Security assessment Motor online taxi operation system for company ABC
Document Type:Coursework
Subject Area:Computer Science
There has been an increase in the digitization of taxi operations, with the latest trend being online taxi operation mobile systems. Despite this being a great way of embracing the digital wave, it leaves security experts and scholars with a lot of questions, especially on how safe the users of the system are. This paper seeks to analyze the current security condition of the computer and network system of company ABC. After a detailed assessment of the company’s existing security condition on the information assets, the team led by one of the firm’s directors and a risk assessment manager identified some security threats. These included a SQL injection on the firm’s database, weak passwords among many users, little or no measures to mitigate emergency cyber-attacks on the computer and network system of the organization and a potential malicious activity from some of the external employees that the firm contracts.
On the other side, we also have the network administrator. This is the person who basically has the authority to control the number of computers that get access to the company’s data systems (Kizza, 2017). Very close to him is the database administrator. This is the person in charge or controlling the database systems of the company. Last but not list in the crucial team to be present in the security assessment program is the risk assessment manager. Also, the company is mandated to store a certain category of information for legal purposes. Finally, the site stores information as either continuity plans or fallback arrangements which are basically there to cate for emergency site failures. Another category of the firm’s critical assets are the software assets. It takes a lot of resources to develop and maintain company’s software.
These include highly specialized human resource, financial resource, and time resource, among others (Castilla & Gallardo, 2016). Besides that, the team also incorporated a number of assessment tools security assessment tools. These include Appscan, nmap, and Nessus. Their main aim is to detect any vulnerabilities present in the mobile system. On top of that, the team carried out assessments on a number of potential sources of security threats that would help identify possible vulnerabilities in the system. The team then followed through each possible type of transaction so as to assess the flow of data and identify the various control points. Also, the team was amazed at how weak the password strengths of more than half of the users were. This would make it easy for any person with malicious motives to easily guess the password and thus gain unauthorized access to the personal accounts of the users.
On the other hand, the mobile system’s existing methods of disaster management were very few, with the ones present not being responsive enough. This would potentially lead to a negative impact on the firm through its systems shutting down in case of any significant loss or damage to its data or entire system at large (Pant, Hall & Blainey, 2016). In addition to the above, the risk assessment team realized that the firm had little or no integrity checks on the site. This was seconded by a number of definitions as identified below: Likelihood Definition Low In this category, the probability of a threat taking advantage of a vulnerability and consequently resulting into damage or loss of information in the system, is little or none. Moderate Here, there is some probability that the source of the threat will take advantage of the vulnerability and consequently lead to loss or damage of the system partially or wholly, but nevertheless, there are controls already put in place to mitigate the adverse effects of the same.
High Here, there is a high probability that the threat will fully take advantage of the threat and result to a considerable amount or loss or damage of information. In some cases, the whole system may be affected and as a result shut down. On the other side, the also had a qualitative analysis table for determining the impact of the threat on the computer mobile system, as follows: The team then combined the two tables so at determine the level of risk subjected to the company. Wireless Network and Guest Access Policy This policy outlines procedures that the company would possibly undertake to improve security on its wireless infrastructure. The policies would apply to anyone who accesses the company network through a wireless connection including the guest. Wireless access can only be secure if certain measures are undertaken to mitigate the risks identified in the above section.
Guest access to the network of company ABC should be important for clients or consultants coming to the physical location of the company. Thus, the access of the guest to the network of the company ought to be closely monitored and controlled (Siponen, Mahmood & Pahnila, 2014). This method works by first detecting any danger on the organization’s computer system before assisting in the location of the various data files that have been affected. Moreover, the above policy provides a number of solutions that the company can easily adopt incase certain threats take advantage of the vulnerabilities present (Siponen, Mahmood & Pahnila, 2014. Email Policy Emails are widely used as a formal means of communication especially in the business world. Nonetheless, emails pose a great security risk to the network of the company. Emails could also have an effect on the liability of the company since they contain written records of communication between involved parties.
The policy would apply to the network devices provided or owned by the company and any person working or visiting the physical location of the company offices (Siponen, Mahmood & Pahnila, 2014). Internet Architecture and Technology The Internet Engineering Task Force introduced layers of security mechanisms of the Internet Protocol Suite so as to curb cyber-attacks from viruses, Trojans, phishing, eavesdropping, IP spoofing attacks and malware. The following are some of the security types to be used to protect the company’s assets. a) Cryptographic Systems Cryptographic Security systems generally compose of keys, algorithms and key management facilities including the symmetric private key and asymmetric public key. b) Firewall This network security system could be used in the company’s network to control and monitor the outgoing and incoming network traffic based on regulations already set before.
Accounting, Auditing & Accountability Journal, 29(2), 323-356. Gandomi, A. Haider, M. Beyond the hype: Big data concepts, methods, and analytics. International Journal of Information Management, 35(2), 137-144. W. Blainey, S. P. Vulnerability assessment framework for interdependent critical infrastructures: case-study for Great Britain's rail network. European Journal of Transport & Infrastructure Research, 16(1).
From $10 to earn access
Only on Studyloop
Original template
Downloadable
Similar Documents