Question

In: Computer Science

Familiarize yourself with the different IT threats types discussed in the class by exploring relevant official...

Familiarize yourself with the different IT threats types discussed in the class by exploring
relevant official websites on the internet to distinguish among them, and collect information
about recent threats and attacks of each type.
Q.2 Discuss the ethics of hiring well-known hackers to identify software security vulnerabilities
before having the software released. Consider both pros and cons of such practice.
Q.3 Design a security education program for a company employees to educate and motivate
them to understand and follow the company’s IT security policy.

Solutions

Expert Solution

Answer 1. In order to understand threats and attacks related to IT and its security first its important to explore terms "THREATS" and "ATTACKS".

Threats: It is an act of modifying, erasing, extracting sensitive information to take advantage of vulnerabilities of Security Breach.

Attacks: It is an act of destroying or damage sensitive information Systems by use of some malicious executable programs like using Viruses. Bots and Worms etc.

So the list of various threats to IT including some recent ones is mentioned as follows.

1) Stealing Patents: This is one of the most common threats to IT. This includes altering or disobeying intellectual property rights like stealing copyrights and patents belongs to someone else.

2) Stealing Information of IT Company: This is also one of the most dangerous and common security breaches which extract cost by locking sensitive data of a company or simply sell it to other companies at some reasonable costs. Eg Ransomware.

3) Act of Crippling Information: Destroying the trust of customers over a company by simply damage its software or websites.

4) Theft of Privacy: It is also one of the most common acts of pretending itself an authorized person despite being a fraud. This is also called PHISHING. Phishing simply means to steal someone's identity information like login credentials to the bank or email accounts and take advantage of its information.

5) Social Media Attacks: Various hackers may stock user interests and preferences on social media by likes and comments and even by tracking count of visits made by the user on a particular site thereby showing them fake ads relevant to this.

6) Outdated Security Softwares and Mobile Malwares also play an important role in various threats to the IT Sector.

Answer 2: Hiring well-known hackers to identify various security holes in software systems is very crucial and on high demand these days. But there exist some disadvantages of having a hacker hired in a company.

Pros:

1) Only experienced hackers can detect various loopholes and bugs in software security. They are well-groomed with different techniques applied in breaking such vulnerabilities to the system.

2) Only hackers having a mind to think like criminals and attack only on the system's security part, focus only on the sensitive part of the software is proved very helpful for an organization to save itself from threats.

3) Since these hackers are friends of the company in which they are hired, they can be a good advisor and help software developers to build software with keeping the sense of security from scratch.

4) Hackers only help a company to understand the latest requirements of Softwares or updating the existing software system.

Cons:

1) Experienced hackers must be required to analyze on the basis that they are not from criminal background otherwise they may downgrade the company's image in the market when dealing with Government Bodies.

2) Lack of trust in experienced hackers is one of the aspects which an IT company must keep in mind. what if they sometimes or after job termination or after self resignation may reveal the secrets of the company's software system to other companies. or even blackmailing the company to pay more.

3) These hackers have direct access to the centralized company security system and its data. So it is always harmful for a company to trust them.

Answer 3)

Design of Security Education Program (SEP): This is equally important to develop a sense of security and threats along with the development of various software systems. Lack of proper security measures may cause damage to trustworthy customer's data and as a consequence customer lost trust in company /Organization. So it's a very crucial step.

1) The very first step of designing such a system is to well define various security goals first in priority order to work on. Such goals must be feasible and solvable in a given time sprint.

2) The second most important step of creating such a training program for employees is to understand the knowledge level of your employees as it's not necessary that all employees have the same level of expertise and knowledge.

3) Not all Security system is required to be developed beforehand but it is required to be developed at each step of software development. So all developers required to be trained and compliant according to the requirements.

4) Web-based Training modules must be provided to each and every employee of the company. So that he/she can track and report any security violations observed in premises.

5) Security Education program must be customized according to present and future employees. Present employees are required to be more responsible and aware of the security of IT infrastructure than future ones.

I hope this answer will somehow help you guys. Feel free to ask in comments.


Related Solutions

Familiarize yourself with the following terms and concepts discussed this week in preparation for completion of...
Familiarize yourself with the following terms and concepts discussed this week in preparation for completion of this assignment: market capitalization, economic value created, sustainable strategy, business-level strategy, differentiation strategy, strategy canvas. Create a 700 to 1,050-word entry in your strategic management research journal. You will use information from this entry in your presentation due in Week 5. Respond to the following prompts in your journal entry: Describe the role of strategic planning in achieving a competitive advantage.   Assess Caterpillar Inc....
At least three different types of influence the gating of ion channels. (a)What are the types discussed in class?
At least three different types of influence the gating of ion channels.  (a)What are the types discussed in class?  (b)Select on type and describe it using a specific example. You may use an example not covered in lecture/textbook.
In class we discussed Transitive Trust. And we covered so many different types of attacks. Do...
In class we discussed Transitive Trust. And we covered so many different types of attacks. Do you think that there may be an attack on Trust? Explain your answer.
We have discussed 5 different types of economic value in class. Please give a personal example...
We have discussed 5 different types of economic value in class. Please give a personal example of each type of value based on your life experiences over winter holidays. Which of the 5 values can be observed in markets? How can we reflect our values for the things you listed that are not observed in markets?
What are the three types of company legal structures discussed in the class?
What are the three types of company legal structures discussed in the class?
In class, it was discussed different ways that muscle fibers and muscles as a whole can...
In class, it was discussed different ways that muscle fibers and muscles as a whole can increase the strength of a contraction. Please list three different things that a muscle fiber or a muscle as a whole can do to increase tension/strength and explain them.
We discussed four types of market failures in class. List two types of market failures, give...
We discussed four types of market failures in class. List two types of market failures, give an example of market or type of product for which this failure is likely to exist, give an example of a solution, and state whether it is an incentive compatible approach or a command-and-control approach.
In class, we discussed different ways to calculate the return or yield on a money market...
In class, we discussed different ways to calculate the return or yield on a money market financial instrument. We started with Holding Period Return (simple interest) and worked through Bank Discount Yield, Money Market 360-day Yield, Money Market 365-day Yield, and APY. (Formulae provided, below.) We showed that using the same inputs for current price and maturity value, you could get different answers for each quotation method. Explain the three issues behind why the quotation methods yield different results.            ...
As with extraction, there are different types of chromatographic separations…one type that we haven’t discussed yet...
As with extraction, there are different types of chromatographic separations…one type that we haven’t discussed yet is HPLC. Let’s say that you’re trying to perform an HPLC analysis of a mixture of sweeteners found in soft drinks; the compounds present in this mixture are listed below. What order would these compounds elute (come off of the HPLC column)? Please explain your choice. Note: I’ll encourage you to first do a little background reading on HPLC (and reverse-phase HPLC in particular)...
As we look at different types of writing in this class, there are standard skills that...
As we look at different types of writing in this class, there are standard skills that are transferable between papers. After doing your reading for this session, discuss at least two skills that are transferable whether writing a response paper, a literary analysis, an essay, or a research paper. How will you continue to develop these skills?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT