acc-3

profileRadina99
Comments.docx
Home>Information Systems homework help>acc-3

Comments-1 100 Words. Organizations must ensure the security of all the data and information they hold, as a breach of any information affects the individuals or customers involved and the organization's reputation. In the local breach of sensitive data case study, there are several measures that EducationS and test provider to prevent this breach. One of the ways this can be done is by limiting access to the most valuable data. This is most effective when the organization implements the art of separation of responsibilities (Phua, 2009). This means that employees in the organization will have accounts to access the system. These accounts will have different rights such that specific people who are relevant to these resources access them. When you limit who is allowed to view certain documents, you narrow the pool of employees who might accidentally click on a harmful link. This is one of the most effective solutions in which companies can reduce the possibility of a security breach.

Mandatory access control is another measure that would have been taken to prevent the security breach. This means restricting access to objects based on the sensitivity of the objects' information and the formal authorization of subjects to access information of such sensitivity (Chapple et al., 2013). The organization should put measures where a person requesting access to a classified file must have both the owner's permission and have appropriate clearance before access is granted. This will ensure that the right people access the right data and that complete clearance is given before any access to any data or resource held by the organization. The security administrators must also be well trained to ensure that system security is enforced at all times.

References

Chapple, M., Ballad, B., Ballad, T., & Banks, E. (2013). Access Control, Authentication, And Public Key Infrastructure. Jones & Bartlett Learning.

Phua, C. (2009). Protecting organisations from personal data breaches. . Computer Fraud & Security, 13-18.

Bottom of Form

Comments-2 100 Words. By reviewing the sensitive local breach which had been provided in the text sheet is explaining the security incident that occurred at the EducationS organization. EducationS are one of the factorial organizations which had been working very hard to perform effective online courses for their students (Niu et al., 2017). It is one of the reputational and successful organizations in current society but unfortunately, it hit a data breach that created headlines in the business world. The sensitive data breach which is occurred in the EducationS organization results in the expose of nearly 100,000 students' personal information.

Attackers targeted the database of the organization when they are switching internet service providers in recent years without having proper security measures. Even authorities don’t have the necessary privacy and authentication services for their data management systems which provides opportunities for an attacker to implement their tasks. Sensitive information that is available in the attacked database device includes personal data of students like names, date of births, learning disabilities, test performance, qualifications, and others (Thomchick & San Nicolas-Rocca, 2018). The report which had provided by the local newspapers describes that student details of Education service can be easily accessed with simple web searches because attackers exposed them to internet platforms which caused a serious impact on firm and students carrier.

By analyzing this incident we can say that educational service should take proper security and authentication techniques to protect their student's personal information. Even they have to secure information systems and internet services for avoiding the security breaches which are possible in their past. In order to overcome internet-based threats and sensitive data breaches, authorities of the EducationS firm should integrate risk management, intrusion detection, access control, encryption, and regular analysis operations. With the support of these security measures, we can easily discover the possible breaches for mitigating them (West et al., 2019). Lack of security awareness and weak password protection is lead to an EducationS security breach which can be controlled with a strong password, access control, and advanced authorization methods.

References

Niu, W., Zhang, X., Yang, G., Zhu, J., & Ren, Z. (2017). Identifying APT Malware Domain Based on Mobile DNS Logging. Mathematical Problems in Engineering, 1–9.  https://doi.org/10.1155/2017/4916953

Thomchick, R., & San Nicolas-Rocca, T. (2018). Application Level Security in a Public Library: A Case Study. Information Technology & Libraries, 37(4), 107–118.  https://doi.org/10.6017/ital.v37i4.10405

West, R., Budde, E., & Hu, Q. (2019). Neural correlates of decision making related to information security: Self-control and moral potency. PLoS ONE, 14(9), 1–21.  https://doi.org/10.1371/journal.pone.0221808

Comments-3 100 Words.     Federated identity management is an arrangement that is made between two or more trust domains. It allows end-users to access applications and other services using a similar digital identity. Federated identity management can impact the processes of identifying end-users by:

Simplifying data management and storage costs. Data management is made simpler by sharing digital identity with more than two domains (Stallings, 2016). The digital identity ensures that access to the application is limited to the persons who can be easily identified and share the same domains as per the identity federation.

The federated identity management users will only need to remember one set of credentials, which provides a seamless user experience. The FIM system simplifies and reduces the complications when an authorized person needs to access the systems (Bendiab, Shiaeles, and Boucherkha, 2018). This brings about the efficiency of operations and easier sharing of information over the domains without fear or second thought of vulnerability.

The process will ensure user identification and the avoidance of administrative overhead by delegating account and password management responsibilities to the resident identity provider rather than gathering multiple identity silos to be managed. Roth, Popick, and Behm (2016) reported that Delegation of account passwords to the resident provider could be a risk that might make the whole system accessed by unauthorized persons. Therefore, FIM helps in avoiding such vulnerabilities.

 

 

References

Stallings, W. (2016). Cryptography and network security: Principles and practice (8th ed.). Pearson.

Roth, G. B., Popick, D. S., & Behm, B. J. (2016). U.S. Patent No. 9,418,213. Washington, DC: U.S. Patent and Trademark Office.

Bendiab, K., Shiaeles, S., & Boucherkha, S. (2018, February). A new dynamic trust model for" on Cloud" Federated Identity Management. In 2018 9th IFIP International Conference on New Technologies, Mobility, and Security (NTMS) (pp. 1-5). IEEE.

Comments-4100 Words. A federated identity management solution means that the ID management system on the Internet can automatically configure and automatically provide users with their own identity without such a user's database. Federation provides new and exciting ways of establishing identities that can lead to a more robust and more secure identity and create more complex and multi-level identities, leading to more security risks. A biometric means a type of virtual identity that allows users to use other user-based devices to create their user or virtual-identity. For example, the system can act as a biometric device to scan, scan, scan, scan. The identity will add to the user's profile where the user can add their face to the profile and the user. If a user has more than one biometric device, he needs to add each device to the users (Edris, Aiash, & Loo, 2020).

A single point of contact may not have any multiple of three other contact points required to connect an operation. If a connection has for multiple operations, it has to do before any communication. If communication has to wait for further communication, it has to do before connecting a new connection. It has by providing a point of contact that has already connected for that operation. The communication is only for that operation. If the communication is for another operation, a new contact point must add to the application's point of the contact list. If the new contact point cannot be connected, communication must wait until the new contact point is connected. Again, this has by providing a new contact point that has already connected to that operation. Try to use more people or more information than allowed. They will face a technical problem like a hacker might intercept the data and recover it. In that, the data may not be recoverable at all. A hacker might be able to steal the data and recover it. The data might be recoverable at all, but only if it has a store on the compromised device (Kumar & Honnavalli, 2020).

 

References

Edris, E. K. K., Aiash, M., & Loo, J. (2020). The case for federated identity management in 5G communications.

Kumar M, N., & Honnavalli, P. B. (2020). Dynamic Federation in Federated Identity Management. Suganthi and Honnavalli, Prasad B, Dynamic Federation in Federated Identity Management (May 15, 2020).