Key Features of Cyber Security - Coursework Example

Cyber Security Table of Contents Introduction 3 Significant Cyber Security Vulnerability and Aassociated Threats in Mobile Computing 4 Physical Vulnerability 4 System Vulnerability 5 Network Access Vulnerability 6 The Threats Associated With Mobile Computing 7 The Policies And Procedures That Can Manage The Vulnerability And Threats In Mobile Computing 9 Effects Of Policies And Procedure On Customer Satisfaction 12 Conclusion 13 References 14 Introduction Cyber security can be defined as the process of ensuring protection of any computer related system, software based program along with data against unlawful use, transfer, disclosure, destruction or modification either deliberate or unintentional. Cyber attacks can emerge from the Internet, internal networks, and/or other public systems as well as private systems (Schaeffer, Chan, Chan, & Ogulnick, 2009). Mobile computing can be defined as a notion which relates to displaying, collecting along with transferring data from a mobile based device to any information system by utilizing a particular or a combination of varied data transfer methods. Portability is regarded as a key facet of mobile computing (International Association of Medical Science Educators, n.d.). This paper intends to provide a discussion about mobile computing. The discussion comprises recognizing the significant cybersecurity vulnerabilities and related threats associated with mobile computing for the users. The other aim of the study would be to describe the procedures and policies that can effectively facilitate to manage the level of associated risk. The affect on customer satisfaction due to the implementation of policies and procedures would also be evaluated. Significant Cyber Security Vulnerability and Aassociated Threats in Mobile Computing From the previous two eras the status and significance of laptops and notebooks have been increasing day-by-day. The sales of laptops, notebooks, tablet computer, smartphone, and personal digital assistants have increased in different countries as compared to the sales of desktops, which are going down increasingly because these devices provide the users an option of portability. The mobile computers such as tablet computer provide better facilities for storing the data in abundance than the desktops along with providing an option of portability. However, with the numerous benefits associated with mobile computing devices there raises certain critical vulnerabilities that require to be addressed. Mobile computing vulnerabilities can be classified into three major categories which are physical vulnerability, system vulnerability and network access vulnerability. A description of these vulnerabilities has been provided below: Physical Vulnerability Tablet computer, smartphones and notebooks among others are mobile devices which are taken by professionals and also different individuals when they are travelling or are used them at home. These devices or products can be lost or stolen anywhere. Physical vulnerability is associated with lots of discrepancies such as the loss of information and data which are important and the loss of hardware is also a vital element resulting in vulnerability. When laptops are kept open as well as unattended, physical vulnerability can occur as different relevant data becomes exposed to threat and network access can be done by others using the device. Thus, it is important for the system administrators to make the users aware of this mobile computing threat and to observe that the information which a user is receiving are kept safely without being exposed to others and the rooms should be locked when the users are not in touch with their belongings (Asllani & Ali, 2011). System Vulnerability Laptop or mobile computing systems are vulnerable like any other computing system in an organization. A review has been made recently on the vulnerability and it is recognized that the vulnerabilities can occur when the security patches and updates are missing, when the patches become obsolete or applied in a wrong way, the files can become corrupted due to virus as well as spyware threats as well. A remote laptop or smartphone can be more vulnerable due to fact that these devices are easily accessible. Consequently, system administrators should make a list of updates for antivirus programs, security patches and also other related security features. It is important for the users to track the list and appraise their systems as soon as possible after receiving any updates in the list related to cyber threat (Asllani & Ali, 2011). Network Access Vulnerability Network access vulnerability is also one of the important elements in case of exposure is concerned. In accessing networks, the use of local area network (LAN) and wireless local area network (WLAN) creates critical vulnerabilities for mobile computing. Laptops, notebooks, smartphones and tablet computers among others are used for accessing the Internet and file transfer protocol (FTP). These activities provide an atmosphere which is quite suitable for opening probable harmful file attachments and also increase critical vulnerabilities. Through WLAN it is possible for the unauthorized individuals to make use of the relevant data and produce a vulnerable atmosphere by accessing files which are important, hijacking sessions and also for sniffing purposes. WLAN is an important element which is used by both the organizations and general users. WLAN is principally liable for certain cyber attacks like spying, brute-force attack and defector access