Question

Consider the following scenario: In this assignment, you will consider the need for security controls to protect the availability, confidentiality, and integrity of electronic data. Continuing with the scenario from Week 2 Discussion, every registered user of Paul Gray's online share trading company is required to read the safety and privacy page of the portal. As a secure portal, it has Secure Socket Layer (SSL) as a security measure. Gray has asked you to help him with this aspect of security as well. As many of Gray's clients would also like to know about tax saving measures when they trade, Gray has hired Steve Davis as a tax consultant. Davis works from home and travels to his clients all over the country. Occasionally, he visits client sites, and takes his laptop with him on all such trips. Gray has asked for recommendations on his current system and for Davis and his setup.

Answer the following questions: On Gray’s portal, what security measures in addition to SSL can be deployed to ensure the privacy of users in an online environment? Provide at least two security measures and explain why they would be beneficial. What benefit does each provide to the user? How can the user be sure it is working properly?

For Davis, which top two security measures should he take to ensure that his data and the connection to Gray's network are best protected against attack? Describe the security provided by each measure and explain why it is important. Defend your choice of measures in the discussions that follow. Are these two measures sufficient to call the laptop secure? Why or why not? If not, what aspect of security is still missing?

Answer 1

On Gray's portal the security measures along with SSL are as follow:

Data encryption, data integrity checks to be made and client authentications.. Use of PGP (Pretty good privacy) is an additional security encrypting messages and attachments.

The security measures should be to use encryption technique as it would help to prevent the confidential information from getting leaked.

The other being use of client authentication before accessing any stuff.

Several checks and testing needs to be done before the complete execution of the product as the user uses it.

For davis a secure connection with Gray's network with antivirus installed and also with the authentication which would be known to the parties responsible is needed.

The security measures are with respect to control and configuration . The other being with respect to privacy and protection of data's. Yes the above measures are secure enough for the laptop to be secure.