answer

Running Head: APPLICATION SECURITY 1

APPLICATION SECURITY 2

Application security

Student’s name

Institutional affiliation

Introduction

Security architecture is a technological field that provides rules and guidelines to software designers on the best and practical steps to design a technical product. The security architecture provides clear descriptions through independent documentation, which provide in-depth security control specifications to the software designers (Ashok, Hahn & Govindarasu, 2014). Application security is the process of making applications more enhancing, fixing and finding. The enhancing process primarily is identified and fixed during the developing stage, including the application of tools and methods.

The main benefits of ensuring the development of complex software are to mitigate and eradicate the possibility of black hat hackers attacking an individual or an organization's data. Due to advancement in technology the application security is dominating the technology industry to prevent a data breach. Currently, thousands of security applications from various software developers that are efficient in auditing and providing accessibility to a computer system, evaluating encryption, and locking down suspicious codes are widely available due to many cybercrime threats (Branciard, Cavalcanti, Walborn, Scarani & Wiseman, 2012). Various applications are applicable in designing firewalls, network-based applications and mobile applications.

The thesis statement

My thesis statement is "how can enterprises enhance both the physical security and network security on the individual and the entire organization and why the application security is important?”The physical and network security are practically connected. Therefore the computer experts in an organization should enhance the security infrastructure on the individual and the whole organization level.

Overview

Some decades ago the software developers could develop applications without the idea of a data breach in mind. However, currently, the developers have been keen on developing applications that are difficult to be hacked by unauthorized users. Organizations such as HIPPA in healthcare impose heavy fines when patients' data is breached through cyber attacks. Due to the high increase of data breach, data security during the development of any application is the priority of any software developer. During software development, where security is a concern and a priority, the software developer usually incorporates security documents describing the application of the software in the network and the operating system. The document involves guideline for encryption, password setting and user privilege. Therefore, data security should be the priority and organizations of various sizes should develop strict policies to secure their data.

The purpose of the paper

The purpose of this paper is to provide the technological infrastructure advice that is applicable to both the private and the public enterprise of protection of their data from cyber-attacks. Enterprise should understand that purchasing up-to-date applications is not enough to ensure that the organization's information is protected. Therefore, an organization should also ensure the network and physical security is established and continuously monitored by the IT department of an organization. Network Security involves the protection of data that can be breached through the interference of the computer software in an organization. Today's Network Security is a complex architecture that is continuously changing, and the attacks keep on looking for the vulnerability to attack an organization's data.

On the other hand, physical security involves protecting the hardware computer infrastructure in an organization (Zeldovich, Kannan, Dalton & Kozyrakis, 2008). The main competitors of an organization and the black hat hackers can attack an organization's physical security by either vandalizing the computer infrastructure or using the codes, particularly in the servers room, to attack the network security. Although the computer infrastructure in an organization is more prone to black hat, hackers can also be attacked by natural phenomena such as power fluctuation, fire and flood. An organization's data may not be permanently lost during a natural calamity, but it might be hard and expensive for the organization to retrieve the sensitive data.

Background

History of the topic

Computer technology has been a growing field since introducing the first computer globally by the Microsoft Company. Many organizations have been using computer technological infrastructure to secure their data from misdirection, disruption and theft. Since the emergency of the computer interconnection through the wireless network such as the Wi-Fi and the Bluetooth, the data stored in the computer became vulnerable to cybercrime (Figueroa Lorenzo, Añorga Benito, García Cardarelli, Alberdi Garaia & Arrizabalaga Juaristi, 2019). Currently, televisions and Smartphone are using the concepts of the "Internet of thing." by applying its complexity. However, the history of the topic emerged in the computer field due to significant challenges of cybersecurity.

In April 1967, Willis held a meeting at the Spring Joint Computer Conference about the importance of developing measures to secure information on the computer. The data was later published in the Ware Report, which was the foundation of computer security history. Ware's technological proposal connected social, political, culture and intersection of material concerning computer security. Later in 1977, the NIST published a report that developed the "CIA triad". The information enables the NIST department to enhance computer security by ensuring data availability, integrity and confidentiality during forensic investigations. Since then, the National Security Agency (NSA) was assigned to secure the United State's data and gather foreign intelligence.

Discussion

Benefits of application security

Based on Veracode's State of Software Security Vol.10 report, almost twenty percent of the total applications have at least have one severe flaw (Mahlous, 2018). Although not all the flaw indicates an extreme risk to the organization data, some make an organization lose sensitive and critical data. The faster and sooner the software developers established applications that effectively identify and fix attacks, the safer the organizations will secure their data. Security applications are critical in ensuring data, mainly when there is human error in using the computer infrastructure. For instance, when an employee makes a mistake, coding might allow the black hat hackers to attack an organization data due to t unverified inputs (Hahn, Ashok, Sridhar & Govindarasu, 2013). The black hat hackers are always keen on utilizing such vulnerability since they turn into SQL injections easily linked to cyber security crimes.

Application security tools allow organizations to integrate the applications of the development environments, which ensure the data security is more practical, easier and effective in protecting the organization's information. The applications are beneficial to organizations that do not monitor and audit their computer infrastructure since they can identify the risks before the audit is done.

Application security has led to the rapid growth of software development, thus ensuring organizations are applying the most effective and up-to-date software that efficient in securing the organization's sensitive information. Therefore application security has laid a competitive market in the development of the applications. Gone are the days when software developers could take months to test prototypes, build, deliver a final product to the end-user department. Currently, organizations can enjoy various applications; new working methods are referred to as continuous deployment and integration that enable organizations to identify and fix attacks on demand.

