Risk And Threat Assessment Report Anthony Wolf BSA 520 May 1 ✓ Solved

Risk And Threat Assessment Reportanthony Wolfbsa 520may 11th 2020jef

Risk and Threat Assessment Report Anthony Wolf BSA/ 520 May 11th, 2020 Jeffery McDonough 1 RISK AND THREAT ASSESMENT REPORT 2 Risk and Threat Assessment Report The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks. Runtime application self-protection is an emerging application in the protection of software applications, data, and databases.

The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users. The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks.

There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their online credit information.

The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently led to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.

Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, they will gain access to their accounts and steal money or change everything and own the account. Hackers can use stolen credit data to make online purchases.

Privacy issues are also common as the personal data for a customer could be compromised and employed in unsolicited marketing, identity theft, and spamming. System reliability is a great issue in online transactions (Kure & Islam, 2019). There are high chances of the internet service provider crashing. The e-commerce plugin could also have bugs, and the online payment system could have errors. The risk of payment conflict is commonly experienced in online transactions.

Technical glitches and anomalies in electronic payment systems may result in a conflict of payment. E-cash is a paperless cash system that is commonly used in e-commerce to transfer funds anonymously. It has several threats related to it, including backdoor attacks, which give attackers unwarranted access to a system by bypassing the set authentication mechanisms. Denial of service attacks is a common security attack where attackers take actions that prevent the right user from accessing the electronic device. Networks security faces a lot of threats that compromise its operations.

A computer virus is a network security threat. Computer viruses are parts of software that are designed with the capacity to spread from one to another computer. These viruses are often downloaded from a particular site or sent as email attachments to infect a computer. Viruses corrupt and steal data from a computer. Rogue computer software is another threat. It is malicious software that can mislead computer users to believe that a computer virus has been installed on their computer. Adware and spyware are software that is designed to track the data of one's browsing habits with their consent. Data availability, integrity, and confidentiality are the primary security threats in an operating system (Mhatre, Pegna & Brdiczka, 2018). Malicious and accidental destruction of data files, modification of data files, unauthorized reading of databases, or data files are of concern on the security of the operating system. Malicious software or malware hijacks an operating system to perform some tasks for an attacker.

Spyware, Trojans, and viruses are the most predominant form of malware, each operating to undermine the security controls of an operating system. Hackers turn compromised computers into zombies or bots and force them to join a network to launch large-scale attacks on organizations. Software threats commonly associated with system software are malicious pieces of applications and computer code that can compromise or damage a computer and steal financial and confidential information. Antivirus programs and other comprehensive security software also aid in preventing the impacts of software threats. Bluejacking is among the software threats and is intended to share contact data to send unwanted and anonymous messages to other users.

Mobile devices and their applications are also infected by viruses that spread through the mobile network. The viruses are identical to other computer viruses. Database deployment in a distributed environment enables heterogeneous or homogeneous computers to act as a computing environment. Deployment is a great concern for databases, and various challenges impede database deployment. There are both internal and external risks and threats in database deployment in a distributed environment.

One of them is excessive database privileges. Database users may abuse the privileges in different ways, i.e., unused privilege abuse, legitimate privileges, and extreme privilege abuse. Excessive privileges in database deployment lead to unnecessary risks. This can be curbed by deploying and upholding strict access and privileges control policies (Visbal, 2019). Company employees should not be given excessive privileges.

SQL injection is an attack that occurs when malicious code is embedded in a web application and then transferred to the backend database. The SQL injection enables criminals to have unlimited access to any data stored in a database. The NoSQL injection targets big data databases while the SQL injection targets traditional databases. Database backups exposure is a common risk in database deployment in a distributed environment. It is always recommended to backup a proprietary database at a defined time.

The problem emerges since most of the database backup files are often left unprotected from attack, leading to several security breaches through database backup leaks. Database vulnerabilities and misconfigurations often occur because most of the databases are left unprotected due to misconfiguration. Professional IT specialists and hackers exploit database misconfigurations and vulnerabilities using configuration parameters and default accounts to attack organizations. Denial of service attacks can slow down a database server and even hide it from all users. DoS attacks can cost victims considerable time and money. However, they don’t disclose the content of a database (Kure & Islam, 2019; Mhatre, Pegna & Brdiczka, 2018; Visbal, 2019).

Sample Paper For Above instruction

Risk and Threat Assessment in Modern Digital Environments

In the contemporary landscape marked by rapid technological advancement and pervasive digital integration, organizations and individuals face an array of evolving risks and threats that threaten their security, data integrity, and operational continuity. This paper aims to provide a comprehensive assessment of these risks and threats, emphasizing how innovations such as runtime application self-protection, e-commerce systems, and distributed databases are vulnerable to malicious activities, thereby necessitating robust security frameworks.

The proliferation of complex software and operating systems has escalated the sophistication of cyber threats. Hackers and cybercriminals continually develop more advanced methods to bypass security measures. Runtime application self-protection (RASP) has emerged as an essential security mechanism, embedding security controls directly into applications. This technology enables real-time detection and prevention of attacks, safeguarding applications from runtime threats. As Sirle et al. (2020) have highlighted, integrating security into the application runtime environment significantly enhances threat resilience.

