Identifying Security Risks For A Wireless Communication Devices Manufacturer Using Delphi

Identify the major security risks faced by this organisation and perform a risk analysis , using Delphi .Write security policies that address the risks identified in the risk analysis.

The current business chosen in this study is a small-sized manufacturer of wireless communication devices. They are mainly used for IoT or Internet Of Things communications. Further, the organization has been operating a factory situated about 20 km away from Eastern suburbs and small research lab. Both of them have been co-located under a University within eastern suburbs.

The company needs to create a security program. This is intended to decrease the further risks of those kinds of attacks. However, addressing those problems has been important and hence the company has been needed to address the risks at the initial phase. This is also regarded as a multi-phase project.

The following report identifies those security risks faced by the organization using Delphi. Then the security policies are addressed and then it is specified how every policy can be implemented.

The environmental uncertainties and keeping competitive intensity of projects in minds, the project managers of the current organization has been facing various challenges. For effectively controlling the challenges the risk management has been introduced. This has been one the new strategies to enhance and strengthens effectives of the project (Chang 2016). For reducing the risks and different kinds of offset losses of it, risk management is developed. Further, all of them has been specific place.

 

Figure 1: “Wireless security Risk factors”

(Source: Bouzon et al. 2016, pp.182-197)

In the current scenario the top five risks are listed below.

• Detrimental impacts of various activities across the conscious action in predicting the reverse effects and various plans to avoid it.
• Problems in stable income and earnings for creating the acceptable level of revenue through limiting loss of earnings and cash flows that gets originated from various unforeseen losses.
• Non-stop activities and high delay of tasks
• The costs have been above certain level and the restricting the organization to develop.
• Lack of time allocated for development of continuous development and growth.

For mitigating the above risks the Delphi method has been useful. This includes the successful consensus gaining of the way some of the experts have been arguing about any particular project. It is an iterative method that has been collecting anonymous judgment of various experts.

In Delphi method has been used for decision-making and forecasting that has been provided by experts that are expressed in terms of different absolute numbers. However, it has been far away from real world, long-term forecasts and decision making. Here, the possibility of uncertainty and coping with various fuzzy sets are present (Stockwell et al. 2016). This is because the decisions are undertaken keeping the qualification of the experts in mind. Hence, it has been better to use fuzzy sets through fuzzy numbers for predicting different long-term decisions in dealing with actual world scenario. This has been instead of definite and particular numbers of fuzzy numbers for describing the data to be used. In this way, the needed form of natural language whether low, medium or high are investigated by experts. Hence, the fuzzy Delphi method has come into play.

Security Program

In the current case study, the Fuzzy Delphi method is helpful. It has been including the following steps.

• The different experts chosen and described under the problem domain.
• Preparing the questionnaire and sending that to various experts.
• Getting opinions of experts and then analyzing them.

In this stage, various questionnaires has been sent to different members of every expert group and further the success rate retrieved with each of the components has been providing corrective opinions that are concluded. As per the linguistic variables and questionnaire is defined under the questionnaire, mean phase of every element is measured (Modrak and Bosun 2014). Further, various fuzzy numbers can also be used regarding information description. This are included instead of average specific analysis and is conducted in the basis of fuzzy mean.

It must be kept in mind that the conventional Delphi method has been always suffering from various expert opinions of low convergences, possibility and high execution costs. This has been regarding the opinions that the organizers has been filtering out specific expert opinions. The above suggested method of conventional Delphi and fuzzy theory has been helpful to develop the ambiguity and vagueness of the method. Here, the membership’s degree has been used for establishing the membership function of every participant (Kauko and Palmroos 2014). Here, the maximum and minimum values of expert opinions has been taken as the two terminal points of the “triangular fuzzy” numbers. Further, it has included geometric mean that is considered as the membership degree of the fuzzy numbers. This has been helpful to derive various statistically unbiased impacts. Moreover, the geometric mean has been considered as the membership degree of various fuzzy numbers for deriving statistically unbiased impact and doing away with the effect of the extreme values. The method has been creating more effective impact of selecting the criteria. Here it has featured the benefits of simplicity and the expert opinions have been encompassed in one investigation (Ameyaw et al. 2016).

