StudyDaddy Computer Science You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for one of the companies explored in this course: Vampire Legends (Wk 1) Cruisin’ Fusion (Wks 2–3)

You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for one of the companies explored in this course: Vampire Legends (Wk 1) Cruisin’ Fusion (Wks 2–3)

Risk Identification

The process of risk identification for the devil's Canyon enterprise was vital to secure business continuity and allow the management to make informed decisions. The risks identified ranged from security concerns to human resource management. They offered a unique perspective to the management to implement new technologies in the market. The risks identified were recorded and documented for future reference if new mitigation techniques are necessary (Burri et al., 2014). The risks identified include insider threats, physical security of the premises, viruses, and malware for the computer systems, ransomware, and phishing risks.

Insider threats revolve around how the human resource department ensures any disgruntled employees give their feedback and comments. Employees' dissatisfaction with the job can lead to sensitive information and data being leaked to competitors whom the workers want to please. Devil's Canyon might have a position they want to fill, and the interested candidates called to fill the vacancy (Chamola et al., 2019). The most qualified employee will be given the position. If other employees feel short-changed, then they become a source of resentment for the business.

Physical security of the premises, including the IT infrastructure, needs to be protected. For example, the enterprise's data center must be guarded by security personnel as the equipment housed are expensive to replace and might take years before funds are raised to replace them (Muller et al., 2016). The threat of viruses and malware in the enterprise's computer systems occurs when files are attacked. Viruses that are malware attach themselves to the enterprise's files and documents, then deleting and modifying them without the user's permission.

Ransomware threats occur when computer hackers access the computer system without authorization and block any access. It limits the enterprise operations by blocking access to customer files and contact information. It might even block access to payment systems, leading to delayed services and increased customer complaints. An amount of money will be demanded to be given back (Burri et al., 2014). The business's reputation will be lost by the management, leading to poor performance by the team. Competitors will gain an upper hand as the disgruntled customers will seek services from them. Phishing threats occur when hackers pose as trustworthy entities to obtain sensitive information using malicious software illegally.

Security Controls.

The security techniques to prevent insider threats include firing employees that endanger the enterprise's resources. A comprehensive human resource management system can be effective if the enterprise is to closely monitor an employee's activities and rank their security threat level. It can store employee documentation, including past activities, for easy reference (Freeman et al., 2017). A security guard can improve the enterprise's physical security from a reputable security company to man entrance into vital IT resources. IT experts can combine it with finger-print identification technology to limit physical access to the Devil's Canyon enterprise's sensitive areas. Strong hinges and doors can also be a great physical security measure.

Experts can prevent viruses and malware by installing anti-virus software that will limit malware activities in the system. Service providers that will update the anti-malware software will play a vital role in securing the computer systems (Freeman et al., 2017). Installation of a firewall to closely monitor internet activities for the Devil's Canyon system will be beneficial. A complete deletion of files and documents can be done if it is suspected that an unknown software has installed itself. A server that scans all mail received will deter phishing activities in the system.

Acceptable level of risk

A human resource information system documentation of the disciplinary cases an employee has been involved in will not prevent rogue employees from interfering with business operations completely but will offer legal back-up in case of evidence from the court is needed. The security controls of the protection of physical infrastructure are not 100% guaranteed as security personnel might liaise with competitors to sabotage the enterprise (Burri et al., 2014). The security cameras set-up will offer some form of acceptable risk. The setting up of anti-malware offers a form of control to the losses that the enterprise might experience. If only a few files are infected, then Devil's Canyon will easily replace the lost materials. Thus, it is an acceptable risk. Continuous education and training to the employees will limit ransomware and phishing attacks. If employees do not open emails from unverified sources, then it is unlikely that phishing will occur.

Security Technologies and Design

Security technologies such as cloud computing applications will eliminate the need for physical security mitigation techniques as all resources will be accessible from the internet (Muller et al., 2016). The service providers ensure up-to-date anti-virus technologies are applied, reducing the risks of hackers and cybersecurity threats. The application of human resource information systems such as BuiltForTeams software technology ensures easy tracking of all employee activities. Security design principles such as least privilege, open design, and the acceptability of the security features are vital.

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Basin, D., Burri, S. J., & Karjoth, G. (2014). Obstruction-free authorization enforcement: Aligning security and business objectives. Journal of Computer Security, 22(5), 661-698.

Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., & Sikdar, B. (2019). A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access, 7, 82721-82743.

Wressnegger, C., Freeman, K., Yamaguchi, F., & Rieck, K. (2017, April). Automatically inferring malware signatures for anti-virus assisted attacks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 587-598).

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!