Discuss about the Information Security Policy for Wireless Devices.
The study has helped in understanding the landscape report of ENISA for the year 2014. The analysis has been divided into ten sections with each part consisting of the importance of security in information system. The report has explained the different important features of security infrastructure for ENISA.
The provided case study is about ENISA which is an acronym for European Union Agency for Network and Information Security. The ENISA organization has been built with the intention for improvement of the network security (ENISA Threat Landscape 2014 — ENISA, 2016). The informatics of European Unions and its private sector, members and European citizen have to keep the data and information about the states secured from any immediate or long term threats (Bora & Singh, 2013). The primary concept for the security of the information and data collected has been resulted due to the Threat landscape report generated by ENISA in 2014 (Louis Marinos, 2013). The report contains the development and growth of the cyber threats to the information stored. There have been many international cases for lack of security threat from the information stored over the government database of Europe union.
There have been major changes in the functionality of the threats that have resulted in increasing the major complexities of the attack. There have been approaches for resolving the threat for the information system such as implementation of the law operations for operations and international security vendors (Louis Marinos, 2013). All these options would be helpful in minimizing the threat of the cyber attacks on the information system. The case study has provided the overview of various threats and their emergence and extents such as email spam, information misuse and leakage, cyber espionage and bonnets (Bora & Singh, 2013). The duration for cumulating of the report was from the 2013 December to 2014 December (almost a year) (ENISA Threat Landscape 2014 — ENISA, 2016). The attackers and the cyber criminals have targeted the private and confidential data of the individuals and the state. The report would highlight these issues in details to the developer and specialists of information security experts of cyber threats.
Figure 1: Network Security Infrastructure Framework
(Source: Created by the author)
Diagrams for explaining Strategies of Cyber Securities of ENISA
The following figure could help in understanding the strategies for security of the information from internal threats:
.
Figure 2: Strategies for Dealing with internal cyber-threat
(Source: Created by the author)
The description of the strategies made for dealing with the information security threats are provided below:
Visual security options: the internal threats of the information system can be easily managed if proper visual security is established (Peltier, 2016). The control over the primary threats has helped the system to identify the formation of general threats to the system. The technological development is just one part of the system problem, there are many other ways by which there are options for cyber hacking into the system.
User generated reports: the user generated report is crucial for understanding the extent to which the information system may be hampered by cyber attacks (Bryan, 2013). The detailed description of any attack and it consequences are always made from the help of user generated report or log on the attacked information system. The user generated reports would act as a risk assessment for the threats of information system.
Formation of better identity security: The probabilities of information security lax can be minimized by the assessment of risk factors in information security (Von Solms & Van Niekerk, 2013). The chances of the information being leaked or theft can be reduced by the implementation of better security options. Each of the threat or breaches can be recognized for solving the problems that has been occurred due to the threats of the system.
Surveillance of information system: it has been seen that there are number of information databases available (Ogut, 2013). These databases consist of different types of information. The threat or risk for the information can be defined with the types of database used for storing the information. The information stored over can be relevant for intellectual, financial, transaction based, or of unknown type. The surveillance of the information database type would help in understanding the risk and threat related to the information system.
Analysis: Identity theft can be defined as the way by which one person or network or tool disguise as the authorizing party in the system or network (Reyns, 2013). In information system, a user is generally the authority provider. The authority provider generally assigns any password or question for getting whether to authorize or authenticate the user for accessing the information system or not. In all the cases provided in the report by ENISA, there have been mentioned various threats such as malicious code (Worms/Trojan), botnets, DNS, spam, phishing, identity theft, data breaches etc. Among these threats, Identity theft is the most significant one as it involves impersonating the authorizing body/user for extracting information from the system (Kahn & Linares-Zegarra, 2015). This type of cyberattack has been primarily used for collecting private and confidential information and data.
Justification: Identity theft is responsible for stealing of credentials, financial information, and personal profile, information about credit card, access codes, and technical identification of individual. Identity theft can also result in data breach and information leakage (Holtfreter et al., 2015). There have been numerous occasions when identity theft has led to the misuse of information system and data stored. The ENISA report has stated that over 50% of the people has already suffered from the identity theft. The victims have been facing these troubles due to the lack of the security measures in their information system. The information system requires proper authentication process for making sure that the information is well protected (Kahn & Linares-Zegarra, 2015). The hackers and cyber criminals utilize the weak security of the information system for getting, fetching or extracting the information from the database.
As stated in the report of ENISA, there are numerous threat agents that are found in the cyber activities. Some of them hold high distinct in disrupting the social, financial and national security. They are Cyber Criminals, Cyber terrorists, Social account hackers, and online transaction frauds (Kirsch et al., 2013). Cyber criminals are pros who actively harm the society by illegal activities such as blackmailing someone or sending viruses on different networks and computerized systems. Cyber terrorists are much harmful for people’s lives and national security. They are involved by terrorist groups for disabling national security or getting inside information about the nation, army, air force or navy. Social account hackers are the people who get into the social accounts of people and do activities such as information theft, spamming the account or unwanted posting on the account (Fellner, Sausgruber & Traxler, 2013). Online transaction frauds are basically the frauds who hacks the bank accounts or do online credit card expenses from someone else’ information.
The online frauds can be minimized by following some steps such as:
Two step authentication process- The security of the password in not enough to stop the cyber thieves from getting into one’s account for extracting the information (Peltier, 2016). There are various tools for hacking into the account. However, if two step verification or authentication process is used, it is possible for minimizing the threat of hackers or cyber criminals.
Antivirus and Firewall- Antivirus is very useful for detecting any unusual activity on the system (Bryan, 2013). It would forbid any third party for getting into the account. Firewall is the best solution for protecting the network hacking.
Article: “You need to update your iPhone RIGHT NOW or run the risk of a devastating hack attack”
Sourced from: (The Sun, 2016)
Available at: https://www.thesun.co.uk/news/1677166/you-need-to-update-your-iphone-right-now-because-something-terrifying-has-happened/
The article has shown the issue of the cyber espionage for the apple users. The Apple Inc. has come to know that many hackers are using cyber espionage for hacking the security of I-phone and I-pad users (Brown, 2016). The cyber security team of Apple Inc. has found out that there have been some cases of hacking in the apple devices and they have termed it to be the most sophisticated and advanced technical attack on devices they have ever faced. One click on the link sent via mail or message and the device will get hacked for drainage or extraction of information (Apple issues urgent alert to update your iPhone, iPad, 2016). The security of the device would be compromised and the device would transmit all the data and information to the spammer.
The company had identified the vulnerabilities of the current system of Apple devices with the help of Lookout (Brown, 2016). Mike Murray of lookout had stated that the information such as phone call, message, contacts, images, documents all could be transferred using the spamming mail. The social hacking has resulted in disrupting the financial stability of Apple Inc. The company had to form security policies for checking the issues with the system threats. It had caused the company with loss from financial point of view and also from the market name. The brand image of the company had also suffered from loss due to this spamming security threat (Apple issues urgent alert to update your iPhone, iPad, 2016). The other issues Apple Inc has to face due to the cyber espionage are information loss, privacy compromising and reputation distorting.
Figure 3: Trends in the threat probabilities
(Source: Eldardiry et al., 2013, pp.-50)
The trends of threat probabilities have been shown in the figure above and their respective changes are also been shown. The explanation of the major threats is been discussed below:
Malicious codes (Trojans and worms): In the ENISA report, the malicious codes such as Trojans and worms have increased their impact on the system security (Eskandari & Hashemi, 2012). The use of such malware attacks have increased extensively over the passage of year.
Identity theft: Identity theft is the way by which the identity of the authorizing party is faked for getting in the system or network (Navarro & Jasinski, 2014). The identity theft cyber attack has been primarily used for collecting private and confidential information and data.
Botnets: There has been increase in the number of the attacks using Botnets. In this type of attack, the networks of computer systems are being infected using some malicious software (Alomari et al., 2012). The computer system is controlled by the hackers and it is used for sending information and spam without the consent of the owner/user.
