need to rewrite the below paper in own words please no plagiarism accepted I did work but showed plagiarismplease if u need you can use other sources
tej_final.docx
Unformatted Attachment Preview
Running head: THREATS AND COUNTERMEASURES
Threats and Countermeasures
Student’s Name: Tej Bodapati
University of Cumberland
Date:12/08/2019
1
THREATS AND COUNTERMEASURES
2
Threats and Countermeasures
Introduction
The technology advancement has made it possible for companies/ individuals to store
data and information out of the computer system. Thus, this has led to development of cloud
computing, which allow use of computer software to store, manage data and information outside
the computer system i.e. work site in an external internet based memory system. According to
the Buyya et al (2009) cloud computing refers to type of “parallel and distributed system
consisting of a collection of interconnected and virtualized computers that are dynamically
provisioned and presented as one or more unified computing resources based on service-level
agreements (Mell & Grance, 2009)”. Cloud computing offers higher levels of efficiencies
compared to other forms previous data and information platforms. Cloud computing model
offers on-demand network access for different computing resources such as networks, storage,
applications, servers, and services.
Cloud computing platform allows data and information access through use of internet services o
online basis without complexity (Mell & Grance, 2009). For the companies with multiple
branches in different geographical locations, cloud computing is used to break barriers between
different clients and the company. Cloud computing allows access to information stored on the
cloud from any approved network and as well as ensures extensive distribution of information
easily without delay and less resources. Cloud computing has become a great tool for company
to store data and information. Although it offers great deal for accounting firms, with the
perceptive and sensitive nature of accounting data there can be as well security risks associated
THREATS AND COUNTERMEASURES
3
with cloud computing. The data in the cloud computing can be easily accessed to authorized
users and to unauthorized uses. The data and information stored on cloud requires attention as
well as detail security procedures and features. The risks encountered for data computing
includes: data breach, business continuity, identity theft as well as other related aspects. To
implement cloud computing there is need to check internal controls and security system.
Security Threat Management
Hackers of computers for a longer duration have been making inroads towards exposing
and exploiting the vulnerabilities present within the networks and also in the software appliances.
Following the internet invention and the drastic adoption of the Web Appliances, attacks can be
done on huge scale, which may again severe impacts on both people and businesses. The
necessity for doing away with threats and the reduction of the risks has led to the whole industry
focusing on the application security (Security Compass, 2019). The history with regards to the
application security has been associated with research covering on vulnerabilities, various severe
attacks and the subsequent reactions from the market towards these particular attacks through
innovation and intensive studies. Below are the identified highlights plus the reactions listed by
Security Compass (2019) that date back from the period of 1980s;
❖ 1988: There is the invention of the very first virus known as Morris worm. Despite the
virus not expected of being malicious, Security Compass, (2019) said that it was
successful in taking down various computers that accessing the internet during those days
thus becoming too expensive to remove or fix. The scenario resulted into DARPA funding
the formation of the Computer Emergency Response body in to assist in handling the
categories of the attacks
THREATS AND COUNTERMEASURES
4
❖ 1995: There is the release of the Javascript with the intention of making it easy for the
developers in coming up with the interactive types of websites. Security Compass (2019)
noted that it never took long before the hackers started with the exploitation of this newly
invented technology with the skills like the cross-site type of scripting (XSSS). Certain
efforts were dedicated towards combating this problem but it did not materialize up that
time when the little known Sammy worm ended up in defacing and taking down the
MySpace in the year 2005. The next explosion of this category of attack could be seen as
one of the major factors linked with the latest innovations towards securing the coding
behaviors and practices as well as scanning elements that to some extent is identified as
the vulnerability evaluation.
