Info security essay

It is a shield contrary to unapproved person. Hacking is a failure of infallibility. In 2013 Livingston stated that their system was hacked which was an unauthorized access. This affected more than fifty millions of their users.

User name, email, password, date of birth everything were stolen. This was a failure of confidentiality. (Scampering. Com, 2014) Integrity: Integrity mainly refers to the honesty, source, and inclusiveness of information and also it blocks wrong and unauthorized alteration of information. It maintains and makes sure that the information is accurate and constant. It has to be same from the source to the recipient. As an example, the source code of software can be altered to pen the security holes on users end before releasing to the open. (CSS.

OIC. Du, 2014) Availability: Availability is information being available when an authorized person has requested the information. As an example we can mention Denial of service (DOS), where the person who is attacking tries to block out the authorized person from using the system totally or nearly being unusable. Normally he overflows the system with unusable information because a system can process definite number of request. If the system is overflowed it can’t process the authorized persons request and it will eventually go into liquidation rejecting access to authorized person. Answer 2: Computer security failure is a lot frequent now a day.

Recently there was a major hack in target in New York. The hackers stole bank card data from about forty million accounts. There was a lack of adequate protection in terms of security. They did not have the rational and the correct ways to guard the information.

The hackers have the all the customer information who shopped between 27th of November to 1 5th of December, to make a duplicate card. They even encrypted the PIN when it was hacked. The hackers retrieved to the point of sale data which is actually refer to the easiest penetration. They managed to get to terminals where the customer was swiping the card with their information. The situation could be minimized if it was caught earlier but it was about 2 weeks when they realized of the hacking which can be an example of lack of effectiveness. (Gregory Wallace, 2013, p.

Xx-xx) Answer 3. Asynchronous 1/0 gives the permission to continue process before finishing the transmission. It does not provide full memory protection for transfers. A base register is mainly a variable fence register. Only a starting address (lower bound) is delivered by fence register. But an upper bound can specify how much area in given and in checking overflows in prohibited space.

For this reason a second register is added which is called bound. Each program address has to be above the base and below the bound register so that the addresses are in the space between base and bound register. This prohibits alteration by other users. (Flogger, 1997) The problems with asynchronous 1/0 can be solved by bringing in another pair of base and bound register. (Flogger, 1997) Paging is equal sized pieces of a program. Paging do not need to unite to the things on a page, so there is no method to institute that values on a page should be protected at the same level. To eradicate the drawback paging and segmentation could be combined.

(Flogger, 1997) Answer 4: How leakage occur via email: Leakage of information via Email depends on the information that is being sent. The sent information in the Email has the possibility to leak. Transferring information through the unsecured network can be a cause of leakage. Sometimes it is Just unfortunately unintentional. Sometimes the users Just type in the wrong recipient mail address, which disclose information to others. Information in the email should be encrypted. If it is not the case it can be accessed by anybody causing information leakage.

Using personal account for sending work emails can be another cause of leakage as it normally does not have the safeguards as auto backup. Answering or clicking in to the fishy emails can be the reason for your information loss. Preventing the leak of information via Email: Using the Data loss prevention can help protecting the data. It watches network and end point to protect the data from sending outgoing messages.

It monitors that pacific information do not leave the network as credit card information Email gateway can be very fruitful in terms of preventing information leakage. This could be resistance in contrast to unintended and harmful email leakage. It also looks after the incoming wave of the spam and mallard. It also monitors the outgoing traffic. With the content filter and encryption data leakage can be prevented. With this an employee becomes aware what is in the email.

He can be sure that the content is not against the company policy. With the application control an individual can block what can leak data. As an example Luckier Answer 5 Virus placed on the system at system low This model is vulnerable to attack.

Because it gives the lower level user the power to infect the upper level files. Salomon, 2006). Normally when the virus is placed at system low all the users has the authentication to read, write, append and execute the virus affected file. With execution of effected process it is possible to run in the user level to spread to each file of this level.