points among others. The administrators of the systems can report network access vulnerability through many courses of action. They can device and formulate the policies for accessing networks which requires changes in phases related to information during login and the procedure to read, write and delete those important information and data and avoid using them from open networks (Asllani & Ali, 2011). The Threats Associated With Mobile Computing The threats relating to mobile computing are as follows: Loss of Sensitive Data Loss of data is an important threat to an organization and also for an individual as a whole. Data such as contacts, important schedules and meeting dates among others can become known to the competitors of any organization. Moreover, different internal information if are leaked can create a problem for the company. Thus, it is required to safeguard the data on the mobile device (Ahmed, 2009). Device Loss or Theft Losing devices can create difficulties for an organization as different important data are stored in laptops and notebooks. It can hamper the growth of an organization, its productivity, schedules and presentations among others. Therefore, it is required to look into the matter and ascertain that the products are not been exposed to such vulnerabilities or theft (Ahmed, 2009). Unsupported or Unsigned Applications The applications which are not used for a very long time or has been used before a certain period should not be used prior to conducting security checks as they may contain viruses which can corrupt the other available files in mobile handsets and in laptops and notebooks (Ahmed, 2009). Intercepted or Corrupted Data In an organization where different transactions are taking place it is important to keep the data safely stored in mobile computing devices. However, it can be possible that an important data can be captured through internet by tapping phones lines or through microwave transmissions (Ahmed, 2009). Unauthorized Network Penetration Due to the fact that most of the mobile devices deliver a variation of network connectivity there is a possibility that they can be attacked with the use of computer viruses in particular. Nevertheless, the protected corporate systems can be attacked, as a result of which those who are acquiring the benefits from such attack the mobile devices may imitate the original user and can use the corporate network (Ahmed, 2009). Infection by Communication Routs between Mobile Porting Computing Devices Mischievous codes can be transferred by sharing different files using USB, infrared communication or communication in short length such as Bluetooth. Thus, it is required to observe that these devices are safely handled and stored (Asllani & Ali, 2011). Mobile Computing For Vulnerability and Also Threat to Judge Its Competence The vulnerability of mobile devices are observed to be quite apparent in the sense that it is required that the data which are stored in the devices are not been leaked from the organization so that it could be detrimental for the company. With regard to physical vulnerability aspect, it is recognized that there can be loss of hardware as well as loss of valuable data and information. In this case, the vulnerability or threat is low (Asllani & Ali, 2011). In the case of system vulnerability, it is recognized that mobile computing devices are vulnerable as if different important files are mishandled then those information which are important for an organization can create a threat towards its competitiveness sin the market. In fact, the files which become outdated due to virus corruption are of no use to the requirement of the organization as those files are needed to be viewed and remade in order to get them correct and to derive accurate information. It should also be seen that those information and processes are not been leaked out. This kind of vulnerability is observed to be quite high. In terms of network access vulnerability, it is observed that mobile computing devices are used for accessing the Internet and also for emails. For this purpose, LAN and WLAN are used. However, this network access can be quite critical and detrimental for especially an organization. Important and confidential information cannot be passed and given to others which would create panic in the organization such as occurrences of data hijack by passing relevant data would mean a harmful scenario for an organization which should not happen for the development of organization. As a result, the probability of occurrence of network access vulnerability is high level. It should be ascertained that these vulnerabilities are curtailed as far as possible through efficient monitoring of the system administrators and proper updating of the required software (Asllani & Ali, 2011). The Policies And Procedures That Can Manage The Vulnerability And Threats In Mobile Computing Organizations have different security considerations for the mobile devices which are useful for mitigating threats that are not directly imposed by the organization. It is the responsibility of the organization to educate the users on the prominence of these security measures. The policies and procedures are to be implemented by considering the aspect of organizational development which contains certain essential remedies. Initiation It is the primary phase in which it is needed to recognize the needs and to specify the necessities for the security as well as functionality of the mobile devices. This can be mitigated by certain required aspects such as the location of work, the compassion of