❖ 1998: A researcher in the field of security going by the name Jeff Forristal invented the
method of injection of attacking and put his comprehensive findings through the message
boards (Security Compass 2019). The findings by him cautioned the industry during this
time of the impending threat towards the security of data. For real, diverse sorts of attacks
happened like SQL injection that happened on Guess.com in the year 2002. Eventually, it
ended up in compromising more than 200,000 identities and the credit cards. Up to date,
injection is still considered as a major threat towards the security of the organizations.
❖ 2001: There is the formation of The Open Web Application Security Project (OWASP),
with the desire of raising the awareness towards security and promoting good practices.
With the attacks becoming more diverse and complicated at the same time, the very first
OWASP Top Ten came into place in the year 2004 with the objective of demystifying and
categorizing the most dominant and sensitive Web application security forms of
vulnerabilities.
THREATS AND COUNTERMEASURES
5
❖ 2004: There is the release of the Data Security Standard (PCI-DSS) that detailed the least
security guidelines for the retailers plus other business activities that use credit cards.
Security Compass (2019) noted that the urge for validating the adherence towards the
standard resulted into the increment in the presence of the affordable solutions linked with
vulnerability with scanning.
Regardless of the likelihood of varieties of events that may be listed, Rittinghouse, &
Ransome (2017) pointed out that its vividly clear that the identified examples have affirmed that
the attackers have continued to evolve from the isolated persons with reckless forms of bravado to
more organized sects of cyber thugs carrying out malicious forms of attacks related to finance,
politics or the ideological forms of benefits
Benefits of Managing Organizational Security Threats
In the current society, just being online may lead to the exposure of an individual to the
‘hazardous cyber types of threats. Rittinghouse, & Ransome (2017) emphasized that even it if
involves the inputting of the credit card information that confirms one’s identity, usually people
stands to suffer the risk linked with the intrusion. On the same note, mobile apps built minus the
robust type of security exposes the users towards the vulnerable that may lead to different extents
of damages.
Rittinghouse & Ransome (2017) identified that it had become a norm that braches in data
and the revealing of the secret information such as the details of an individual to the cyber thugs
is mostly because of the weak encryption of the site. Thus this justifies the reason behind
making sure that the end-user and service provider information is secured adequately. At the
same time, this particular protection entails to each point available within the network. With the
THREATS AND COUNTERMEASURES
6
desire of offering protection the critical information and welfare of people from the costs
associated with cyber-crime, it is then essential to have security scanning. Scanning serves a
significant role in identifying the resolution and direction of underlying issues. In a network that
is evolving through the landscape of cyber like the robust of methodology, is essential in the
application security scanning.
Application security scanning towards the vulnerabilities may assist the developers of the
app in detecting the diverse possible threats and weakness that may be handled during the time of
development or enhancement of the operations (Francis 2019). Following an in-depth evaluation
and the complicated methodologies of communication, the application security assists in making
sure that the website and the mobile appliances are safe and also given protection towards cyberrelated attacks.
Vulnerability types of tests may be divided into two groups. The commonality associated
with the appliances is that they occur through a program in computer among the devices that
have a connection with the internet despite having significant variations. External scans can carry
out the reporting on what users is cable of seeing.
Externally based scans present the report on what the users are seeing. At the same time,
they are after holes. An example is the case of the hackers or the regulated and the cyber-based
criminals undertaking the exploitation and even penetrating.
Internally oriented scans may end being complicated. He, Chan & Guizani (2015) said
that they pay attention to the vulnerabilities since the cybermen are after accessing the network.
Balasubramanian (2015) noted that this the steps whereby the developers have to take in securing
the program or the app against the internal based threats.
THREATS AND COUNTERMEASURES
7
Managing security threats in the organizations comes with various benefits like saving
the resources of the firm to the automatic mode of scanning for the sake of enhancing the peace
of the mind. The scans offer the information that is real enough in enabling the specialist in IT in
handling many issues with immediate effect. The provider the services and developers in a quick
manner may work towards resolving any likely vulnerabilities before the users become affect or
data also get compromised.
Legislation and compliance with the rules governing the IT are continuing to evolve.
Security scanning is typically needed in remaining compliant. Regardless of this, it is also
classified as a vulnerable type of process that comes with benefit to the developers plus the endusers as well.
Cybercrime is an endless crime following the global economy that has become very
expensive. During the environments of such kind, pro-active type of an approach is essential in
keeping the defense robust and safe for the data of the user (He, Chan & Guizani 2015). The
provider of services and their developers who are involved in regular application security
scanning are at the right place of handling the complicated, upcoming cyber-related threats. A
pro-active type of approach is also identified being cost favorable and also leads to the
minimization of the risks linked with the lost reputation and penalties.
In the case of the providers of the application who are dedicated to offering the secure
and non-interrupted type of service, the value of security scanning is not easy to forget To the
providers of the form; the process should be included as parcel and part of them in terms of
development and management.
THREATS AND COUNTERMEASURES
8
Specific Measures and Countermeasures
a) Device Fragmentation
The testing of mobile appliances must factor the many users of mobile-based tools that
have varied capabilities and feature. The security identity of those security deemed to be much
vulnerable leads to performance testing by a task that is not easy. The team in charge carrying
out tests is unable to proceed with the release of the speedy development. In the end, they resort
to coming back with an ambition of removing the bottlenecks during the process of publication.
At this time demands for the production of top-notch.
b) Tools for Mobile Automation Testing
An approach that is reasonable towards fragmentation demands for the usage of the
automation the payment. However, the ancient tools for carrying out tests like the Selenium or
the Quick Test Professional (QTP) were not after the crossing kind of platform. Hence, the
automation appliances present in the mobile and design of the website are a boat and another for
the party
c) Weak Encryptions
A mobile-based app has the capacities of accepting data for every source. Where no
adequate encryption has been carried out, the attackers can proceed with the modification and
attributing of the cookies and cookies (He, Chan & Guizani 2015)). Attackers are capable of
bypassing security where decisions concerned with the alienation arrive concerning the values
linked with the inputs. Of late, the hacklers have made targets at the users of Starbuck to siphon
from the suspecting Ugandans. Starbucks confirmed that this app was indeed performing the
storage of the usernames, addresses of the email, temporal acting usernames. However, the app,
THREATS AND COUNTERMEASURES
9
d) Weak Hosting controls
During the creation of the first mobile appliances, firms tend to reiterate that at first, they
had no accessibility of the foreign-based networks. The servers where the app is based must be
equipped with the security measures for the sake of baring the illegal persons from the finding
their ways into the data Maruti Techlabs (2019) added that this entails the servers plus any other
services from the third parties that the apple could have been possibly checking. Again it is
severe for persons of the back-end types of services to have security against malicious forms
attacks. Hence, each API must be subjected to proper verification, and adequate protection must
be deployed in enhancing the storage of data.
e) Privacy Rights
Privacy is the right given to an individual to have all powers over his personal information. Due
to the growth of the technology and benefits associated with it; have led to the health sector to
record patient information electronically (Kabadi et al, 2016). Thus promoting to the electronic
health records i.e. the doctors and medical practitioners are recording the patients’ information
using laptops. Thus electronic health records have improved patients services provision among
the providers as well as easy access to the health information (Kabadi et al, 2016). But there are
risks associated with the electronic information records which include:

