Question

In: Computer Science

If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective,...

If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective, which item will be difficult to enforce? (b) One of the realities of the modern Internet is that new network vulnerabilities will be discovered almost daily. You can also count on those vulnerabilities being exploited soon after they are found. An entire industry is growing and profiting from these discoveries, whether they are used maliciously or used to lead to the prevention of future exploitation. As a security consultant, in your words, explain how a possible attack can be launched against the victim specifically through emails. Explain the attack with detailed justification. (c) What is the eventual drawback of using overly complex multifactor authentication schemes?

Solutions

Expert Solution

a.) If we have centralized control of access in an organization, from C-I-A(Confidentiality, integrity, availability), which item will be difficult to enforce --

  • If we have centralized control of access in an organization, from confidentiality, integrity and avalability then the maintaining confidentiality of the organization should be more complex.
  • Confidentiality -- Every organization have their information which needs to be protected from unauthorized parties. The confidenitial information of an organization can be product detail information, bank account statements, trade secrets, government documents and organization's personal information.
  • Protecting these information is very important part of the information security.
  • The confidential information can be protected by encryption. encryption make sure that only right people can read the information.
  • Integrity --
  • Integrity of information represent protection of information from being modified by unauthorized parties.
  • Cryptography plays an important role ensuring data integrity. the methods which are used to protect data include hashing of data you receive and comparing it with hash of original message.
  • Availability -- Availibility of information represent that authorized parties are able to access the information when needed.
  • But nowdays denying access to information is very common attack, primary goal of DDos attack is to deny users for the website access to the resources of the site.

b.) One of the realities of the modern internet is that new network vulnerabilities will be discovered almost daily. you can also count on those vulnerability being exploided soon after they are found. an entire industry is growing and profiting from these discoveries, wether they are used maliciously or used to lead to the prevention of future exploitation, as a security consultant, explain how a possible attack can be launched against the victim specifically through emails. explain the attack with detail justification --

  • One of the realities of modern internet is that new network is risie to security vulnerability and challenges.  
  • The risk assessment and protection of the organization is very critical. the employee of the organization should be provided training for using new technology and security breaches.
  • Possible attacks can be launced against victim specifically through emails. these attacks can be "Phishing" and "spaming"
  • The cyber criminals uses email, instant messaging and social media to gather information of the organization. these information can be login credential.
  • In phishing the criminal sends fraud email. their intension behind sending the email is trick the ricipient into installing malware on his device or sharing personal or financial information.
  • Spam -- it is junk mail. and unsolicited email. spam can sends harmful links and maleware.
  • The main goal of this to gather sensitive information like social security number, and bank account information.

c.) What is the eventual drawback of using ovrelay complex multifactor authentication schemes --

  • Time consuming -- Time to login in your system and verifying mobile devices can be inconvenient.
  • Blocked access -- If you do not set up backup resources and do not have access to TOTP generator for authenticating user access, then you will not be granted access for application or system.
  • Can be expensive -- Multi factor authentication can be expensive if the organization is using the solution requires to integrate with existing identity solutions.
  • Inconsistencies -- It is very hard to implement multifactor authentication in entire organization.
  • Complexity -- Physical authenticators require additional drivers which csn be adding diamension of complexity for deployment support and maintainance. it requires constatly chacking as per the environments changes.

Related Solutions

QUESTION 1 The C-I-A Triad (confidentiality, availability, and integrity) make up the three: exposures to a...
QUESTION 1 The C-I-A Triad (confidentiality, availability, and integrity) make up the three: exposures to a threat. most common types of security controls. assurances that requested information is available to authorized users upon request. tenets of information security. 1 points    QUESTION 2 What name is given to the assurance that requested information is available to authorized users upon request? Detective control Availability Confidentiality Integrity 1 points    QUESTION 3 Which of the following refers to the assurance that information...
What are the three main goals of the CIA (Confidentiality-Integrity-Availability) Security Triad and what are the...
What are the three main goals of the CIA (Confidentiality-Integrity-Availability) Security Triad and what are the most common gaps you see exploited today? What is the relevance of CIA Triad in the globalized networked environments today?
Review the three attributes you learned in Cybersecurity: Confidentiality, Integrity and Availability. Learn Information Assurance and...
Review the three attributes you learned in Cybersecurity: Confidentiality, Integrity and Availability. Learn Information Assurance and understand why two more attributes, Authentication and Nonrepudiation, should be involved in the Security Services dimension, and what the Time dimension for information security and assurance discusses. Write a short paper to discuss and describe your understanding.
Define the following terms and security objectives and give examples: Confidentiality Integrity Availability Authentication Authorization
Define the following terms and security objectives and give examples: Confidentiality Integrity Availability Authentication Authorization
The Availability of Healthcare: Who should have access to the best care?
The Availability of Healthcare: Who should have access to the best care?
An advantage of a centralized organization is that it: a. tends to have a uniform customer...
An advantage of a centralized organization is that it: a. tends to have a uniform customer approach across the front lines. b. typically has a high level of employee morale. c. gives decision-making power to employees at all levels of the organization. d. is highly responsive to customer needs.
I. Describe the differences between discretionary access control model and mandatory access control model II. File...
I. Describe the differences between discretionary access control model and mandatory access control model II. File permissions in Linux can be also represented in digits from 0-7 for the owner, group and others with reading as the most significant bit (E.g., the value 6 represents the permission right rw- for a file). Suppose a file in Linux has the permission as the digits 764. • What does this permission right indicate for the owner/user, group and others? • What is...
C++ - Almost done, I have a problem with read access violation error. This is the...
C++ - Almost done, I have a problem with read access violation error. This is the link to my assignment first part: https://pastebin.com/yvcvdqLY second part: https://pastebin.com/vY7MK1Bf, My header file: https://pastebin.com/pcJnctgu My .cpp file: https://pastebin.com/9jAfP9u8 My source file: https://pastebin.com/kFsidY2k
I have a dream speech from a student perspective. 3 paragraphs
I have a dream speech from a student perspective. 3 paragraphs
From a cardiovascular stability/blood pressure control perspective
From a cardiovascular stability/blood pressure control perspective, would it be more beneficial to have an athlete stand still or to continue walking slowly during recovery from a maximal 400 meter run? Why?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT