StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Technological Evaluation and Recommendation - Research Paper Example

Cite this document
Summary
"Technological Evaluation and Recommendation" paper identifies ways through which issues of data leaks can be addressed in order to avoid exposure to financial losses and damages to reputation. This paper addresses care where data leaks were caused by peer-to-peer sharing of files. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.8% of users find it useful
Technological Evaluation and Recommendation
Read Text Preview

Extract of sample "Technological Evaluation and Recommendation"

? Technological Evaluation and Recommendation Executive Summary This paper focuses on evaluating and identifying ways through which issues of data leaks can be addressed in order to avoid exposure to financial looses and damages of reputation. This paper will address a care where data leaks were caused by peer-to-pear sharing of files, through application that are installed in an employee’s computer. The paper will entail a matrix section which will focus on categorizing and assessing the risks related with data leaks, and three technology based solution will be provided and discussed as effective protection measures. In the matrix the technology based solutions will be identified to address three identified risk, which include loss of confidentiality, loss of intellectual property, and loss of customer data that results from data leaks. The candidate technology solution will be identified and the way these technologies works, thereby determining whether their effectiveness is high, medium, or low; this matrix will present a comparison of various capabilities and weaknesses of the candidate technology-based solution. Besides, the paper will also make a recommendation for the best fit technology-based solution for solving and mitigating the problem cause by data leaks. Nevertheless, the main focus of this paper is to provide assessment of the risks that are associated with collection, processing, and storage of confidential client’s information. The paper will explore the risk associate with data leaks and their impact on the organization; for instance, there are different forms of communication that have been utilized in an organization such as instance messaging or peer to peer, and they surpass the conventional email. Therefore, this is presenting a chance for data leaks, which is either internal or external to the organization. Apparently, this calls for a discussion, which is aimed at addressing implications to organizations from various perspectives. In this case, presenting a threat and related risk can set a pace for identifying the possible detection and mitigation solution for the problems. Data leaks have a significantly broad scope; in fact, it is a problem that cannot be constrained to emails and web. There are numerous reported cases of data loss through devices such as laptops theft, hackers, and back-up tapes that are lost or stolen (Heck, 2006). However, there are ways through which these increasing threats arising from data leaks can be addressed through messaging, social engineering, and malicious hacks. Furthermore, various products have been developed by different manufacturers aimed at decreasing cases of data leakage, though they fail to address other vectors (Heck, 2006). Data leakage are defined as unauthorized broadcast of data or information from an organization to another target or recipient, which may either be electronic or physically. Apparently, data leakage is regarded tantamount to information leakage, through there is need to realize that the term unauthorized in does not indicate that the transmission was intentional or malicious; besides, unintentional or inadvertent data leakages are also considered unauthorized. 1. Internal threats Data security breaches emanate from within the organization; this amount to 52% internal leaks compared to 48% external leaks caused by hackers; examination of the internal breaches indicates that the level of malicious intention to leak data is significantly low. However, the outcome of this is making the level of unintentional data breach to be significantly high. On the other hand, there is a deconstruction of 46% caused by oversight by employees and another 50%, which is caused by inappropriate business processes. 1.1. Intentional Internal Data Leakage or sabotage The principal threat posed by data leakage emanating from within the organization is attributed to unintended actions (Bayan, 2004). On the other hand, a significant risk is imposed on the organization due to intentional unauthorized release of information or data by employees within the organization. Internal leads for data can either be many or a few based on the mediums, which include, remote access, instant messaging, email, and webmail. In some other cases, these leaks are caused by peer-to-peer file transfer protocol. 1.2. Unintentional Internal Data Leakage On the other hand, employees’ oversight or engagement into inappropriate business processes may lead to a significant data security breach. In fact, this presents a significant challenge for the business, which becomes a solution to these problems, and it requires deployment of a secure system for content management (Bayan, 2004). However, this calls for a need to undertake examination and re-engineering of business processes in order to facilitate implementation of security measures. 