a.) If we have centralized control of access in an
organization, from C-I-A(Confidentiality, integrity, availability),
which item will be difficult to enforce --
- If we have centralized control of access in an
organization, from confidentiality, integrity and avalability then
the maintaining confidentiality of the organization should be more
complex.
- Confidentiality -- Every organization have
their information which needs to be protected from
unauthorized parties. The confidenitial information of an
organization can be product detail information, bank
account statements, trade secrets, government documents and
organization's personal information.
- Protecting these information is very important part of the
information security.
- The confidential information can be protected by encryption.
encryption make sure that only right people can read the
information.
- Integrity --
- Integrity of information represent protection of information
from being modified by unauthorized parties.
- Cryptography plays an important role ensuring data
integrity. the methods which are used to protect data
include hashing of data you receive and comparing it with hash of
original message.
- Availability -- Availibility of information
represent that authorized parties are able to access the
information when needed.
- But nowdays denying access to information is very common
attack, primary goal of DDos attack is to deny users for
the website access to the resources of the site.
b.) One of the realities of the modern internet is that
new network vulnerabilities will be discovered almost daily. you
can also count on those vulnerability being exploided soon after
they are found. an entire industry is growing and profiting from
these discoveries, wether they are used maliciously or used to lead
to the prevention of future exploitation, as a security consultant,
explain how a possible attack can be launched against the victim
specifically through emails. explain the attack with detail
justification --
- One of the realities of modern internet is that new
network is risie to security vulnerability and
challenges.
- The risk assessment and protection of the organization is very
critical. the employee of the organization should be provided
training for using new technology and security breaches.
- Possible attacks can be launced against victim specifically
through emails. these attacks can be "Phishing" and
"spaming"
- The cyber criminals uses email, instant messaging and social
media to gather information of the organization. these information
can be login credential.
- In phishing the criminal sends fraud email. their intension
behind sending the email is trick the ricipient into installing
malware on his device or sharing personal or financial
information.
- Spam -- it is junk mail. and
unsolicited email. spam can sends harmful
links and maleware.
- The main goal of this to gather sensitive information
like social security number, and bank account
information.
c.) What is the eventual drawback of using ovrelay
complex multifactor authentication schemes --
- Time consuming -- Time to login in your system
and verifying mobile devices can be inconvenient.
- Blocked access -- If you do not set up backup
resources and do not have access to TOTP generator for
authenticating user access, then you will not be granted access for
application or system.
- Can be expensive -- Multi factor
authentication can be expensive if the organization is using the
solution requires to integrate with existing identity
solutions.
- Inconsistencies -- It is very hard to
implement multifactor authentication in entire organization.
- Complexity -- Physical authenticators require
additional drivers which csn be adding diamension of complexity for
deployment support and maintainance. it requires constatly chacking
as per the environments changes.