Sunday, May 3, 2020
Managing Regulatory Compliance In Processes -Myassignmenthelp.Com
Question: Discuss About The Managing Regulatory Compliance In Processes? Answer: Introduction The purpose of this report is to provide an overview of the process involved in performing the threat and risk assessment. The objective of the assessment on Internet of Things (IoT) Risk Management is to provide recommendations to increase the availability, confidentiality and integrity after being providing the usability and functionality. To perform a threat and risk assessment internal and external resources has accomplished. Everything depends on the situation at the time of choosing to use the internal or external resources. The scope of this report is to identify the sensitivity and protect the risk and the system and applications that are included in the assessment. The scope has indicated to analyze the internal or external perspective or both. The vulnerabilities and threats for the specific system and services has identified from various resources. The reports have identified and analyze vulnerability and gathered information and test whether the current safeguards are suf ficient in terms of availability, confidentiality or integrity. This vulnerability analysis will indicate whether the proposed safeguard is sufficient or not. According to the level of risk that the organization poses both internally and externally has graded by the specific vulnerabilities. If there are no adequate protections then it has assumed that there are vulnerabilities. In relation to business, environment threats has identified as the tampering, interruption or destruction of services or item of value and the affects they have on the organization. The report has also highlighted the OWASO Internet of Things top ten security issues that they have faced with IoT devices. It also has recommended with countermeasure to make aware of such threats.This IT risk task is for the intended audience of the management in which a risk assessment about the Internet of Things has provided. Moreover, as a lead consultant, this report will translate the technical difficulties in risk language to facilitate effective decision- making between the business stakeholders and technologists with a scenario provided that of Gigantic Corporation specifically on Internet of Things. The first and foremost thing that had to consider is the cause of the risk that has arises in the organization. Threats of IoT The Internet of Things is an interconnection technology between the people and computers for digitally connected things. However, as a part of the IoT engineering team for an organization Governance, Risk, and Compliance (GRC) group defined risk management organization and the risk data depends uniquely on the stockholder needs (Sadiq Governatori, 2015). For any business, risk management is definitely going to happen in many ways, implicitly or explicitly, reactively or proactively, as a box-checking exercise or competently. Threats are the destruction, interruption or tampering of the services that conceivably happens in a system. This threat has split into a human elements and non-human elements. Human elements include financial or accounting theft, hackers, Electricians, Technicians, trained IT staff, accidental, electronic and physical theft. Non-Human elements include Electrical, Air (dust), Viruses, Plumbing, Lighting strikes, Floods, Heat Control and Fire. In recent ransom-wa re has identified as the main threat of IoT ecosystem that leads to locking of files and a notification will be send to pay a ransom or will remain locked, as it has hacked the devices (Hamidi, 2016). If any professional is able to communicate effectively about those risk, then in that case risk may exist or less likely or may negatively impact the business. The first thing to consider in a business system is to identify the risks and understand the business and without it the system may result to failure (Lee Lee, 2015). The level of depth is concern on the initial review that includes tactical plans, strategy details, mission, and vision for the risk being assessed. Vulnerability of IoT In a system, vulnerability are the weakness of system software or hardware, weakness of the policies and procedure and to the system users that allow the attackers to conduct a Denial-of-Service attack, get access to unauthorized data, and to execute a command (Papp, Ma Buttyan, 2015). The main two components of the IoT system are; system software and hardware. The software vulnerability has identified in software application, control software and operating system. It is very difficult to identify the hardware vulnerability and even if the vulnerability has identified, it is then again difficult to fix them due to the hardware interoperability and compatibility (Rehman, Kriebel, Shafique Henkel, 2014). Many organization faced problem to effectively filter out the false positive from an assessment applications. The result of the false positive can then be mitigated once assessment applications are updated with patches and signature that are stable. The technical vulnerabilities is d ue to the weakness of human because they are unable to understand the requirements to start a project without a proper plan, absence of resources, knowledge and skills, no proper communication between the user and developer, and fail to control and manage the system (Conteh Schmick, 2016). Consequences Attackers attack to gain recompense or personal satisfaction. These attackers could be criminals, governments or hackers that has become a threat to the digital world (Kundi et al., 2014). In search of sensitive information, they attack the network to access the unencrypted data traffic. The consequences results in some of the following cyber-attacks listed below: Physical attacks: The high risk of physical attacks is in the outdoor environment of most of the IoT devices. Denial-of-Service attack: In this attack due to the limitations in the computational resources and capabilities of the memory is low, the intended user cannot get the resources of machine or network. Reconnaissance attacks: These attacks include queries send from the information of IP address, pocket sniffers, analysis of traffic, to scan the network ports. Access attacks: The unauthorized intruder tries to gain access to devices or network that is not authorized to them (Jose Malekian, 2015). This type of attacks has done