StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security in Computing - Assignment Example

Cite this document
Summary
The paper 'Security in Computing'  tells that sophisticated growth of Smartphone technology has come up both with benefits and demerits which compromise information security. In essence most hacking occurs as a result of employee negligence in using their handheld devices…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.2% of users find it useful

Extract of sample "Security in Computing"

Heading: Security in computing Your name: Course name: Professors’ name: Date Questions 1 Selection of article This evaluation intends to evaluate the criterion from the security article ITSEC (Information Technology Security Evaluation Criteria) from IWS, TCS (Trusted Computer Systems) and NATO information security IA. The evaluation of security threat is meant to create the assurance to the company that issues related to security breach are handled conclusively and effectively (NATO IA, 2011). This creates confidence to the assets owners but also forms baseline for designing countermeasures to check, identify and recover information in case there is a breach or attack both internally or externally. The evaluation minimizes the effect and impacts of security risk and its consequence and thus asset protection is quarantined (Information Warfare Site, 2011). The ITSEC identifies the computer system security as a trusted organization resource which must be protected at all cost. According to the ITSEC, the key aspects evaluated in security are functionality and assurances of the software product. Functionality refers to the aspects of the system which guarantees and enforces the systems security such as logins. While assurances on the other hand deals with the effectiveness and correctness of the design to be implemented with the security features in mind such as environmental configuration to deal with security and computer resources (William, 2004). ITSEC also observed that systems must be evaluated as per the evaluation standards such as the concept that guarantees the best environment, validation of all avenues of security breach, creating a tamper proof environment and finally mediation of all the subject and objects. Overall perspective Information Technology (IT) has currently taken over vital roles in the organization that were previously conducted manually. As the IT is growing to take up these roles, concern of security is also taking shape in the same field causing drawbacks and challenges to the ever growing IT resources. IT stakeholders have found it necessary to culminate measures to counteract these threats posing a stampede to the vital roles taken by IT. Several IT specialists have come up with models that curb these vices with the aim of minimizing attacks and its impacts (Marcel, 2006).Several important contexts have been devised with the zeal of implementing security policies which includes confidentiality, data integrity and availability of the resources which can compromise IT operations. The overall perspective of the security evaluation must be based on the functionality of the products and how these functionality are configured to protect against security compromise which guarantee security to the entire systems(William, 2004). The other perspectives considered in the evaluation are the QA that guarantees the assurance of security protection to the systems environment. The assurance relates to the environmental awareness and security related values which must be configured to the system during system development life cycle. The following are analysis of the perspective of each functionality and assurance as used to enforce security of the information (Information Warfare Site, 2011). Functionality In case of security analysis, functionality of the systems plays an important role in creating avenues and gaps that are utilized by attackers and hackers to gain access for purposes of compromising the security information. It is also worth to note that security occurs as results of intentional and accidental operation by both the internal and external attacks (Bluetooth SIG, Inc, 2007). Therefore a good security plan must focus on various functionality elements that may create loopholes. To begin with, identification and authentication is very important functionality that must be implemented in the system to discourage anonymous access. This involves the creation and enforcement trusted path that must be traced by all valid user to eliminate hackers. It is also wise to implement some integration and customization that conform to specific security requirements. The software product must operate in an environment that does not support threat incubation by providing secure and free threat zone (Bluetooth SIG, Inc, 2007). The company should also perform periodic security audits to ascertain any uncaught threat existing since there is no mechanism to eliminate all threats. According to Schneier (2000), the most important functionality is the data entry prevention and user protection which guarantees that the data captured by the user is validated. These include SQL injection, invalid data, cross language scripts and other threats related to the user and others emanating from the user interface. The other aspect that relates to the functionality is availability, physical protections, privacy and communication which can compromise security if poorly handled. For example the means of communication can make a user reveal his credential to a potential hacker (Schneier, 2000). Assurance Levels The evaluation of security from the perspective of assurances relates to the quality assurance that is designed from the initial stage of the development life cycle all the way to deployment of the product. The aspects that are of concern to the assurances are testing of the product while still it is still being developed. During the life cycle of the product development, security assurance must be tested in all phases of the development to ascertain the strength of the software in relation to security threat. Assurance guarantee that gaps and loophole that can be utilized by the attackers are sealed off completely so that an attacker will find limited avenues to use in the process of hacking (Gallagher, Bryan and Lawrence, 2006). The other aspect of assurance relates to verification and validation of the design against the security threats. The validation and verification of the security normally takes place at the design phase before the process of coding begins. A semiformal design which is a design that awaits the verification against security threats in design so that once approved, it becomes formal design. The assurance is meant to ensure that the system is security compliant before the process of implementing the design so that the final product is secured (Gallagher, Bryan & Lawrence, 2006). Question 2: Mobile phones have grown sophistications to become the most indispensable tool in today’s day to day activities. Lourdhu and Alagan (2007) found that, both small and large inexpensive PDA is available in the market which can be used interchangeably with a basic computer to perform minor tasks. These tasks include storing data, capturing events, documentation of meetings, receiving electronic mails and remote accessing contents among others. Given its capabilities, attackers have identified potential loopholes and gaps in these hand held devices and are now using them effectively to breach information security of an organization (George, 2008). Ben (2006) observed that the limitation and challenges to the implementation of security policy with regard to the hand held device is very demanding and sometimes not applicable. For example, PDA devices is a personal garget and all the users within the organization posses and it would be impossible to ban all the users from using their PDA freely within the organization bearing in mind its essential communication functionality. Another issue is that PDAs and Smartphones are very small and with complex functionality and thus difficult to monitor using normal security policy. In case these devices get lost, they also increase vulnerability of the information that they contain since they can get into the hands of hackers (Jonathan, 2005). Attack tree The basic ideas behind the attack tree are the avenues used by the attacker to compromise the security of the companies’ information system. The attack tree is structured such that it has some root nodes, nodes and leave nodes each representing a form of attack achieved not only in hand held devices but also in general computing devices. The attack tree of a PDA generally is focused on the users’ negligence (Seth, 2004). Most of PDAs and Smartphones have no standard password strength. An attack tree is made up of OR and AND nodes each symbolizing each specific requirements to accomplish the task. That is, OR can be completed without inclusive of all requirements (leave nodes) but for the case of AND node all requirements (leave nodes) must be completed to its entirety (Seth, 2004). According to Seth (2004) for an attacker to achieve his/her mission in attacking Smartphones, he/she implements several strategies that are unchecked by the owner of PDA or Smartphones. Since PDA and Smartphones are now sophisticated, attackers know very well that employees of their target companies store the information in their phones. To begin with, the attacker will utilize all the available avenues to get access to the employee with an aim of getting this data. There are many avenues of exposing contents of a Smartphone (Seth, 2004). According to Bluetooth SIG Inc (2007) one can access the phone with the permission of owner and later steel the information directly or use other means such as Bluetooth link, MMS and internet download to access the information. The other strategy that an attacker can utilize is the relationship with the owner of the Smartphone. In this mechanism, the attacker tries to convince the owner to allow him access to the information through blackmail or social engineering the unsuspecting individual (Matthew, 2007). As stated by Patrick and Stephen (2009) the attacker can use the employee’s basic information to get vital information relevant for spamming. While spamming, the attacker can use the information to perform dictionary attacks into the owner’s Smartphone with an aim of revealing SIM pin, password that are normally weak in most Smartphone’s because they are not encrypted (Schneier, 2000). Finally, Patrick and Stephen (2009) said the attacker can obtain the basic and private information about a company from a negligent staff who is not keen of the confidentiality by using and accessing the information in public without being aware of the attackers with bad motives around him. An attacker can listen and record the information being disseminated by this employee or tap into an active port that streams information. Attack tree annotations (table) Concluding discussion: In conclusion, it is evident that the sophisticated growth of Smartphone technology has come up both with benefits and demerits which compromise information security. In essence most hacking occurs as a result of employee negligence in using their handheld devices. This demands that a good security policy must address the issue of training employee on the vulnerability introduced by the use of these devices. In addition, users must be advised to protect their PDAs and all their handheld devices apart from demonstrating to them ways through which hackers and attackers can take advantage of their negligence. The transfer of basic employee information between devices such as Smartphone’s and PDAs should be discouraged because of the loopholes present when these devices are connected and communicating with each other. References: Ben, G. (2006). How I stalked my Girlfriend, Retrieved September 28, 2011, from The Guardian: http://www.guardian.co.uk/technology/2006/feb/01/news.g2. Bluetooth SIG, Inc. (2007). Bluetooth Core Specifications, Version 2.1 + EDR, Volumes 0 to 4, Retrieved 28, September2011, from:http://www.bluetooth.com/NR/rdonlyres/F8E8276A- 3898- 4EC6-B7DA-E5535258B056/6545/Core_V21__EDR.zip. Gallagher, T., Bryan, J., & Lawrence, L. (2006). Hunting Security Bugs. Redmond, Microsoft. George, L. (2008). U.S. Cell Phone Industry Faces an Open Future, Industry Trends, Computer Magazine. IEEE Computer Society, 41(2), 1-5. Information Warfare Site. (2011). Information Technology Security Evaluation Criteria( ITSEC). Retrieved September 28, 2011, from: http://www.iwar.org.uk/comsec/resources/ standards/itsec.htm#top Jonathan, P. (2005). How to Track Any UK GSM Mobile Phone’, 2600 Magazine, 22(4), 34-39. Lourdhu, H., & Alagan, A. (2007). Trends and Challenges in Handheld Wireless Application Development. IEEE Canadian Review, 1(55), 23-34. Marcel, B. (2006). Forensic Imaging of Embedded Systems Using JTAG (Boundary-Scan). Digital Investigation, 3(1), 32-42. Matthew, B. (2007). Smartphone Trojans Discover Profit Motive. Retrieved September 28, 2011, from: http://www.techworld.com/security/news/index.cfm?newsid=8889 NATO IA. (2011). Best Practice & Common Criteria, Retrieved September 28, 2011, from http://www.ia.nato.int/guidance-more Patrick, M., & Stephen, M. (2009). Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine. Gladstone: Queensland Education press. Schneier, B. (2000). Secrets & Lies: Digital Security in a Networked World. New York, NY: John Wiley & Sons. Seth, F. (2004). Security Reference Guide: Windows Mobile Autorun. informIT, Retrieved September 28, 2011, from: http://www.informit.com/guides/content.aspx? g=security&seqNum=91. William, S. (2004). Trusted Computer Systems. Retrieved September 28, 2011, from: http://williamstallings.com/Extras/Security-Notes/lectures/trusted.html Read More

