Question

Familiarize yourself with the different IT threats types discussed in the class by exploring
relevant official websites on the internet to distinguish among them, and collect information
about recent threats and attacks of each type.
Q.2 Discuss the ethics of hiring well-known hackers to identify software security vulnerabilities
before having the software released. Consider both pros and cons of such practice.
Q.3 Design a security education program for a company employees to educate and motivate
them to understand and follow the company’s IT security policy.

Answer 1

Answer 1. In order to understand threats and attacks related to IT and its security first its important to explore terms "THREATS" and "ATTACKS".

Threats: It is an act of modifying, erasing, extracting sensitive information to take advantage of vulnerabilities of Security Breach.

Attacks: It is an act of destroying or damage sensitive information Systems by use of some malicious executable programs like using Viruses. Bots and Worms etc.

So the list of various threats to IT including some recent ones is mentioned as follows.

1) Stealing Patents: This is one of the most common threats to IT. This includes altering or disobeying intellectual property rights like stealing copyrights and patents belongs to someone else.

2) Stealing Information of IT Company: This is also one of the most dangerous and common security breaches which extract cost by locking sensitive data of a company or simply sell it to other companies at some reasonable costs. Eg Ransomware.

3) Act of Crippling Information: Destroying the trust of customers over a company by simply damage its software or websites.

4) Theft of Privacy: It is also one of the most common acts of pretending itself an authorized person despite being a fraud. This is also called PHISHING. Phishing simply means to steal someone's identity information like login credentials to the bank or email accounts and take advantage of its information.

5) Social Media Attacks: Various hackers may stock user interests and preferences on social media by likes and comments and even by tracking count of visits made by the user on a particular site thereby showing them fake ads relevant to this.

6) Outdated Security Softwares and Mobile Malwares also play an important role in various threats to the IT Sector.

Answer 2: Hiring well-known hackers to identify various security holes in software systems is very crucial and on high demand these days. But there exist some disadvantages of having a hacker hired in a company.

Pros:

1) Only experienced hackers can detect various loopholes and bugs in software security. They are well-groomed with different techniques applied in breaking such vulnerabilities to the system.

2) Only hackers having a mind to think like criminals and attack only on the system's security part, focus only on the sensitive part of the software is proved very helpful for an organization to save itself from threats.

3) Since these hackers are friends of the company in which they are hired, they can be a good advisor and help software developers to build software with keeping the sense of security from scratch.

4) Hackers only help a company to understand the latest requirements of Softwares or updating the existing software system.

Cons:

1) Experienced hackers must be required to analyze on the basis that they are not from criminal background otherwise they may downgrade the company's image in the market when dealing with Government Bodies.

2) Lack of trust in experienced hackers is one of the aspects which an IT company must keep in mind. what if they sometimes or after job termination or after self resignation may reveal the secrets of the company's software system to other companies. or even blackmailing the company to pay more.

3) These hackers have direct access to the centralized company security system and its data. So it is always harmful for a company to trust them.

Answer 3)

Design of Security Education Program (SEP): This is equally important to develop a sense of security and threats along with the development of various software systems. Lack of proper security measures may cause damage to trustworthy customer's data and as a consequence customer lost trust in company /Organization. So it's a very crucial step.

1) The very first step of designing such a system is to well define various security goals first in priority order to work on. Such goals must be feasible and solvable in a given time sprint.

2) The second most important step of creating such a training program for employees is to understand the knowledge level of your employees as it's not necessary that all employees have the same level of expertise and knowledge.

3) Not all Security system is required to be developed beforehand but it is required to be developed at each step of software development. So all developers required to be trained and compliant according to the requirements.

4) Web-based Training modules must be provided to each and every employee of the company. So that he/she can track and report any security violations observed in premises.

5) Security Education program must be customized according to present and future employees. Present employees are required to be more responsible and aware of the security of IT infrastructure than future ones.

I hope this answer will somehow help you guys. Feel free to ask in comments.