Unauthorized access to the patient information may arise. Since information is electronic
someone might use unscrupulous way to access others patients information.

Hacking and cyber security threat are a threat to privacy information of the patients. These
malpractices might lead to data destruction, inaccurate data and enter of misleading information
which might have adverse affects on the patients’ future treatment.
THREATS AND COUNTERMEASURES

10
Technical problems i.e. unavailability or failure of EHR system is a risk. This might lead to
misleading information in the event of late update.
Risk Assessment
Risk assessment it must be done to ensure that indentified vulnerabilities associated with
cyber security is resolved. The act of allowing third party such as vendors to have access and
manage data stored in cloud must be monitored to avoid data inappropriate data usage since there
is always aspects of data manipulations. This is important as any breach of data by unreliable
party will exposure a company to the law suits or legal concerns. Thus, along with security
concerns, reliability must as be considered. The risks associated with the hardware and software
failures should be addressed as well as backup plan and restoration plan. As well the firm must
ensure that there is limited access o the data to avoid data theft and manipulation. It is important
to ensure that individuals accessing the cloud data have the authorization to access information
helps in reducing the risks of data breach. To mitigate the Risk helps in reducing the cyber
attacks as mostly attacks compromise legitimate websites to deliver malicious payloads which
can then reach data. This can usually be mitigated. While no single strategy fits all, practicing
basic cyber hygiene would address or mitigate a vast majority of security breaches (Mell &
Grance, 2009).. Being prepared if an intrusion occurs is also critical and having a
communications method f method for response, actively monitoring centralized host and
networks, and including enhanced monitoring to detect known security events is a must. As risk
assessment helps in avoiding the risk since it is better option as it will help in ensuring that
company’s information is protected and the organization doesn’t face any vulnerability in
fraudulent attacks. Therefore, no employees should be allowed to go home with the work
THREATS AND COUNTERMEASURES
11
devices. As well the company should come up with the policies that bans use of private devices
on work related activities.
The risks assessments help the firm to come up with the best way to help the firm to
secure cloud computing data. The best way to mitigate this risk is through securing the network
infrastructure and ensuring highly maintained strong network architecture. Being prepared if an
intrusion occurs is also critical and having a communications method f method for response,
actively monitoring centralized host and networks, and including enhanced monitoring to detect
known security events is a must. As well through risks assessment DDoS attacks are prevented.
Thus, prevention and mitigation solutions through integrated security strategy that protects all
infrastructure levels help in preventing DDoS (Mell & Grance, 2009). This can be achieved
through development of a DDoS prevention plan which is based on a thorough security
assessment, securing the network infrastructure and ensuring highly maintained strong network
architecture.
Also, risks assessment is conducted to ensure that virus attacks are prevented and avoided
through constant system update. Avoiding the risk is the best to prevent viruses, worms and
Trojan infections in the company’s computer systems. This can be done by ensuring that there is
effective and efficiency constant updating of the system. As well prevention of use of devices or
websites that might causes the Trojan infections and worms, as well as virus attack
The Security of Electronic Health Records
The Health Insurance Portability and Accountability Act, the providers are required to protect
patients’ private information and records. Hence right to access his medical information, request
THREATS AND COUNTERMEASURES
12
for the mistake collections and also right to know how to use the information (Kabadi et al,
2016).
Thus to safeguard the information of the patients the doctors’ offices and hospitals are required
to specifically protect the information stored in the electrical health records through ensuring:

Individual access controls and passwords: thus the creation of passwords and pins known
only to the patient limits you information access hence safeguarding EHRs.

“Audit trail” thus through auditing it can be shown you have accessed you account. Hence
regular auditing is recommended in protecting electronic health records.

Encrypting thus limiting others to understand your health information. Encrypting is coding
you person information that limit others from understanding.
Strategies for evaluating effectiveness of EHRs
To measure the effectiveness of the use of the electronic health records can be done by:

Determination of the efficiency and effectiveness of the services provision. Thus through
evaluating time frame of the medical services provision i.e. how time for services provision have
reduced compared to previous manual recording (Fernández-Alemán et al, 2013).

Communication between doctors and patients effectiveness. This strategy to measure the
effectiveness of the EHRs: by establishing how EHRs have increa …
Purchase answer to see full
attachment

Are you having trouble with the above assignment or one similar?

To date, 239 students have ordered this same assignment from us and received 100% original work. We can do the same for you!

We offers 100% original papers that are written from scratch.We also have a team of editors who check each paper for plagiarism before it is sent to you.

Click this “order now” button to see free Cost Breakdown!