Online transactions, integral to e-commerce, have transformed traditional commerce but also expanded the attack surface. These activities involve sensitive information such as credit card details, personal data, and financial records, making them lucrative targets for cybercriminals. Phishing, hacking, data misuse, and malware are predominant threats that exploit vulnerabilities in online payment systems. For instance, stolen credentials can enable unauthorized account access, leading to financial losses and privacy breaches (Kure & Islam, 2019). Moreover, the reliance on internet service providers introduces risks associated with connectivity issues, system bugs, and payment conflicts, disrupting service availability and reliability.

Technical glitches and anomalies within electronic payment systems further exacerbate security risks. Denial-of-service (DoS) attacks disrupt service availability, causing significant operational costs and customer dissatisfaction. Electronic cash systems, such as digital wallets, are also susceptible to backdoor attacks where malicious actors gain unwarranted access through bypassing authentication mechanisms (Mhatre, Pegna & Brdiczka, 2018). These attacks underscore the critical importance of implementing multi-layered security protocols.

Malware, including viruses, worms, spyware, adware, and Trojan horses, pose pervasive threats to computers, networks, and mobile devices. Malware can corrupt, steal, or destroy data, hijack operating systems, or turn compromised devices into bots for large-scale coordinated attacks like botnets. Notably, malware such as ransomware encrypts critical data, demanding payment for decryption (Kim et al., 2021). Mobile malware, increasingly prevalent, demonstrates the vulnerability of mobile platforms to the same cyber threats as traditional computers. The proliferation of mobile applications necessitates rigorous security measures tailored for mobile ecosystems.

In distributed database environments, vulnerabilities are magnified due to the complexity of managing access control and ensuring data integrity. Excessive privileges granted to database users pose significant risks, as misuse or abuse of privileges can enable unauthorized data access or modifications. Stricter access control policies are vital to mitigate privilege abuse (Visbal, 2019). Additionally, SQL injection remains a critical threat; malicious actors inject SQL code into web applications, gaining unrestricted access to backend databases, leading to data breaches and loss. Both traditional SQL databases and NoSQL systems are susceptible, emphasizing the need for secure coding practices.

Database backup security represents another critical aspect of threat management. Backup files often contain sensitive data and are targets for hackers if left unprotected. Regular, encrypted backups stored in secure locations help prevent data leakage and facilitate recovery after attacks. Furthermore, misconfigurations in database systems, often due to default settings or human errors, provide attack vectors for malicious actors. Exploiting such vulnerabilities enables attackers to compromise systems, exfiltrate data, or launch denial-of-service attacks.

As cyber threats evolve, organizations must adopt a multi-layered security approach incorporating proactive measures such as intrusion detection systems, regular vulnerability assessments, encryption, and robust authentication mechanisms. Continuous staff training on security best practices and updating security policies are essential to maintain resilience against emerging threats. The integration of security-aware development practices and deploying advanced security technologies such as behavioral analytics and AI-driven threat detection further strengthen defenses.

In conclusion, the landscape of cyber threats encompasses a broad spectrum of risks pertaining to online transactions, application security, and database management. Addressing these challenges requires vigilant security measures, technological innovation, and organizational commitment to preserving data integrity, confidentiality, and system availability. As technological innovation continues to accelerate, so must the strategies to mitigate associated risks, ensuring secure digital environments for all stakeholders.

References

• Kim, H., Lee, S., Park, J. (2021). Ransomware Threats and Defense Mechanisms in Modern Networks. Journal of Cybersecurity, 12(3), 45-59.
• Kure, H. I., & Islam, S. (2019). Assets focus risk management framework for critical infrastructure, cybersecurity risk management. IET Cyber-Physical Systems: Theory & Applications, 4(4), 229–239.
• Mhatre, H., Pegna, D. L., & Brdiczka, O. (2018). Detecting Malware in Mobile Devices Using Behavioral Analysis. U.S. Patent No. 10,050,985. Washington, DC: U.S. Patent and Trademark Office.
• Sirle, M., et al. (2020). Enhancing Application Security with Runtime Application Self-Protection Systems. Journal of Information Security, 15(2), 105-120.
• Visbal, A. (2019). Securing Distributed Databases: Challenges and Solutions. U.S. Patent Application No. 16/256,862.
• Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
• Fernandes, D., et al. (2022). The Evolving Threat Landscape in Cybersecurity. Computer Security Journal, 38(1), 22–45.
• Gandhi, P., & Chandiramani, R. (2019). Mobile Security and Threats in the Digital Age. Journal of Mobile Computing & Application, 5(3), 12-29.
• Smith, J., & Brown, T. (2023). Advances in Cybersecurity Technologies: AI and Machine Learning in Threat Detection. Cyber Defense Review, 8(1), 59-75.
• Zhao, Y., et al. (2021). Big Data Security Challenges and Solutions. IEEE Transactions on Big Data, 7(2), 183–197.