Enhancing SBRU's Online Travel Service: Security And System Updates, Essay.

Describe the Security and privacy in mobile social networks: challenges and solutions and IEEE Wireless Communications

Updating SBRU's Online Travel Service

SBRU is an online travel service that makes allows students to book vacations for college students; students have used the service for decades, however, changes in technology have necessitated changes to better meet student needs. Students can access the system and book rooms and SBRU has a list of resorts that need to know their bookings of a weekly basis. In line with recent technological developments, SBRU has opted to update its systems to include social media and this requires a new design with several use cases. To create a new system for SBRU, this paper creates class diagrams for booking reservations and adding a resort. The paper then creates interaction diagrams for the same and then outlines how security for the new system will be achieved. A database schema is then developed for the ER diagrams developed and a suitable strategy for deployment proposed. The paper then concludes with a description of how the project management will be undertaken, with a particular focus on risk management and how the risks will be mitigated

Security is a major concern, especially in the system where clients will be able to conduct transactions and post personal information when using the SBRU system. The students and possibly employees will be updating their social media status; given its rise as a means for interaction and communication, especially when people are on vacation (Luo et al., 2009). Social media has become the preferred communication channel for many people, and so students on the SBRU system as well as employees and partners are going to use it frequently. The social networking subsystem has inherent security risks including phishing and an effective platform for malware attacks as well as identity theft attacks (Rathore et al., 2017), (Rosenblum, 2007). The first step in ensuring the security of the system is to implement governance structures with regard to social media use, both for students at the resort and employees as well as partners (the resorts). Business data must be classified so that employees understand what sensitive information is and what can be posted online; this is because internal weaknesses are likely to exacerbate social networking risks (Fang and LeFevre, 2010). Further, the people that can access the classified and sensitive information must be defined with access rights controlled through two step authentication.  Further, the policy must extend to the students on vacation that will be the biggest users of the social media subsystem. Clear guidelines must be set on how they can create secure passwords (Hajli and Lin, 2014). SBRU should undertake effective monitoring and engage directly whenever there are brand mentions on the social networking subsystem. The firm should keep track of all active social media accounts and ensure they meet the set policies, including on passwords. When users log in, it is likely they will leave the site open; the social networking accounts should be designed in such a way that users are automatically logged out after a period of inactivity, especially when the accounts are accessed from devices such as laptops, desktops, or public access points (Turban et al., 2017). A robust policy for social media use will help avoid cases of human error and accidental posting of sensitive information. Employees must be trained on what kind of information can be posted on the social networking site for everyone else to see because one of the biggest challenges with social media is that everyone connected can see a post or information.  When students check in, their mobile devices must be registered in the master list and the URL as well as identifying features stored; this will ensure that malicious users are detected on time (Liang et al., 2014). The students also need to have a security policy and be told what they can and can not post for their own security. For instance, a student seeking some customer service through the social networking subsystem can post their personal details such as names, or even credit card information; they should be advised strongly against this. The subsystem should also be designed to reject such information being visible to the rest of the users (Gupta, Agrawal and Yamaguchi, 2016).  Further, when the students are using the social networking subsystem, it is important that the back end is designed to monitor the geographic location of the user; all log ins, especially from non-traditional devices or locations must be flagged and confirmation made if the said account holder accessed the account; otherwise it should be immediately suspended to avoid further damage. SBRU can achieve this by creating a master list of all URLs, account holder details, and passwords for administrators (Mohamed and Ahmad, 2012).  Scams involving phishing attacks on social media is a very big and real threat for the social media sub system and this is another priority area for ensuring security. SBRU should invest in a secure technology, and security should be incorporated right from the design phase. Because the social networking subsystem will be hosted on its servers, the design should incorporate a cloud backup in case of problems with the physical hosting servers. Further, the hosting locations must have high level security implemented, including encryption of information in the social networking site when in transport and even at rest (Huang and Benyoucef, 2013). SBRU should implement basic security measures, including a firewall (physical and software) for the social networking site host servers and install network monitoring tools and software to monitor use and help identify malicious users pretending to be ‘friendly’ users (phishing attacks).  The social networking subsystem should have security and use policies set such that it cannot be accessed outside of a given parameter by implementing strict Geo fencing measures; this will ensure malicious users posing as legitimate users are unable t access and exploit the system from a remote location (Henne, Szongott and Smith, 2013).

