ergonomics Society Annual Meeting(Vol. 58, No. 1, pp. 437-441). Sage CA: Los Angeles, CA: SAGE Publications. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Rid, T., Buchanan, B. (2015). Attributing cyber attacks.Journal of Strategic Studies,38(1-2), 4-37. Xu, G., Yu, W., Chen, Z., Zhang, H., Moulema, P., Fu, X., Lu, C. (2015). A cloud computing based system for cyber security management.International Journal of Parallel, Emergent and Distributed Systems,30(1), 29-45.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.