Denial of Service (DOS): The report of ENISA has shown that there has been rise in the number of the DOS attacks on the information system. The hackers and cyber criminals create a chain of queries using loop feature (Alomari et al., 2012). The system would get continuous flow of fake queries and hence when the user generates any query, the query is not followed up as the system is busy. It is termed as denial of service.
Data breach and Information leakage: The data breach is a result of security lax and advanced technological development for hacking methods (Navarro & Jasinski, 2014). The data breach has been initiated with the prospect of information theft and data leakage. The system would be hacked into after bypassing the security of the information system. The sensitive, protected and confidential information would be extracted from the information system for personal gain.
ETL is the process of the extraction data from the source data ware housing, transformation of the data with the queries generated and load ensures that the process is correctly done for acquiring the desired result (Bhide, Mittapalli & Padmanabhan, 2016). It is a straight forward process. However, there are chances that the process may fail. Hence some suggestions are pointed out below for improving the ETL process:
Incremental data loading: The data and the modifications of the system must be loaded in an incremental way for ensuring the data consistency (Oliveira & Belo, 2016). If instead of compiling the whole list of data only the alterations are complied, it would reduce the changes of redundancy in the information system.
Implementation of Bottleneck tackling: The process has been formed with long and heavy procedures for data compilation (Akbar, Krishna & Reddy, 2013). The attenuation of log metrics and evaluation of the processes with the span of time would help in developing the solution of bottleneck issue by jumping to the actual code.
Data Caching: There is ample amount of the data stored in the information system (Oliveira & Belo, 2016). The cache system would help in increasing the pace of the information processing. The memory of the information data base would also be saved if caching is allowed.
Minimization of load: The load of data such as long tables and extraneous data must be reduced for making the process effective and efficient. The large tables of the databases must be decreased in size by using the partition feature (Bhide, Mittapalli & Padmanabhan, 2016). It would help in easy identification and extraction of the information when needed. The data must be collected and unnecessary data must be omitted from the data base.
The following figure has shown some of the most dangerous threats for the information system:
Figure 4: Emerging threats and their trends on computerized system
(Source: Akbar, Krishna & Reddy, 2013, pp.- 197)
There are a number of crucial emerging threats to the information system security and some of them are DOS attack, malicious codes, web applications, physical theft, data loss, phishing, information leakage, cyber espionage, and data breaches (Zhang et al., 2016). All these attacks would result in harming the overall security of the information system. However among these emerging threats, the impact of malicious codes is very crucial on the information system security. The malicious codes have a number of impacts on the information system security such as:
The security protocols of UNISA are not satisfactory. There has been improvement of the information system security and it has helped in dealing with the information system security (Morris, Vaughn & Sitnikova, 2013). The security policies of UNISA consist of identification of threats, knowledge of internal security threats, identifying the data and information system breaches, risk assessment for the emerging threats, and even analyzing of physical threats to the information system. All these policies have helped in securing the information system of UNISA.
However the threats of DOS, malicious threats and identity theft are still on large for their system. The Denial of Service, identity theft and malicious codes are still available for disturbing the security and integrity of the information system (Glasser & Taneja, 2014). UNISA still have to deal with issues from these emerging threats for forming a secured information system. Malicious codes have been used for disturbing the processes of the information system and getting the private and confidential information using the identity theft. DNS is just used for ceasing the activities by overflowing the system with loops of fake queries.
Conclusion
Hence UNISA has to develop new policies for meeting the growth and development of the emerging technological threats to the information system. The authentication using two step verification processes would help in reducing the probabilities of the identity theft. IDS or IPS would help in detecting and preventing any intrusion in the system (Liao et al., 2013). The antivirus and firewall security would help in preventing malicious codes in information system.
References
Akbar, K., Krishna, S. M., & Reddy, T. V. S. (2013). ETL process modeling in DWH using enhanced quality techniques. International Journal of Database Theory & Application, 6(4), 179-197.
Alazab, M. (2015). Profiling and classifying the behavior of malicious codes.Journal of Systems and Software, 100, 91-102.
Alomari, E., Manickam, S., Gupta, B. B., Karuppayah, S., & Alfaris, R. (2012). Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:1208.0403.
