Security assessment Motor online taxi operation system for company ABC

Document Type:Coursework

Subject Area:Computer Science

Document 1

There has been an increase in the digitization of taxi operations, with the latest trend being online taxi operation mobile systems. Despite this being a great way of embracing the digital wave, it leaves security experts and scholars with a lot of questions, especially on how safe the users of the system are. This paper seeks to analyze the current security condition of the computer and network system of company ABC. After a detailed assessment of the company’s existing security condition on the information assets, the team led by one of the firm’s directors and a risk assessment manager identified some security threats. These included a SQL injection on the firm’s database, weak passwords among many users, little or no measures to mitigate emergency cyber-attacks on the computer and network system of the organization and a potential malicious activity from some of the external employees that the firm contracts.

Sign up to view the full document!

On the other side, we also have the network administrator. This is the person who basically has the authority to control the number of computers that get access to the company’s data systems (Kizza, 2017). Very close to him is the database administrator. This is the person in charge or controlling the database systems of the company. Last but not list in the crucial team to be present in the security assessment program is the risk assessment manager. Also, the company is mandated to store a certain category of information for legal purposes. Finally, the site stores information as either continuity plans or fallback arrangements which are basically there to cate for emergency site failures. Another category of the firm’s critical assets are the software assets.

Sign up to view the full document!

It takes a lot of resources to develop and maintain company’s software. These include highly specialized human resource, financial resource, and time resource, among others (Castilla & Gallardo, 2016). Besides that, the team also incorporated a number of assessment tools security assessment tools. These include Appscan, nmap, and Nessus. Their main aim is to detect any vulnerabilities present in the mobile system. On top of that, the team carried out assessments on a number of potential sources of security threats that would help identify possible vulnerabilities in the system. The team then followed through each possible type of transaction so as to assess the flow of data and identify the various control points. Also, the team was amazed at how weak the password strengths of more than half of the users were.

Sign up to view the full document!

This would make it easy for any person with malicious motives to easily guess the password and thus gain unauthorized access to the personal accounts of the users. On the other hand, the mobile system’s existing methods of disaster management were very few, with the ones present not being responsive enough. This would potentially lead to a negative impact on the firm through its systems shutting down in case of any significant loss or damage to its data or entire system at large (Pant, Hall & Blainey, 2016). In addition to the above, the risk assessment team realized that the firm had little or no integrity checks on the site. This was seconded by a number of definitions as identified below: Likelihood Definition Low In this category, the probability of a threat taking advantage of a vulnerability and consequently resulting into damage or loss of information in the system, is little or none.

Sign up to view the full document!

Moderate Here, there is some probability that the source of the threat will take advantage of the vulnerability and consequently lead to loss or damage of the system partially or wholly, but nevertheless, there are controls already put in place to mitigate the adverse effects of the same. High Here, there is a high probability that the threat will fully take advantage of the threat and result to a considerable amount or loss or damage of information. In some cases, the whole system may be affected and as a result shut down. Impact Description Low The impact could be termed low if little or no loss or damage to the data and system occurred after the advancement of threats on the vulnerabilities.

Sign up to view the full document!

It is important to note that a majority of these security policies would cost the organization a significant amount of finances to adopt them. Nevertheless, they are likely to prevent business failure as a result of technical issues. The following are some of the policies that the team thought would help protect the company’s assets. Wireless Network and Guest Access Policy This policy outlines procedures that the company would possibly undertake to improve security on its wireless infrastructure. The policies would apply to anyone who accesses the company network through a wireless connection including the guest. Incident Response Policy Incidents of breach of security in a company may be of many types. An Incident Response Policy is important to recover a firm successfully from an incident of high risk.

Sign up to view the full document!

The policy applies to all incidents that may affect the integrity and more so the safety of the data assets of the company and shows the procedures to take in the case such an incident ever occurs. This method works by first detecting any danger on the organization’s computer system before assisting in the location of the various data files that have been affected. Moreover, the above policy provides a number of solutions that the company can easily adopt incase certain threats take advantage of the vulnerabilities present (Siponen, Mahmood & Pahnila, 2014. The policy applies to users of all corporate IT resources, email, and the corporate network and computer systems as well. Physical Security Policy This security policy is aimed at protecting the physical assets of the company by putting up standards for safe operations.

Sign up to view the full document!

Despite the method being cumbersome, it ought to be put to the safety of the physical Information Technology resources to make sure they are protected from risks so as to secure the data and information of the company (Gandomi & Haider, 2015). The policy would apply to the network devices provided or owned by the company and any person working or visiting the physical location of the company offices (Siponen, Mahmood & Pahnila, 2014). Internet Architecture and Technology The Internet Engineering Task Force introduced layers of security mechanisms of the Internet Protocol Suite so as to curb cyber-attacks from viruses, Trojans, phishing, eavesdropping, IP spoofing attacks and malware. References Castilla-Polo, F. , & Gallardo-Vázquez, D. The main topics of research on disclosures of intangible assets: a critical review.

Sign up to view the full document!

From $10 to earn access

Only on Studyloop

Original template

Downloadable