When the upper level user will execute the compartment then that compartment will be infected. If the top level executes any of the lower level infected file it will be infected too. It is pretty easy to spread the virus from the system low to system high. Virus placed on the system at system high When the virus is placed on system high it is pretty hard for the virus to spread.

It is pretty limited in the system high. (Salomon, 2006). Only that particular compartment with the virus will spread as it only can be accessed by that particular compartment user. The infected data in system high cannot pass the virus to the lower level, so only the other system high file will have the chance to be infected Answer 6: Granularity: The number of fruitful attacks is growing day by day.

So we need access control. In arms of granularity it controls a larger level of objects and it is easier to implement the access control. Mainly it controls the amount of data a user could access. As an example, an employee from HER can have partial access to the employee table, but he cannot have access to the salary information for the whole company. Granularity in terms of access control depicts to the certain point to which access of data can be distinguished for every aspect of database I. E.

Tables, rows, columns. (Docs. Oracle. Com, 2014).

Trade-off between granularity and efficiency: Even a most skilled employee can kill a process without being known. So there is a trade-off between granularity and efficiency. A flexible and strongly resource controlling security system has to supply great level of granularity. The tradeoff is only upsurge granularity when there is a certain chance of being benefited. Specific information do not leave gateway can be very trustful In et be resistance in contrast to union the incoming wave of the spam a With the content filter and encrypt employee becomes aware what I against the company polity. With can leak data. As an example Luck Virus placed on the system at sys: This model is vulnerable to attack Intent the upper level tiles.

(Solar Pete love all the users has the the virus affected file, With exec’ user level to spread to each file c the compartment then that com any of the loner level infected fill virus from the system IOW to cyst Virus placed on the system at When the virus is placed an cyst pretty limited in the system high vita the virus Will spread as It or user, The Infected data In system only the other system high file WI The mourner of fruitful attacks Is terms tot granularity It controls a the access control. Mainly it count example, an employee from HER c cannot have access to the salary terms of access control depicts TTT distinguished for every aspect of Docs. Oracle. Com, 2014). Trade-of Even a most skilled employee car trade-off between granularity an controlling security system has TTT only upsurge granularity when TTT (Springer, 2005). The main trade-off is the system will design. Customization is costly when changed grand compromised efficiency.

Part B a) The ways to be sure of the website belonging to t By making sure the address in spelled correctly. You normally is updated in the banking website. Enabling right data is going to the right place. If there is a cool secured by SSL security. If there is no security button is fake or the website is unsafe and any anyone can re getting email from the bank saying it is urgent, y or there is update going on so you need to login to t link . Always it is a link too fake website, because co not send you email saying we upgrading please logic basically giving the hackers what they want in a plat will be some grammatical error, misspelled word or encryption or scrambling to guard your information sign it will show a security certificate for the website website you are supposed to be. Also looking for who correctly or not . Sometimes hackers puts an extra “ t” bank website will not have low resolution image to b as it is normally done in a hurry.

Also MacAfee indicant not. B) To know the information is secure from pushing If you have entered into the website clicking to the Ii surely a pushing website. Because every single ban they won’t send any email which contains any links. And also encryption it is fair to say that the informal unless you are filling your details in a pushing site. The first thing before entering any information it is identity verification button or the security seal in the the right and secure website to enter the information C) Protection to provide security The bank provides mobile banking security which includes observing real time fraud, secure encryption and 2 factor authentications.

As now a day people use online banking in their mobile devices, it is necessary to offer mobile banking security. As there is fine chance to lose the device, the bank provides remote wipe details feature. Even the bank keeps the log for the device used. The bank provides the banking session with encryption. So that no one can understand the information sent or received between the bank and the customer except them.

Also bank maintains several firewalls so that the banking environment is safer. It also protects the bank from unwanted attacks, track down possible attack and makes sure nothing unauthorized things happens. When I log into the internet banking there is secure session is created named secure sockets layer. If there are three wrong passwords back to back it automatically lock out the account to keep the account safe.