work, the confidence level of workers in security problems, and what are the existing limitations in the technical departments among others (Scarfone & Souppaya, 2012). Development After an organization has produced a security policy for mobile devices and identified the needs for mobile devices along with accomplishing other preparation activities, the next step lies here to regulate which type of technologies are to be used for the mobile devices. Architecture Architecture designing includes the choice of mobile device management server and the software for clients along with placing the mobile device management server and other centralized elements on appropriate places (Scarfone & Souppaya, 2012). Authentication Authentication is a process through which a user uses a selected method to determine the procedures which are applicable for supplying and rearranging authenticators to collaborate with provisioning users for devices (Scarfone & Souppaya, 2012). Cryptography Cryptography decisions comprise choosing the algorithms for encryption and protecting the integrity of mobile devices as well as locating the strengths of the algorithms which could support the key lengths (Scarfone & Souppaya, 2012). Configuration Requirements Configuration requirements include locating the minimum standards for security of mobile devices like ‘host hardening measures’ and leveling the patches along with identifying the security controls that are needed and should be implemented in the mobile devices (Scarfone & Souppaya, 2012). Application Vetting and Certification Requirements This involves performances, securities and requirements which are necessary for the applications. It also enables to decide the process to demonstrate the proof of compliance with additional requirements which is necessary and should be done. The aspect of security for solving the problems of mobile devices is required to be documented in the same plan for getting a proper solution and also difficult solutions can be handled effectively at the same time (Scarfone & Souppaya, 2012). Implementation In the Implementation phase, the steps which are taken for solving the problems of mobile devices are connectivity, protection, authentication, application and management. Performance of the mobile devices, logging of the devices, security for the implementation of the solution for the problems of the mobile devices are required to be assessed in the implementation phase. Moreover, it is required to review carefully the default values for the mobile devices settings and alteration should be done in settings if needed (Scarfone & Souppaya, 2012). Operations and Maintenance It is also needed for mobile devices which can be useful for its security. Proper maintenance through software updates can enable to provide greater security to the devices (Scarfone & Souppaya, 2012). Disposal It is also an important procedure for the mobile devices in particular as when the devices are outdated or discarded, it is required to delete all the data which are very delicate from the storage devices before leaving any organization or anywhere as a whole (Scarfone & Souppaya, 2012). Effects Of Policies And Procedure On Customer Satisfaction The effects of policies and procedures which are initiated with regard to mobile computing devices can provide significant benefits to a customer. It can also facilitate the customers to access the mobile devices securely without being concerned about the prevailing vulnerabilities or threats (Nowacki, 2003). The policies and procedures can enable the customers to be aware of the possible threats they can face while using their devices for transaction of information. The customers can also become aware of the possible security threats they can face in relation to the activities they perform by using mobile computing devices (Uddin & Akhter, 2012). Conclusion Cyber security has become a critical aspect for any kind of user using mobile computing devices. It is also required to ensure that the valuable data or information is not leaked. Certain policies and procedures are also required to be maintained in order to prevent security threats in the mobile computing devices. Protection of users from recognized vulnerabilities and threats is an important element in order to ensure efficient utilization of mobile computing devices in the long run. References Asllani, A., & Ali, A. (2011). Addressing vulnerability of mobile computing. Retrieved from http://www.scribd.com/doc/52651825/Addressing-Vulnerability-of-Mobile-Computing-A-Managerial-Perspective Ahmed, M. H. (2009). Threats to mobile phone users’ privacy. Retrieved from http://www.engr.mun.ca/~mhahmed/privacy/mobile_phone_privacy_report.pdf International Association of Medical Science Educators. (n.d.). A definition of mobile computing. Retrieved from http://www.iamse.org/conf/conf6/proceedings/jackson_slides.pdf Nowacki, G. (2003). IMS: customer satisfaction. United Kingdom: BSI British Standards Institution. Souppaya, M., & Scarfone, K. (2012). Guidelines for managing and securing mobile devices in the enterprise (draft). Retrieved from http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf Schaeffer, B. S., Chan, H., Chan, H., & Ogulnick, S. (2009). Cyber crime and cyber security: a white paper for franchisors, licensors, and others. Retrieved from http://business.cch.com/franlaw/cybercrime_whitepaper.pdf Uddin, M. B., & Akhter, B. (2012). Customer satisfaction in mobile phone services in Bangladesh: a survey research. Retrieved from http://www.mnmk.ro/documents/2012-first/2_15_1_12_FFF.pdf Read More