Question

In: Computer Science

If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective,...

If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective, which item will be difficult to enforce? (b) One of the realities of the modern Internet is that new network vulnerabilities will be discovered almost daily. You can also count on those vulnerabilities being exploited soon after they are found. An entire industry is growing and profiting from these discoveries, whether they are used maliciously or used to lead to the prevention of future exploitation. As a security consultant, in your words, explain how a possible attack can be launched against the victim specifically through emails. Explain the attack with detailed justification. (c) What is the eventual drawback of using overly complex multifactor authentication schemes?

Solutions

Expert Solution

a.) If we have centralized control of access in an organization, from C-I-A(Confidentiality, integrity, availability), which item will be difficult to enforce --

  • If we have centralized control of access in an organization, from confidentiality, integrity and avalability then the maintaining confidentiality of the organization should be more complex.
  • Confidentiality -- Every organization have their information which needs to be protected from unauthorized parties. The confidenitial information of an organization can be product detail information, bank account statements, trade secrets, government documents and organization's personal information.
  • Protecting these information is very important part of the information security.
  • The confidential information can be protected by encryption. encryption make sure that only right people can read the information.
  • Integrity --
  • Integrity of information represent protection of information from being modified by unauthorized parties.
  • Cryptography plays an important role ensuring data integrity. the methods which are used to protect data include hashing of data you receive and comparing it with hash of original message.
  • Availability -- Availibility of information represent that authorized parties are able to access the information when needed.
  • But nowdays denying access to information is very common attack, primary goal of DDos attack is to deny users for the website access to the resources of the site.

b.) One of the realities of the modern internet is that new network vulnerabilities will be discovered almost daily. you can also count on those vulnerability being exploided soon after they are found. an entire industry is growing and profiting from these discoveries, wether they are used maliciously or used to lead to the prevention of future exploitation, as a security consultant, explain how a possible attack can be launched against the victim specifically through emails. explain the attack with detail justification --

  • One of the realities of modern internet is that new network is risie to security vulnerability and challenges.  
  • The risk assessment and protection of the organization is very critical. the employee of the organization should be provided training for using new technology and security breaches.
  • Possible attacks can be launced against victim specifically through emails. these attacks can be "Phishing" and "spaming"
  • The cyber criminals uses email, instant messaging and social media to gather information of the organization. these information can be login credential.
  • In phishing the criminal sends fraud email. their intension behind sending the email is trick the ricipient into installing malware on his device or sharing personal or financial information.
  • Spam -- it is junk mail. and unsolicited email. spam can sends harmful links and maleware.
  • The main goal of this to gather sensitive information like social security number, and bank account information.

c.) What is the eventual drawback of using ovrelay complex multifactor authentication schemes --

  • Time consuming -- Time to login in your system and verifying mobile devices can be inconvenient.
  • Blocked access -- If you do not set up backup resources and do not have access to TOTP generator for authenticating user access, then you will not be granted access for application or system.
  • Can be expensive -- Multi factor authentication can be expensive if the organization is using the solution requires to integrate with existing identity solutions.
  • Inconsistencies -- It is very hard to implement multifactor authentication in entire organization.
  • Complexity -- Physical authenticators require additional drivers which csn be adding diamension of complexity for deployment support and maintainance. it requires constatly chacking as per the environments changes.

Related Solutions

QUESTION 1 The C-I-A Triad (confidentiality, availability, and integrity) make up the three: exposures to a...
QUESTION 1 The C-I-A Triad (confidentiality, availability, and integrity) make up the three: exposures to a threat. most common types of security controls. assurances that requested information is available to authorized users upon request. tenets of information security. 1 points    QUESTION 2 What name is given to the assurance that requested information is available to authorized users upon request? Detective control Availability Confidentiality Integrity 1 points    QUESTION 3 Which of the following refers to the assurance that information...
What are the three main goals of the CIA (Confidentiality-Integrity-Availability) Security Triad and what are the...
What are the three main goals of the CIA (Confidentiality-Integrity-Availability) Security Triad and what are the most common gaps you see exploited today? What is the relevance of CIA Triad in the globalized networked environments today?
Review the three attributes you learned in Cybersecurity: Confidentiality, Integrity and Availability. Learn Information Assurance and...
Review the three attributes you learned in Cybersecurity: Confidentiality, Integrity and Availability. Learn Information Assurance and understand why two more attributes, Authentication and Nonrepudiation, should be involved in the Security Services dimension, and what the Time dimension for information security and assurance discusses. Write a short paper to discuss and describe your understanding.
The Availability of Healthcare: Who should have access to the best care?
The Availability of Healthcare: Who should have access to the best care?
C++ - Almost done, I have a problem with read access violation error. This is the...
C++ - Almost done, I have a problem with read access violation error. This is the link to my assignment first part: https://pastebin.com/yvcvdqLY second part: https://pastebin.com/vY7MK1Bf, My header file: https://pastebin.com/pcJnctgu My .cpp file: https://pastebin.com/9jAfP9u8 My source file: https://pastebin.com/kFsidY2k
I have a dream speech from a student perspective. 3 paragraphs
I have a dream speech from a student perspective. 3 paragraphs
From a cardiovascular stability/blood pressure control perspective
From a cardiovascular stability/blood pressure control perspective, would it be more beneficial to have an athlete stand still or to continue walking slowly during recovery from a maximal 400 meter run? Why?
Entity-Level Controls from AS5 A. Access control and monitoring software. B. Budgetary controls. C. Report highlighting...
Entity-Level Controls from AS5 A. Access control and monitoring software. B. Budgetary controls. C. Report highlighting credit sales, returns, and allowances over the complete and entire reporting period, including 30 days after the close of a financial reporting period. D. Use of control frameworks such as those provided by COSO and COBIT. E. A report of all employees not taking required vacation days. F. Development of a business interruption plan. G. Program change controls. H. Supervision. 1. Controls related to...
Suppose we wish to generate a sample from the exponential ($\beta$) distribution, and only have access...
Suppose we wish to generate a sample from the exponential ($\beta$) distribution, and only have access to a computer which generates numbers from the skew logistic distribution. It turns out that if $X$~SkewLogistic ($\beta$), then log(1+exp($-X$)) is exponential ($\beta$). Show that this is true and check by simulation that this transformation is correct.
I have a project for school and it says to do it in Access. Ihave...
I have a project for school and it says to do it in Access. I have office but I can't find Access. Can you tell me where to find Access to use or buy or an equal Alternative. I have a Mac desktop and Acer laptop.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT