Messages
Proposals
Get Urgent Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework Writing
100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support
Table of Content
Threat
of vulnerability and exploit
Five different
types of hackers
Five
of 10
Commandments of computer
ethics
Differences between
risk identification, risk
assessment and risk
control.
Residual
risk give an example.
Risk
control, which risk control
options are cost
effective .
Different
database cyber attacks and countermeasures.
Database
access control methods.
Cloud
computing and countermeasure to reduce the risks
Federal
in-service training requirement
A
progressive training service providing company Technology Commandos Inc. (TCI)
is hired by the US department in order to assist them in providing in-service
training to the new IT team. The basic task is to provide them training
regarding basic security principles. Specific training task is to provide
information about the need of database security, cloud security, computer ethics,
relational database and cyber-attacks. In the training session company will
also cover the basic level knowledge about the database access control methods
and risk management in order to enable them (new members of IT team) to
understand the security systems.
The CNSS
security model has been developed by John McCumber. McCumber cube is its
another name has three dimensions. CNSS model’s three dimensions include
Transmission, Processing, Storage, Technology, Education, Policy, Availability,
Integrity, and Confidentiality.
Vulnerability
is all about the undocumented and unintended API in the system. With the
discovery of API, the software can be directed to act in such a way which is
not intended such giving information about defenses of security.
In
the diary of a hacker, exploit comes after the vulnerability. Without relying
on the documentation, unintended API is exercised by Exploits.
A
hypothetical event in which a hacker utilizes the vulnerability is known as a
threat. Normally, an exploit will be involved in the threat as it is a common
track which hackers follow.
Script Kiddies: For a virus,
they copy a code and use it. For themselves, Script Kiddies not hack. An
overused software will be downloaded by the, and will watch a video to know its
use.
White Hat: Ethical hackers are the white hat
hackers. In the hacker world, they are the good ones. In Pentesting a firm or
removing a virus, they will help you.
Black Hat: Crackers are the black hats and they are the
ones in the news. Companies or banks with a weak security system are invaded by
them and they steal the confidential information.
In the hacker world, nothing remains white or black. Grey hat don’t
steal. However, they don’t help as well
Green Hat: n00bz are the green hackers actually. Unlike the
hackers who are Script Kiddies, they are keen on hacking and thrive for being
full hackers.
Various
kinds of malware and their solutions:
Browser
hijackers dive by, backdoors, and adware are some types of malware.
Firewares
and antivirus should be used.
1. For
the harm of others, computer shalt not be used by thou.
2. With
the work of other people, Thou shalt not meddle.
3. In
files of others, snooping shalt not be done by thou.
4. For
stealing, computer shalt not be used by thou.
5. For
false witness, a computer shalt not be used by thou.
6. Without
paying or getting permission, proprietary software shalt not be used by thou.
7. Without
proper authorization and compensation, computer resources of others shalt not
be used by thou.
8. Intellectual
output of others shalt not be appropriated by thou.
9. A
program’s social results that you design shalt not be thought by thou.
10. In way
that computers help others, computers shalt be used by thou.
The
process of determination of risks that could stop the company from achieving
its goals is risk management. Communicating
and documenting the concern are included in it.
Risk
assessment is the mix of potential and analyzing event that might affect the
environment, assets, or individuals negatively.
The method by which companies determine significant losses and devise
ways to delete such threats or minimize them is risk control.
·
First one is the management of Strategic Risk.
·
Second
one is the management of Compliance Risk.
·
Third one
is the management of Operation Risk.
·
Fourth
one is the management of Financial Risk.
·
Fifth
one is the management of Reputational Risk.
After the
reduction of inherent risk with risk control, the risk connected with an event
or situation is the residual risk. Automotive seat-belts give an example of the
residual risk.
When there
are harmful elements being used, administrative risk control’s application is
used. A process’s documentation refers to its appearance actually. For the
minimization of exposure, measures can be taken to a specific standard which sustainable
to all stakeholders.
·
First
one is Substitution.
·
Second
one has Engineering controls.
·
Third one has Administrative controls
The
security of data is more than just necessary. Companies connected with the
internet must consider it all costs. The security of database prevents the
information from being lost which can harm the financial element of the company
Following
are some of the cyber attacks on a database:
·
DDoS or Distributed Denial-of-service attacks
and DoS, Denial-of-service attack.
·
MitM attack or Man-in-the-middle attack.
·
Spear Phishing and Phishing attacks.
·
Drive-by attack.
Different technical
countermeasures can be implemented to block cybercriminals and make the systems
tough. Network and Firewalls are actually considered the very first line when
it comes to defense in making the systems secure and setting ACLs which are
Access Control Lists. By determining the type of traffic and services which can
break by the check point can help in making the systems strong. A malicious
code’s propagation can be prevented using an antivirus. Signature based
detection is used as many viruses possess the same specifications.
·
DAC or Discretionary Access Control
·
MAC or Mandatory Access Control
·
RBAC or Role-Based Access Control Technology.
A broad
combination of controls, technologies, and policies are known as cloud security
or cloud computing security for the protections of infrastructure,
applications, and data of the cloud computing
·
Identification of the harmful behavior.
·
Baseline should be known.
·
For the monitoring of the behavior, utilize the
instrumentation of application.
·
Use throttle logging.
·
Eliminate
any type of confidential data before the process of logging.
·
Some
strong policies for the passwords must be used.
·
In
an insecure way, credentials must not be stored.
·
Access’s
granularity should be considered.
·
Privileges’
separation should be enforced.
·
For
the encryption of messages, transport security or message security should be
used.
·
Cryptography
provided by a proven and authentic platform should be used.
Organizations are facing securities
issues due to the limited knowledge of the employees towards security of the
information system. There are five types of hackers that take control on the systems
with different purposes. Green hat hackers can be prevented through the
firewares and antivirus. Risk management provide information about controlling
the various types of risk at different cost. IT members are provided training
session to help them in understanding the securities issues and relevant risk
management strategies. Training covers the information about the database
security threats and the countermeasures.
|
[1] |
Z. Xiong, A. Tsang,
W. T. Yue. and M. Chau, "The classification of hackers by knowledge
exchange behaviors," Information Systems Frontiers, vol. 17, no.
6, pp. 1239-1251, 2015. |
|
[2] |
A. M.
Chandrashekhar, S. T. Ahmed and N. Rahul, "Analysis of Security Threats
to Database Storage Systems," International Journal of Advanced Research
in data mining and Cloud computing (IJARDC), vol. 3, no. 5, 2015. |
|
[3] |
F. Sabahi,
"Cloud computing security threats and responses," Communication
Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on, pp.
245-249, 2011. |
|
[4] |
E. Byres and J.
Lowe, "The Myths and Facts behind Cyber Security Risks for Industrial
Control Systems," Proceedings of the VDE Kongress, vol. 116, pp.
213-218, 2004. |
|
[5] |
S. Pareek, A. Gautam
and R. Dey, "Different Type Network Security Threats and Solutions, A
Review," IPASJ International Journal of Computer Science, vol.
5, no. 4, pp. 1-10, 2017. |
|
[6] |
D. S. Terzi, R.
Terzi and S. Sagiroglu, "A Survey on Security and Privacy Issues in Big
Data," Internet Technology and Secured Transactions (ICITST), 2015
10th International Conference, pp. 202-207, 2015. |
Discuss your homework for free! Start chat