2. Internal Data Leakage Vectors 2.1. Instant Messaging / Peer-to-peer Instant messaging services are offered to numerous employees in various organizations, whereby they care able to communicate from their workstations using their laptops and other electronic devices. Instant messaging services are offered through various clients, which include, MSN Messenger, GoogleTalk, Skype, and AOL (James, 2007). These clients offer additional services through capability of file transfer for the clients. In this case, this makes it simple for individuals to disseminate confidential information such as excel filed, which might be containing sensitive pricing or financial information. In addition, this information can be accessed by third parties through employees can utilize or divulge confidential data during the chat session offered by instant messaging. Peer-to peer, which is also refered to as (P2P) poses a significant threat on confidentiality of data, intellectual property, and customer data (James, 2007). Some of the popular clients that offer P2P services include eDonkey and BitTorrent; in fact, the latter has acquired a P2P traffic share of 50 to 75% in the world (James, 2007). BitTorrent has recently been considered a national security threat after an assessment of peer-to-peer networks for confidential and sensitive data (James, 2007). For instance, there was a case where more than two hundred documents containing classified information were obtained from a scan of P2P networks for some few hours. Matrix: Technology Evaluation and Recommendation What Is the Risk or Vulnerability? What Needs to Be Protected? (e.g., passwords, data, file backups, system registry) Candidate Technology Solution How the Technology Solution Works Effectiveness (High, Medium, Low)  Loss of Confidentiality  Confidential information Application Proxy Firewalls  This technology involves use of inspection firewalls, which assess traffic at Transport or Network layer by allowing it to pass through or block it through a set of rules. These rules are set to examine packet headers that ensure satisfaction of condition rules. Nevertheless, these forms of firewall assess the payload.  High  Loss of Intellectual property  Intellectual property Employee Internet Management / Web Filtering  This involves deployment of solutions, which aimed at monitoring web sites that are visited by users and block access based on certain requirement; this permitted the organization to pose restrictions to web mail sites, Blogging sites and Phishing sites. Some of these solutions are offered by various vendors such as WebSense, Secure Computing, and Marshal.  Medium  Loss of Customer data  Customer data Reducing leakage via CD or DVD  An organization can formulate a policy, which prohibits copying of customer data onto CD or DVDs, and provide a system that does not support devices. However, there are challenges presented by laptops since supplies offer DVD writers in the present days. On the other hand, a Standard Operating Environment can be implemented to solve the problem, whereby an organization can get lid of burning media in their systems. They can also monitor their systems to avoid or reduce unauthorized installation of software use for burning by users.  Low Recommendations Application Proxy Firewalls is highly recommended for its function of stripping down traffic and reassembling it in order to analyze behaviors. Apparently, most of the data leaks occur through the internet; thus, Application Proxy Firewalls allows data to be disseminated only to locations that are acceptable (Ranum, 2007). Nevertheless, this requires understanding of several protocols by the Application Proxy Firewalls, which are based on RFCs, all application that fail to comply with anticipated behaviors are stopped. This occurs by disconnection from the source and another appropriate connection may be established, if it is necessary (Ranum, 2007). References James, C. (2007). P2P slammed as 'new national security risk. CRN Australia. Retrieved 7 September from: http://www.crn.com.au/story.aspx?CIID=88195 Bayan, R. (2004). Simple strategies to stop data leakage. TechRepublic. Retrieved 7 September from: http://articles.techrepublic.com.com/5100-10878_11- 5293877.html Heck, M. (2006). Guard Your Data Against Insider Threats. InfoWorld. Retrieved 7 September from: http://www.infoworld.com/article/06/01/13/73680_03TCdataleak_1. html Ranum, M. (2007). White Paper: Dude, You Say I Need an Application Layer Firewall? Secure Computing. Web. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Individual Project: Technological Evaluation & Recommendation Research Paper”, n.d.)
Individual Project: Technological Evaluation & Recommendation Research Paper. Retrieved from https://studentshare.org/information-technology/1485452-individual-project-technological-evaluation
(Individual Project: Technological Evaluation & Recommendation Research Paper)
Individual Project: Technological Evaluation & Recommendation Research Paper. https://studentshare.org/information-technology/1485452-individual-project-technological-evaluation.
“Individual Project: Technological Evaluation & Recommendation Research Paper”, n.d. https://studentshare.org/information-technology/1485452-individual-project-technological-evaluation.
  • Cited: 0 times