in two ways. The first way is the physical access to physical devices and the second way is the remote access to devices that has connected to IP. Privacy attack: It has become a challenge to the privacy of IoT as there are large volumes of information available for the mechanism of remote access. Some of the common privacy attacks are tracking, data mining, password attack, cyber espionage and eavesdropping (Jenab Moslehpour, 2016). In certain databases attacker through data mining get access the unanticipated information. The intruder tracks the users location by the UID devices (Kim, 2017). The intruder tries to duplicate the user password through dictionary attack and brute force attack. Through eavesdropping the attacker, listen to conversation done by two parties. Cyber-crimes: The consequences of cybercrimes has found on the smart objects and the internet to achieve materialistic gain through identity theft, fraud, brand theft and intellectual of property theft (Broadhurst et al., 2014). Literature review Protection Mechanisms Employed For Website Security The main thing of IoT is that it sends and receives data that are embedded in the computing devices over the internet. Here comes the security issue, as the data is exchange over the internet. This literature review taken an exam that highlight the OWASO Internet of Things top ten security issues that they have faced with IoT devices and has suggested some of the countermeasures. Recommendation Data Collection: Data should be collected only for critical functionality devices. Proper Authentication: While making any initial setup, the default password and default usernames need to be changed. There should be options available to configure the password control and keep a strong password with the use of a secure password recovery. Granular control access: Whenever necessary to get access to granular control, it is better to ensure that the credentials has protected properly. Encryption: The device should have the ability to update files that has encrypted and transmitted through an encryption method. Conclusion This report concludes that IoT threats need a regular review to ensure the protection mechanism. The report also discussed that the threat has split into a human elements and non-human elements and about the ransome IoT recent attacks. It has address the security requires for an organization related to the availability, confidentiality and integrity. It has found that the software vulnerability has identified in software application, control software and operating system but in the case of hardware vulnerability, it is very difficult to identify the hardware vulnerability and even if the vulnerability has identified, it is then again difficult to fix them due to the hardware interoperability and compatibility. Many organization faced problem to effectively filter out the false positive from an assessment applications. It has mentioned the consequence happen due to cyber attacks in search of sensitive information that attack the network to access the unencrypted data traffic. Therefor e, in the final section the OWASO Internet of Things provided with top ten security issues that they have faced with IoT devices and has suggested some of the countermeasures of it. References Bonneau, J., Herley, C., Van Oorschot, P. C., Stajano, F. (2015). Passwords and the evolution of imperfect authentication.Communications of the ACM,58(7), 78-87. Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., Chon, S. (2014). An analysis of the nature of groups engaged in cyber crime. Conteh, N. Y., Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks.International Journal of Advanced Computer Research,6(23), 31. Florncio, D., Herley, C., Van Oorschot, P. C. (2014, November). An Administrator's Guide to Internet Password Research. InLISA(Vol. 14, pp. 35-52). Fysarakis, K., Hatzivasilis, G., Rantos, K., Papanikolaou, A., Manifavas, C. (2014). Embedded Systems Security Challenges. InPECCS(pp. 255-266). Hamidi, H. (2016). Safe Use of the Internet of Things for Privacy Enhancing.Information Systems Telecommunication, 145. Hossain, M. M., Fotouhi, M., Hasan, R. (2015, June). Towards an analysis of security issues, challenges, and open problems in the internet of things. InServices (SERVICES), 2015 IEEE World Congress on(pp. 21-28). IEEE. Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K. (2014, June). Delegation-based Authentication and Authorization for the IP-based Internet of Things. InSensing, Communication, and Networking (SECON), 2014 Eleventh Annual IEEE International Conference on(pp. 284-292). Ieee. Jenab, K., Moslehpour, S. (2016). Cyber Security Management: A Review.Bus. Manag. Dyn,5(11), 16-39. Jose, A. C., Malekian, R. (2015). Smart home automation security.SmartCR,5(4), 269-285. Kim, J. H. (2017). A Survey of IoT Security: Risks, Requirements, Trends, and Key Technologies.Journal of Industrial Integration and Management, 1750008. Kundi, G. M., Nawaz, A., Akhtar, R., MPhil Student, I. E. R. (2014). Digital revolution, cyber-crimes and cyber legislation: A challenge to governments in developing countries.Journal of Information Engineering and Applications,4(4), 61-71. Lee, I., Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises.Business Horizons,58(4), 431-440. Mukati, M. A., Ali, S. M. (2014). The vulnerability of cyber security and strategy to conquer the potential threats on business applications.Journal of Independent Studies and Research,12(1), 56. Papp, D., Ma, Z., Buttyan, L. (2015, July). Embedded systems security: Threats, vulnerabilities, and attack taxonomy. InPrivacy, Security and Trust (PST), 2015 13th Annual Conference on(pp. 145-152). IEEE. Pescatore, J., Shpantzer, G. (2014). Securing the internet of things survey.SANS Institute, 1-22. Rahman, A. F. A., Daud, M., Mohamad, M. Z. (2016, March). Securing sensor to cloud ecosystem using internet of things (iot) security framework. InProceedings of the International Conference on Internet of things and Cloud Computing(p. 79). ACM. Rehman, S., Kriebel, F., Shafique, M., Henkel, J. (2014). Reliability-driven software transformations for unreliable hardware.IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,33(11), 1597-1610. Sadiq, S., Governatori, G. (2015). Managing regulatory compliance in business processes. InHandbook on Business Process Management 2(pp. 265-288). Springer Berlin Heidelberg.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.