The overall perspective of the security evaluation must be based on the functionality of the products and how these functionality are configured to protect against security compromise which guarantee security to the entire systems(William, 2004). The other perspectives considered in the evaluation are the QA that guarantees the assurance of security protection to the systems environment. The assurance relates to the environmental awareness and security related values which must be configured to the system during system development life cycle.

The following are analysis of the perspective of each functionality and assurance as used to enforce security of the information (Information Warfare Site, 2011). Functionality In case of security analysis, functionality of the systems plays an important role in creating avenues and gaps that are utilized by attackers and hackers to gain access for purposes of compromising the security information. It is also worth to note that security occurs as results of intentional and accidental operation by both the internal and external attacks (Bluetooth SIG, Inc, 2007).

Therefore a good security plan must focus on various functionality elements that may create loopholes. To begin with, identification and authentication is very important functionality that must be implemented in the system to discourage anonymous access. This involves the creation and enforcement trusted path that must be traced by all valid user to eliminate hackers. It is also wise to implement some integration and customization that conform to specific security requirements. The software product must operate in an environment that does not support threat incubation by providing secure and free threat zone (Bluetooth SIG, Inc, 2007).

The company should also perform periodic security audits to ascertain any uncaught threat existing since there is no mechanism to eliminate all threats. According to Schneier (2000), the most important functionality is the data entry prevention and user protection which guarantees that the data captured by the user is validated. These include SQL injection, invalid data, cross language scripts and other threats related to the user and others emanating from the user interface. The other aspect that relates to the functionality is availability, physical protections, privacy and communication which can compromise security if poorly handled.

For example the means of communication can make a user reveal his credential to a potential hacker (Schneier, 2000). Assurance Levels The evaluation of security from the perspective of assurances relates to the quality assurance that is designed from the initial stage of the development life cycle all the way to deployment of the product. The aspects that are of concern to the assurances are testing of the product while still it is still being developed. During the life cycle of the product development, security assurance must be tested in all phases of the development to ascertain the strength of the software in relation to security threat.

Assurance guarantee that gaps and loophole that can be utilized by the attackers are sealed off completely so that an attacker will find limited avenues to use in the process of hacking (Gallagher, Bryan and Lawrence, 2006). The other aspect of assurance relates to verification and validation of the design against the security threats. The validation and verification of the security normally takes place at the design phase before the process of coding begins. A semiformal design which is a design that awaits the verification against security threats in design so that once approved, it becomes formal design.

The assurance is meant to ensure that the system is security compliant before the process of implementing the design so that the final product is secured (Gallagher, Bryan & Lawrence, 2006). Question 2: Mobile phones have grown sophistications to become the most indispensable tool in today’s day to day activities. Lourdhu and Alagan (2007) found that, both small and large inexpensive PDA is available in the market which can be used interchangeably with a basic computer to perform minor tasks.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Security in Computing Assignment Example | Topics and Well Written Essays - 1750 words, n.d.)
Security in Computing Assignment Example | Topics and Well Written Essays - 1750 words. https://studentshare.org/information-technology/2059280-computer-security
(Security in Computing Assignment Example | Topics and Well Written Essays - 1750 Words)
Security in Computing Assignment Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/2059280-computer-security.
“Security in Computing Assignment Example | Topics and Well Written Essays - 1750 Words”. https://studentshare.org/information-technology/2059280-computer-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security in Computing

The Technology Used in Cybercrimes

Security in Computing.... Breach Computer security entails protection of information from theft and manipulations, which would have adverse effects on the operations of the organization (Pfleeger, Charles and Pfleeger Shari 114).... Losses of confidentiality, integrity, and availability Confidentiality, integrity, and availability are the considerations used in accounting for a breach in computer security.... In ensuring this is effectively conducted, the network is divided into various security zones such as safety intergrated zone, basic control zone, supervisory zone, process information zone and Information Network zone....
3 Pages (750 words) Research Proposal

Information Technology and Public Key Cryptography

Moreover, security will not be guaranteed, as users may incorporate vulnerable PKI resulting in security breaches and other hacking activities.... Likewise, the security incorporated in RSA algorithm is focused on the solidity of multiplying the procedure associated with great prime numbers....
4 Pages (1000 words) Essay

Computer Sciences and Information Technology

Security in Computing.... hellip; It is common for people to immediately think of implementation bugs when the issue of security vulnerability comes up.... Despite RBAC applications, most of the security teams are still facing difficulties when it comes to account implementation and the process of access management on RBAC....
3 Pages (750 words) Essay

Information Technology Security

Name: Tutor: Course: Date: University: Information Technology and security Introduction CIA denotes confidentiality of information, integrity of information, and availability of information.... hellip; The protection of such information as bank account statements, credit card numbers, personal information, government documents, and trade secrets remain a critical part of information security.... SSL/TSL details a security protocol for communication over the internet has overtime been employed, in conjunction with a broad range on internet protocols, to guarantee security (Whitman and Mattord 2012, p....
3 Pages (750 words) Essay

HSBC E-Business Challenges and Mitigation

nbsp;… According to the study the various security concerns arise as a result of various individuals who passionately developed intelligent programs with negative and illicit attitude and make sure that all the various concerns are highlighted to its full extent.... The various security concerns are dependent on the technologies in use like Ajax and other majority of technologies used.... The composite feature of the security concerns are as follows:This paper outlines that the largest threat is content exploitation and the various implications of duplicating a wrong site to the transacting parties....
5 Pages (1250 words) Essay

File management in UNIX

Security in Computing.... Practical UNIX and Internet security.... Operating system security.... The reporter describes UNIX file system as a method of managing large amounts of data by storing and organizing them in a chronological manner (Pfleeger et al, 2003)....
2 Pages (500 words) Essay

Identifying Potential Risk, Response, and Recovery

hellip; This paper talks that recent statistics have shown that Security in Computing and information systems is a matter of urgency to concerned institutions.... New, novel and faster computing systems have hit the market.... In this document, we center around four main security threats to the company.... They include data security, computer virus risk, Keystroke logging, and adware....
4 Pages (1000 words) Assignment

Information Security Measures

An understanding of security principles and architectures is necessary for achieving Security in Computing systems.... nbsp; The study has been planned in several stages; review of relevant literature; study of architectures and measures in computing systems; a case study of security issues within a specific system; and recommendations for good practices for information security.... nbsp;… The widespread growth in the use of computing systems has lead to an increase in risks to the security of these systems....
5 Pages (1250 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us