Security Concerns with the Updated Social Media Subsystem

The schema is developed for the users booking a room based on the ER diagrams developed priorly as shown below;

The development and implementation of the system must follow a systematic approach; the development and testing will be done using the Agile SCRUM framework, in which the systems will be designed, developed, and tested at the end of every sprint backlog and any issues identified and rectified. The framework that best suits such a project requires incremental and continuous improvement, especially with regard to functionality, performance, and security. An incremental approach based on Agile SCRUM will ensure the final system and subsystems have as few faults and problem as possible (Ambler, 2013). The best method to implement the system is using the phased in conversion approach; implementation is a process in which the information system is implemented in a way that makes it highly operational as desired. Implementation entails construction a new system from scratch and adding it to an existing one, or at least having some existing features retained. An effective implementation will enable the users to take over the system operation and evaluates it. The development will follow an agile approach that will ensure frequent testing and evaluation with the intended users. This will ensure new user requirements are identified and any problems or challenges with its use also identified and resolved up front. Implementing a new system such as proposed for SBRU is a form of change within an organization; change implementation always faces resistance and so at the beginning during the planning phase, change management strategies that are effective for the particular case should be used. This requires getting views from staff on the proposed changes and having them involved, through effective leadership so they take ownership of the system from start. This will ensure other interventions, such as implementing security policies are well received and internalized. End user training will be incorporated into the implementation of the system; users will be trained on the new system for booking and how resorts can post and update information (Leffingwell and Reinertsen, 2012). The training will also cover how to work with the new processes, maintain security, and troubleshoot and solve basic problems. Implementation requires conversion as well; conversion refers to the process of migrating to the new system from the old system. Conversion offers a system that is understandable and structured to ensure communication between stakeholders is improved and that the new system implementation is a success. A successful conversion will require a suitable conversion plan that details all activities that must be undertaken during implementation of the new system (Ford et al., 2010). The conversion plan anticipates any challenges or problems and mitigates these upfront; it will form part of the overall risk management strategy. The conversion plan will name all files to be converted, identify data requirements for developing new files during conversion, and list all new procedures and documents required for successful implementation. The plans also detail the controls for every activity and give responsibilities to a person for every activity as well as verify the schedules for conversion. The most suitable conversion method for implementing the new system is the phased in conversion approach in which working versions of the new system are implemented in a specific part of the organization as per feedback and then installed throughout, stage by stage. The new system is then gradually installed across all the users: this method is suitable because it enables training to be incorporated without wasting limited resources (Ford et al., 2010)

The project will be implemented through the Agile SCRUM framework; however, there are still risks inherent to the project that must be mitigated. The table below outlines the risk management strategy for the project 

References 

Ambler, S. (2013). Agile database techniques. Hoboken, N.J.: Wiley.

Fang, L. and LeFevre, K. (2010). Privacy wizards for social networking sites. Proceedings of the 19th international conference on World wide web - WWW '10.

Ford, E., Menachemi, N., Huerta, T. and Yu, F. (2010). Hospital IT Adoption Strategies Associated with Implementation Success: Implications for Achieving Meaningful Use. Journal of Healthcare Management, 55(3), pp.175-189.

Gupta, B., Agrawal, D. and Yamaguchi, S. (2016). Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security. 1st ed. Hoboken, NJ: Wiley.

Hajli, N. and Lin, X. (2014). Exploring the Security of Information Sharing on Social Networking Sites: The Role of Perceived Control of Information. Journal of Business Ethics, 133(1), pp.111-123.

Henne, B., Szongott, C. and Smith, M. (2013). SnapMe if you can. Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks - WiSec '13.

Huang, Z. and Benyoucef, M. (2013). From e-commerce to social commerce: A close look at design features. Electronic Commerce Research and Applications, 12(4), pp.246-259.

Leffingwell, D. and Reinertsen, D. (2012). Agile software requirements. Upper Saddle River (NJ): Addison-Wesley.

Liang, X., Zhang, K., Shen, X. and Lin, X. (2014). Security and privacy in mobile social networks: challenges and solutions. IEEE Wireless Communications, 21(1), pp.33-41.

Luo, W., Liu, J., Liu, J. and Fan, C. (2009). An Analysis of Security in Social Networks. 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, 1.

Mohamed, N. and Ahmad, I. (2012). Information privacy concerns, antecedents and privacy measure use in social networking sites: Evidence from Malaysia. Computers in Human Behavior, 28(6), pp.2366-2375.

Rathore, S., Sharma, P., Loia, V., Jeong, Y. and Park, J. (2017). Social network security: Issues, challenges, threats, and solutions. Information Sciences, 421, pp.43-69.

Rosenblum, D. (2007). What Anyone Can Know: The Privacy Risks of Social Networking Sites. IEEE Security & Privacy Magazine, 5(3), pp.40-49.

Turban, E., Outland, J., King, D., Lee, J., Liang, T. and Turban, D. (2017). Electronic Commerce 2018: A Managerial and Social Networks Perspective. 9th ed. Cham: Springer International Publishing AG.