CHECK THESE SAMPLES OF Technological Evaluation and Recommendation

Evaluation methods for the proposed IAMS framework, model, and system

The appropriate evaluation method should reveal the most appropriate elements that would provide user opinions for an acceptable integration model for the physical and virtual identity management systems.... The evaluation methods should have the capacity to test the components that constitute the conceptual model, so that the final model merges seamlessly with user expectations and usability preferences.... What the evaluation Methods Should Achieve The appropriate evaluation method should reveal the most appropriate elements that would provide user opinions for an acceptable integration model for the physical and virtual identity management systems....
11 Pages (2750 words) Thesis

Quality Management and Accountability

Managing changes within an organization require that the administration and its teams should sit down together and conduct an evaluation of hospital operation and organisational functions (Weeks, Helms, & Ettkin, 1995).... There should also performance evaluation among employees.... Such evaluation will assess how the human resources work viz-a-viz its goals and how the management function to complete its program effectively (Weeks, Helms, & Ettkin, 1995)....
3 Pages (750 words) Essay

Stock Evaluation of Pfizer Inc

The paper "Stock evaluation of Pfizer Inc" reports the company's stocks are traded on New York Stock Exchange and it forms one of the companies in the Dow Jones Industrial Average, and the S&P 500.... technological DevelopmentsIn the pharmaceutical industry, drug patenting and drug licensing are apparently viewed as a gauge for measuring innovation in Research and Development conducted by a company....
10 Pages (2500 words) Assignment

Project Involving the Evaluation of a Website

First, will be the introduction of the website in regards to the 7Cs of website evaluation.... It is essential that evaluation of website meets the standard criteria.... evaluation is a process of assessing the subject in accordance to set of rules that are applicable.... valuating IKKS website involve assessment of the website in regard to e-business evaluation criteria.... IKKS evaluation involves the assessments of context, content, community, customization, communication, connection and commerce....
16 Pages (4000 words) Coursework

Evaluation of Learner Performance

imilarly, approaches to evaluation and even associated models are covered in depth.... The reporter states that evaluation plays a vital role in models of instruction.... evaluation methodologies and tools help to determine general effective of instruction methods.... Part of this explanation inclines on the fact that the evaluation in itself is a complex activity.... The purposes entail the evaluation of instructional materials, student learning, the return of investment, transfer of training and many other factors....
4 Pages (1000 words) Assignment

Capital Budgeting and Financial Calculations

The study is conducted to analyze the implications of the project and their impact on human resource (HR) (Law, 200resourcesimplications of the project include capital budgeting calculations to choose the profitable project, evaluation of the chosen project, ethical considerations, and relating an HR function model with the chosen project....
12 Pages (3000 words) Essay

Capital Budgeting: Working Computers Inc

On the basis of the above principles of finance, the following is an analysis and evaluation of the financial performance of Working Computers, Inc.... Every organization needs to understand their performance on the basis of the identified principles of finance1.... Principles of finance in most cases provide a basis or benchmark upon which organizations....
16 Pages (4000 words) Essay

Digital Business Design & innovation - Theosophical Society Bookstore and Readers Feast Bookstore

he part of your business our recommendation addresses is to display the current system working for customers.... onitoring and evaluation ... The main purpose of the report is to introduce new technological measures.... The main purpose of the report is to introduce new technological measures.... The main purpose of the report is to introduce new technological measures as a paradigm shift from the current manual system in your Theosophical Society Bookstore regarding its competitor Readers Feast Bookstore....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us