Marcum State University is planning to decentralize its data, in this process the following points must be considered to overcome any type of security issue in the organization: (Granger, 2002)
Level of information security: The level of security in distributed functioning system can be ensuring through advance program to program communication. If the same product is being used in organization then the passwords can be in encrypted format. Before starting communication in network, the system can be identified.
Security cost: As the data will be distributed department wise, the cost to protect data will depend on the underlying software and information staff’s time.
Data replication: In decentralizing the functioning of a computer system, data replication is a major issue. The data of faculty, staff and student may present in multiple departments. It can generate the anomalies related with insertion, deletion and updates of information.
Ethical and legal ramifications: While saving information along with the name of individual rather than using a specific unique ID, the probability of accessing the correct information will be degrades.
The better way to store and extracting the information in a secured way can be that the company can use RDBMS software to store its data. While using RDBMS software the data can be stored in normalized form and the specific rights can also be granted as per the department wise, so that data can be secured, consistent and reliable. The adequacy of information can be assured. If company uses RDBMS, every database object can be identified through a unique database object ID and there will be no requirement to save file with individual faculty or student name. The securities concerns can also be implemented in greater extend in RDBMS.
Policy statement: The purpose of Bishop Enterprise’s policy is to provide a secured and state of the art concrete structures to its clients. Although we are growing day by day but we are committed to provide the Accountability, integrity, Usability and auditability to our every client to ensure the security concerns in future.
The security of information system is a key factor of our organization. The official policy is the mirror where the objective of any organization can be seen and the business proposal can be agreed upon. While any official proposal is to be send for approval by any organization regarding computer operations, it must contain some specific points related with the quality assurance of product of the company.
We maintain accountability which ensures the activities are performed by an entity which is authenticated for that activity and it can be traced. It is an effort to set the standard of performance across all the divisions of an organization.
We implement information security Audit on regular basis it is a process of measuring the performance of our organization on certain parameters. It includes continuous steps of tests which ensure the security of operational process, personal information and other confidential relevant details of organization.
Integrity represents the consistency, reliability and accuracy of information in system database of our organization. While data is being accessed or modified, it must reflect a consistent state. The data cannot be change during transit by unauthorized people. Integrity also maintains the file permissions and the accessibility control mechanism. To maintain the integrity in the security policy of organization, versioning system can also be implemented to control the changes done by accidently. (bailey, et al., 2016)
We pay attention towards usability in our website and other digital operations, which increase the security. Password manager is an option by which the user must remember a single password only. Password verification can be a two or three step processes, in which before accessing any file or site the verification is must.
Social engineering is a vulnerability which relies on human interaction. It is based on the concept of tricking humans so that they can break security procedures. In social engineering the con game is the base. Whatever the techniques can be used in social engineering is moving around the appeal to steal authorization details of authorized person. In this type of attacks the people can pretend like friends or colleagues and they show like they want to help. After getting the information security password, they can relinquish the other resources of the network. As per the case study the 4 instances of social engineering are:
Dave Bloggs represent himself as manager of audit system and asked Susan to reveal his password so that he can audit of account system.
While Susan denied revealing the password without permission of manager that Dave Bloggs showed that he became very impressed and said that he will directly contact with Susan’s manager and asked about the name of Manager.
Dave Bloggs told John that they are designing the system with Michael Phillips and they want to include John in their team.
Dave Bloggs informed John that they are working on a very high profile project and if John joined them, he can achieve the promotion. Dev Bloggs said that they also approached Susan about her password and they also need the password of John.
The techniques of social engineering used in above scenario:
- Spear phishing
The social engineering issues can be resolved by using following tricks: (Publications, 2009)
It provides the security methods to prevent social engineering
· Never open any email link which is from unknown site.
· Passwords must be provided to ensure the authenticate person
· It can be two or three password confirmation process
· Never share the confidential credentials to any person
· Audit the complete network time to time to check any type of security concerns in organization.
· Provide regular examples to employees so that they can aware about threats.
The differences between authentication and encryption: (Shinder, 2001)
Authentication is a process to identify the identity of a person by using some methods. The most common one of them is username: password
It can be a unique identification code along with some secret pattern or pin number.
Encryption is a process to convert the message into secret code while transmitting the data. The most common method of encryption technique is pre shared key.
Authentication based systems are more flexible
Encryption based systems are more secure
Not all the messages are critical and the authentication or encryption must be applied on following transmittals:
- Sign In process
- Fund transfer
- Password for transaction generation
The messages or transactions which are confidential must be encrypted.
The process of authentication and encryption will surely slow down the functioning of system. In online banking we can implement some other safeguards to protect the confidential information. Such as:
Monitoring: In this process the whole system is on watch against any unauthorized access. In case of suspicious activity, instant step is taken to control it.
Firewalls and cookies: In Firewall a security wall is created around the whole system. Every data packet must pass through firewall and if it does not belong to any system of organization, it will be discarded by the Firewall.
IdentificationPlus: It provides enhanced protection against vulnerabilities by providing a secret question and answer.
bailey, L., bisson, d., BRAGER, K., CONACHER, C., COVELLO, B., CUMMINS, K., et al. (2016, August 15). security-and-usability/. Retrieved August 5, 2017, from www.tripwire.com: https://www.tripwire.com/state-of-security/featured/security-and-usability/
Granger, S. (2002, January 17). simplest-security-guide-better-password-practices. Retrieved august 5, 2017, from www.symantec.com: https://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices
Publications, U.-C. (2009, October 22). ST04-014. Retrieved august 5, 2017, from www.us-cert.gov: https://www.us-cert.gov/ncas/tips/ST04-014
Shinder, D. (2001, august 28). understanding-and-selecting-authentication-methods. Retrieved august 5, 2017, from https://www.techrepublic.com: https://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/