The organization must understand the contrasting view between Fuzzy Delphi methods from the conventional one. Here both the processes are expected to gather group decision of various expert opinions. This method has been needed to undertake various investigations for achieving consistency of various expert opinions. However, the fuzzy method has been needed just one single investigation and every opinions are been covered (Lee et al. 2016). Previously the experts has been forced and needed to change the opinions for meeting the mean values of every expert opinion. As the opinions ate modified, this gets excluded. In this way it has been possible that important data get lost. However, the latest Delphi method gas been respecting the initial opinions of the experts. It has provided distinct membership degree for every possible consensus. The previous has needed notable time to gather the opinions of experts. There, the cost has been high, and the fuzziness of the process cannot be excluded (Hsueh  2015). However, the Delphi method to be used in the current case study has possessed the weaknesses mentioned above.

Thus the primary benefit of the fuzzy Delphi method for gathering group decision has been ling that every expert opinion should be integrated and considered for achieving consensus of different group decisions. Besides, the various fuzzy elements of human thinking, subjective and uncertain messages are also introduced. Further, it has been reducing the consumption and investigation of time and cost.

This segment discusses the policy statements addressing threats that are demonstrated above. The risk program of the current organization has been objective. Hence a data driven risk analysis is needed for the risk management strategy. There are three distinct levels available. The experts must be working on understanding the risks as compared to various threat scenario and patterns of attacks identified by the above Delphi method (Cherry and Jacob 2016). The organization must develop a plan that should prioritizing problem of the areas that has been getting the most out of the security budget. Moreover, important business leaders and stakeholders must have the confidence the security strategy. Thus they must be confident to keep the company protected.

 

Figure 2: “Security policies in terms of attacks, requirements and measures”

(Source: Fang et al. 2014, pp.1596-1605)

As the biggest risks are identified, the organization can plan as per the needs. They can be helpful with various periodic reviews for verifying controls that they have been working with and seek potential weaknesses within the security strategy. Further, expert cyber security risk analysis with diagnostic methods is to be done creating from years of various legacy technologies (Greenberg  2017). It also consists of insights from the data derived from the Delphi method that must highlight the threat patterns leading to real data breaches. Moreover, there must be direct mapping of the most common framework of cyber-risk management framework. This must be helpful to understand the risk levels around the likely scenarios.

The levels of protections have been helpful. Here, the threat profiles and necessities of security have not been specific. The solution has been designed to meet those requirements through utilizing various industry-specific data for defending against the threats that has mattered the most. The “risk-rating” must be done through evaluation of risk-reducing the controls effectively and simply. The reviews of the external security controls from the most common security threats must be identified (Hammer 2015). A quarterly diagnostic score must be generated. Further extra guidance must be provided to decrease cyber risk that must be referring to attack patterns identified in Delphi.

The security program must be including maturity-based and comprehensive risk analysis against the important cyber threats. The external and internal security controls must be reviewed against the wide number of cyber threats. A quarterly cyber security risk analysis must be done against primary security controls (Kavanagh and Johnson 2017). This must include recommendations for reducing the risks. The controls against the primary controls must be compared and controlled against primary control frameworks and various industry peers.

The security analysis must be including customizable activities for analyzing risk levels on the basis of the methodology. The internal, external, security controls must be reviewed. A monthly adaptive risk score must be provided and the risk-reducing controls must be selected and examined. The position must rate against the primary control systems and peers of industry. This is dependent on the scoring method of Delphi. This should be based on the methodology of maturity and particular risk-scoring (Laudon and Laudon 2016). A strong defense must be created with data and insight. The cyber risk security programs are helpful to defend the risks better. This is done through managing those risks in a more deliberate manner. This is helpful for the organization to move on. Further, the origination must undertake simple intuition for risk models on the basis of evidence. The organization must be helpful to understand the risk, then prioritize remediation efforts and then use proactive measures of security. Then subjective risk scoring must be conducted on the basis of evidence-based scoring. The threat intelligence must be converted from the Delphi method to real risk assessment (Li et al. 2014). This is helpful to better understand and guard the threats. Next a fragmented view must be developed towards a wider one. Here, the security can be fragmented with various technologies and vendors who have been working independently. Visibility must be provided around the network. This must be consolidating controlling of security services and products to react more efficiently to the attacks.

This security program consists of an advantage. This is helpful to get a better place to manage risks in terms of various factors. The first one is global visibility. The company’s network must provide various insights of current attacks and threats. Further, there should be deep expertise where some of the most high-profile global breaches must be investigated every year. Next there should be security intelligence and people must know the ways in which the attackers ha been working and the things they actually needs (Peltier 2016).

Besides, the organization can utilize encryption over their wireless network. The information must be encrypted over the wireless network. Hence, the nearby attacks must understand the communications. Here, the encryption has been scrambling information sent to the code. In this way it has not been accessible to other people. The modern routers have been offering WPA2. This is the strongest wireless encryption available widely. This must be used to protect the data. Apart from this the organization must limit the access to the network (Ross 2017). They must permit particular devices for accessing the wireless network. They have the mechanism to permit the devices with specific MAC or “Media Access Control”. They must address the access to that network. As the organization needs to deliver free Wi-Fi for the users, they must set up the public network. This must be distinct from the network for the business devices.

Specifying every policy:

The good security policy must set the primary rules for the information security at the current business. The rules have been highly mandatory and should be seen around the company. As the security requirements have been varying from one company to another, the security policy must be done in the same way (Stair and Reynolds 2017). Hence it has been important that those security policies must be done according to the necessities and the business policies and goals of the companies. This must be supported by every employees and it has been enforceable. The security policy has been very huge level, technology neutral and technology specific. The security policy can be divided into three primary kinds. They are program level, issue-specific and system specific policy.

System specific policy:

Here, the system specific policy has been focusing on various policy issues that the management has decided for the particular system. Here, it has been addressing only a single system. The issue specific and program level policy has been addressing policy from a wide level. It has been encompassing the complete organization.

Organizational policy:

Further, there has been choice to develop specific kind of policy depending on the requirements of the organization.  Besides, the most vital aspect has been that the policy has been meeting the direction. This can be utilized on the basis to make various other lower levels of decisions (Stark 2015).

I.T security policy:

The I.T security policy has been covering the expectations of the organization of proper usage of network and computer resources. It has been also including processes to react and prevent the security incidents. And the drafting of the policy goes on the individual requirements of the organization must also be considered. This policy drafting has been including various aspects. It includes the direction and goals of the organizations. They have been including government laws, regulations, rules and policies. This has been also including the necessities and requirements of the organization (Van De Walle, Turoff and Hiltz 2014). Further, there has been enforcement, distribution and implementation of those enforcement issues.

 

Figure 3: “A Bird-eye View of the Development Cycle of a Security Policy”

(Source: Ermakov et al. 2014, p.511)

Using effective WAN with LAN:

The organization must consider the ways in which new WLAN segments must be integrated with using and reusing various components of the wired infrastructure. The network topology, security measures and device placements must have direct effect on the wireless LAN security. The AP placement must be restricted to the network topology. The wireless applications must need secured access to Internet and Intranet (Osterhage 2016). This must be affecting routers, rules of firewalls and various VPN policies. It must be reminded that the wireless APs has been the unrestricted entities and must always be placed outside the firewall and under DMZ and never within the firewall.

802.11 security:

The organization has a rising choice of options for authentication and encryption from various emerging tools towards VPNs. It has been depending on the size of the enterprise and risk level of WLAN that has been opening up. The company must start with the 802.11 security offering the out of the box. Here, primary 802.11 securities have been deterring the accidental association and casual eavesdropping (Farooq et al. 2015). As most of the WLAN products, the security has been disabled through default. This disabled means has been dealing with WLAN operating the open-system mode. This has been under any station that must be joined due to the fact they have known the SSID or Service Set Identifier of the network or through capturing the beacon frames broadcast through the APs.

802.1X:

Various AP s has been configured with the list of MAC addresses for allowing the block. However, the MAC address is never to be forged. To determine this, IEEE 802.1X must be provided with the multivendor system and standard for the combined port-level access control with any type of authentication (Sandberg, Amin and Johansson 2015).

Wi-Fi protected access:

The Wi-Fi is the brand provided to 802.11 products that are certified by various Wi-Fi alliances. This is a consortium that has been organized for promoting 2802.11 products and various kinds of interoperability existing among them. The WPA or Wi-Fi protected access is the security development for the present generation hardware of WLAN. This incorporating the portable parts for 802.11 developed security standard. This has been still the work of progress. It can be interoperate with various older WEP products.

Security for VPNs:

As the organization has needed the remote access VPN, they should be using that regarding security of WLAN. Its reuse has been making the most sense while the security policy has been consistent for the LAN and WAN accesses (Sadeghi et al. 2015). This has been the same credentials that are used regarding authentication. This is the same encryption algorithm that can be utilized as per confidentiality is considered.

The recommendations for security have been distinct and it has been depending on the wireless service that is needed to be connected. In common terms, the organization must be aware that the wireless networks have been less secured than different wired networks. This is because the electric signal has not been confined to the wire. It has been raising the potential for traffic to be snooped or intercepted. Moreover, there have been various distinct options as it comes to wireless security. Here the two primary formats have been WEP and WPA. The WEP previously has evolved as the industry standard. However, the technology has comprised stronger requirements and thus a new standard has originated. It has been a stronger and more efficient format. Moreover, it has been highly recommended that every security settings must be updated for using the new standards. However, some the legacy devices have not been able to upgrade the WEA or WPA. Since security has been ever changing and many robust tools has been introduced for combating hackers, it has been vital that the dealership is diligent. They have been staying informed about latest technologies for helping the security of important data and infrastructure. Thus the common recommendations include the following.

• Enabling operating system firewall
• Installing anti-virus sopftware like Sophos and keeping that upgraded
• Keeping the OS to operating system up-to-date with patches of various vendors.
• This includes the Windows Update and setting OC for automatically patching as they get released.
• They must way to run various programs or different files that are downloaded from various untrusted sources. This contains the invisible programs known as viruses or Trojan horses.
• Effectively reading the spans and never clicking hyperlinks containing those emails.
• Using browser that consists of the phishing filter.

Thus it is seen from the above discussion that with the thriving the development of wireless communication has been no longer a new subject. The wireless communication at the chosen company has been perceived in the above study. However, because of inconvenience of wireless access, the company has witnessed the significance of mobility. Due to immeasurable development potential of wireless technology, they have introduced the application. This has been helpful for their staffs to accomplish more activities in short period of time.

However the mobility of the enterprise has been not just about the construction of convenient network access scenario. The study showed that the fuzzy Delphi method has been needed small number if samples and the derived outcomes have been reasonable and objective. This has saved cost and time to collect expert opinions. This should be properly expressed without getting distorted. Certainly, the project managers of the company have been facing various challenges in terms of security problems. Hence various managers have come up with the fuzzy set theory for stating the uncertainty.

It is understood that the initial step of risk management has been utilized for determining risks of various common risks that has been impacting project and including various conversion projects. In this step to identify the risk impacting the project process the Delphi method has been utilized. It has been a structured process to collect and categorize knowledge among the set of experts as a kind of natural language. This must be distributed with the questionnaires among people and managed feedbacks and various comments that are done. Here, the outcomes have shown that as the implementation is done and consensus achievement is done, the integration of credit and financial risk can be estimated better. Moreover, outcomes of the hypothesis for the current project has highlighted that as attraction is made on resources profits, risks, equity, interest this brings the profit. However, the risk of various regulations, institutional integration and open acts can take place on the classic elite and property. Thus the project can be in loss.

This fuzzy set theory has been providing a flexible framework to manage ambiguity and uncertainty of human knowledge. This has been in the study of phenomenon and under satisfactory shape solving various barriers of lack of precision. This has been essentially the approximate technique provided with a qualitative aspect as far as quality is concerned.

Using FrontPont Security:

This has been covering almost all the needs within monitoring and equipments and providing extensive tips and keeping business secured. It has been offering smoke and heat sensors as far as fire protection, carbon monoxide, freeze and flood is considered. The customers are able to customize the system that has been including various features that are needed.

Using SafeMart:

It has offering wide range of security tools. However it has been unable to provide installation services and detailed instructions as far as installation is concerned. Here the users have the choice to use security devices as needed. It has been including point sensors and detection of motions as far burglary protection is considered. It has also included heat and smoke detectors for flood sensors, carbon monoxide detectors and fire protection as far as environmental hazards are concerned.

Using Guest Wireless LAN:

The minimum recommendations for the “Guset Wirelss LAN” are discussed hereafter. First of all, a separate guest network must be used from the private network of dealerships. The terms of use statement must be posted in various guest areas and they must be presented as the initial webpage gets accessed by the guests. Then the wireless access points must be adjusted pointing to the signal strength for restricting that from various unauthorized sectors like the street. Then the SSID broadcasting must be activated. The manufacturer’s default SSOD must be changed to any unique 1D over the point of access. The user authentication must be enables for the access point management interface. This indicates they the default password and username must be changes. The rogue or unauthorized wireless access points must be checked occasionally and for various channel conflicts.

References:

Ameyaw, E.E., Hu, Y., Shan, M., Chan, A.P. and Le, Y., 2016. Application of Delphi method in construction engineering and management research: a quantitative perspective. Journal of Civil Engineering and Management, 22(8), pp.991-1000.

Bouzon, M., Govindan, K., Rodriguez, C.M.T. and Campos, L.M., 2016. Identification and analysis of reverse logistics barriers using fuzzy Delphi method and AHP. Resources, Conservation and Recycling, 108, pp.182-197.

Chang, J.F., 2016. Business process management systems: strategy and implementation. CRC Press.

Cherry, B. and Jacob, S.R., 2016. Contemporary nursing: Issues, trends, & management. Elsevier Health Sciences.

Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management. Cengage Learning.

Ermakov, S.A., Zavorykin, A.S., Kolenbet, N.S., Ostapenko, A.G. and Kalashnikov, A.O., 2014. Optimization of expert methods used to analyze information security risk in modern wireless networks. Life Science Journal, 11(10), p.511.

Fang, S., Da Xu, L., Zhu, Y., Ahati, J., Pei, H., Yan, J. and Liu, Z., 2014. An integrated system for regional environmental monitoring and management based on internet of things. IEEE Transactions on Industrial Informatics, 10(2), pp.1596-1605.

Farooq, M.U., Waseem, M., Khairi, A. and Mazhar, S., 2015. A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).

Feng, N., Wang, H.J. and Li, M., 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information sciences, 256, pp.57-73.

Greenberg, J.S., 2017. Comprehensive stress management. McGraw-Hill Education.

Hammer, M., 2015. What is business process management?. In Handbook on Business Process Management 1 (pp. 3-16). Springer, Berlin, Heidelberg.

Hsueh, S.L., 2015. Assessing the effectiveness of community-promoted environmental protection policy by using a Delphi-fuzzy method: A case study on solar power and plain afforestation in Taiwan. Renewable and Sustainable Energy Reviews, 49, pp.1286-1295.

Kauko, K. and Palmroos, P., 2014. The Delphi method in forecasting financial markets—An experimental study. International Journal of Forecasting, 30(2), pp.313-327.

Kavanagh, M.J. and Johnson, R.D. eds., 2017. Human resource information systems: Basics, applications, and future directions. Sage Publications.

Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education India.

Lee, S., Cho, C., Hong, E.K. and Yoon, B., 2016. Forecasting mobile broadband traffic: Application of scenario analysis and Delphi method. Expert Systems with Applications, 44, pp.126-137.

Li, J., Li, Q., Liu, C., Khan, S. U., & Ghani, N. (2014). Community-based collaborative information system for emergency management. Computers & operations research, 42, 116-124.

Modrak, V. and Bosun, P., 2014. Using the Delphi method in forecasting tourism activity. International Letters of Social and Humanistic Sciences, 14, pp.66-72.

Osterhage, W., 2016. Wireless security. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Ross, J.E., 2017. Total quality management: Text, cases, and readings. Routledge.

Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd annual design automation conference (p. 54). ACM.

Sandberg, H., Amin, S. and Johansson, K.H., 2015. Cyberphysical security in networked control systems: An introduction to the issue. IEEE Control Systems, 35(1), pp.20-23.

Stair, R. and Reynolds, G., 2017. Fundamentals of information systems. Cengage Learning.

Stark, J., 2015. Product lifecycle management. In Product Lifecycle Management (Volume 1) (pp. 1-29). Springer, Cham.

Stockwell, D.C., Bisarya, H., Classen, D.C., Kirkendall, E.S., Lachman, P.I., Matlow, A.G., Tham, E., Hyman, D., Lehman, S.M., Searles, E. and Muething, S.E., 2016. Development of an electronic pediatric all-cause harm measurement tool using a modified Delphi method. Journal of patient safety, 12(4), pp.180-189.

Van De Walle, B., Turoff, M. and Hiltz, S.R., 2014. Information systems for emergency management. Routledg