Apple issues urgent alert to update your iPhone, iPad. (2016). ABC7 New York. Retrieved 20 September 2016, from https://abc7ny.com/business/apple-issues-urgent-alert-to-update-your-iphone-ipad/1486196/
Bhide, M. A., Mittapalli, S. K., & Padmanabhan, S. (2016). U.S. Patent No. 9,311,368. Washington, DC: U.S. Patent and Trademark Office.
Bora, M. S., & Singh, A. (2013). Cyber Threats and Security for Wireless Devices. Journal of Environmental Science, Computer Science and Engineering & Technology (JECET), 2, 277-284.
Brown, A. (2016). Apple issues URGENT iPhone update after attempted hack using ‘most sophisticated spyware’ .Express.co.uk. Retrieved 20 September 2016, from https://www.express.co.uk/life-style/science-technology/704148/iPhone-iOS-9-3-5-Update-Now-Cyber-Espionage-Hack
Bryan, L. L. (2013). Effective strategies for small business leadership in information security: An ex post facto study (Doctoral dissertation, UNIVERSITY OF PHOENIX).
Eldardiry, H., Bart, E., Liu, J., Hanley, J., Price, B., & Brdiczka, O. (2013, May). Multi-domain information fusion for insider threat detection. In Security and Privacy Workshops (SPW), 2013 IEEE (pp. 45-51). IEEE.
ENISA Threat Landscape 2014 — ENISA. (2016). Enisa.europa.eu. Retrieved 20 September 2016, from https://www.enisa.europa.eu/publications/enisa-threat-landscape-2014
Eskandari, M., & Hashemi, S. (2012). A graph mining approach for detecting unknown malwares. Journal of Visual Languages & Computing, 23(3), 154-162.
Fellner, G., Sausgruber, R., & Traxler, C. (2013). Testing enforcement strategies in the field: Threat, moral appeal and social information. Journal of the European Economic Association, 11(3), 634-660.
Glasser, D., & Taneja, A. (2014). A Routine Activity Theory-Based Framework for Combating Cybercrime. Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance, 398.
Holtfreter, K., Reisig, M. D., Pratt, T. C., & Holtfreter, R. E. (2015). Risky remote purchasing and identity theft victimization among older Internet users. Psychology, Crime & Law, 21(7), 681-698.
Kahn, C. M., & Linares-Zegarra, J. M. (2015). Identity theft and consumer payment choice: Does security really matter?. Journal of Financial Services Research, 1-39.
Kirsch, J., Siltanen, C., Zhou, Q., Revzin, A., & Simonian, A. (2013). Biosensor technology: recent advances in threat agent detection and medicine. Chemical Society Reviews, 42(22), 8733-8768.
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.
Louis Marinos, E. N. I. S. A. (2013). ENISA Threat Landscape 2013.European Network and Information Security Agency.
Morris, T. H., Vaughn, R. B., & Sitnikova, E. (2013, January). Advances in the protection of critical infrastructure by improvement in industrial control system security. In Proceedings of the Eleventh Australasian Information Security Conference-Volume 138 (pp. 67-73). Australian Computer Society, Inc..
Navarro, J. N., & Jasinski, J. L. (2014). Identity theft and social networks.Social networking as a criminal enterprise, 69.
Ogut, H. (2013). The configuration and detection strategies for information security systems. Computers & Mathematics with Applications, 65(9), 1234-1253.
Oliveira, B., & Belo, O. (2016). On the specification of extract, transform, and load patterns behavior: A domainâ€Âspecific language approach. Expert Systems.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Reyns, B. W. (2013). Online routines and identity theft victimization further expanding routine activity theory beyond direct-contact offenses. Journal of Research in Crime and Delinquency, 50(2), 216-238.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
You need to update your iPhone RIGHT NOW or run the risk of a devastating hack attack. (2016). The Sun. Retrieved 20 September 2016, from https://www.thesun.co.uk/news/1677166/you-need-to-update-your-iphone-right-now-because-something-terrifying-has-happened/
Zhang, H., Cheng, P., Shi, L., & Chen, J. (2016). Optimal DoS attack scheduling in wireless networked control system. IEEE Transactions on Control Systems Technology, 24(3), 843-852.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download