Identification of the obstacles

Although there are numerous and practical applications to secure data in a computer system, various obstacles prevent an organization from achieving the security goals. The first obstacle is lack of training and lack of knowledge to reduce the computer security vulnerability by the employees (Zonouz, Davis, Davis, Berthier, Bobba & Sanders, 2013). First, employees should reduce or minimize phishing attacks that attack an organization data by opening suspicious emails. Phishing emails target the employees through direct information concerning the employees, such as employee's remuneration, promotion and security policies. Employees are likely to open the emails since they concern them directly. Most of those emails are phishing emails and usually directs the employees to links that obtain a username, passwords, and codes used to attack the organization's critical information. Therefore, employees should be trained on how to identify suspicious messages no matter how enticing they might look in the employees' eyes.

The other obstacle that prevents organizations from effectively securing their data is an overemphasis on network securing and paying less attention to physical security. Failure to monitor physical security also creates vulnerability to applications and software attacks. Sometimes employees are the internal threat to an organization data. Some codes and in the servers and database room can be accessed by unauthorized users and used by the black hat hackers to compromise employees' and organizations sensitive information. For an organization to be guaranteed that the organization is effective in an application, security should ensure both the network and physical security are monitored.

Innovation to enhance data security

Based on physical security, an organization should monitor people accessing the database, servers and computer rooms through innovation such as CCTV's technology. The guard personnel will monitor people who might be trying to access the computer rooms without the necessary documentation (Jones, Davis, Turnquist & Nozick, 2006). Specific personnel from the IT department should be the only people with authority to access servers' rooms. An organization can use innovation such as an access control system where specific employees can issue an ID card to access the servers' room. The process will enable the organizations to hold specific employees responsible and accountable for any linkage of sensitive information from those rooms.

Visitors are also authorized people who can compromise an organization's data; they should be monitored by providing them with visitors' badges and signing in the system visitors. Based on network security, an organization should ensure password policies for the computer systems are adhered to by all employees. For instance, a password should be long and should not be use patterns like 1, 2, 3….or used ID numbers or bank credential (Lai & Hsia, 2007). The IT department should be proactive and develop technological policies. For continuous monitoring of the computer system. The IT department should guide the organization to purchase the software from registered software developers. All the applications should be protected by installing up-to-date firewalls.

Summary of the overall study

Based on the paper, the topic of “Application Security Practice Connection" provides detailed information about security architecture that provide rules, policies, and guidelines on protecting data during designing technological products. Although an organization might be applying the best software in protecting it data, there are other vulnerabilities that might jeopardize an organization's sensitive information.

First, an organization should ensure that it enhances its physical security by limiting the number of people that visits the servers and database rooms. This can be enhanced by installing CCTV's to monitor both the visitors and the employees in an organization. The paper also indicates that employees also might act as an internal threat by conveying critical information to the black hat hackers. Secondly, an organization should also ensure a clear policy to network security by installing an up-to-date firewall and a comprehensive password. To ensure maximum protection of data in an enterprise, no area should be left unaddressed.

Lesson learnt

The main lesson learnt from the study is the data security is a combination of effort from all the stakeholders. The organization's management should fund the employees for workshops and seminars to ensure they are part and parcel of data protection and mitigation. First, the senior management should ensure employees can note the phishing emails and alert the IT department. Additionally, before implementing any computer technology, the employees should be involved in the planning and implementation to be willing to adopt and embrace the technology. The other major lesson learnt is that to ensure maximum protection of data, the organization should first purchase software from registered software developers, then ensure strict policy to enhance the physical and network security of the organization.

Conclusion

Application security is a technological area that organizations should research more when planning to purchase effective software (Ahern, Clouse & Turner, 2004). Additionally, both the software developers and the IT students should utilize the technological area since there is a broader market for the applications due to the increase in cybercrime cases across the globe. An organization should also ensure surety measures of the computer infrastructure by enhancing the network's security and physical security infrastructure.

References

Ahern, D. M., Clouse, A., & Turner, R. (2004). CMMI distilled: a practical introduction to integrated process improvement. Addison-Wesley Professional.

Ashok, A., Hahn, A., & Govindarasu, M. (2014). Cyber-physical security of wide-area monitoring, protection and control in a smart grid environment. Journal of advanced research, 5(4), 481-489.

Branciard, C., Cavalcanti, E. G., Walborn, S. P., Scarani, V., & Wiseman, H. M. (2012). One-sided device-independent quantum key distribution: Security, feasibility, and the connection with steering. Physical Review A, 85(1), 010301.

Figueroa Lorenzo, S., Añorga Benito, J., García Cardarelli, P., Alberdi Garaia, J., & Arrizabalaga Juaristi, S. (2019). A comprehensive review of RFID and Bluetooth security: Practical analysis. Technologies, 7(1), 15.

Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security test beds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), 847-855.

Jones, D. A., Davis, C. E., Turnquist, M. A., & Nozick, L. K. (2006, January). Physical security and vulnerability modeling for infrastructure facilities. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) (Vol. 4, pp. 79c-79c). IEEE.

Lai, Y. P., & Hsia, P. L. (2007). Using the vulnerability information of computer systems to improve network security. Computer Communications, 30(9), 2032-2047.

Mahlous, A. R. (2018). SSR: A framework for secure software reuse. Int. J. Inform. Technol. Secure, 10, 87-98.

Zeldovich, N., Kannan, H., Dalton, M., & Kozyrakis, C. (2008, December). Hardware Enforcement of Application Security Policies Using Tagged Memory. In OSDI (Vol. 8, pp. 225-240).

Zonouz, S., Davis, C. M., Davis, K. R., Berthier, R., Bobba, R. B., & Sanders, W. H. (2013). SOCCA: A security-oriented cyber-physical contingency analysis in power infrastructures. IEEE Transactions on Smart Grid, 5(1), 3-13.