Network security can be defined as the set of practices and policies that are eventually adopted for the purpose of preventing as well as monitoring any type of unauthorized access, modification, denial or misuse of the computer network or network accessible resources (Laudon and Laudon 2016). The following report outlines a brief discussion on the case study of Comodo Certificate Authority Fraud Hack. There are several confidential data of the clients for the small business and hence the privacy should be ensured at any cost. This report will be researching on the Comodo Certificate Authority Fraud Hack for analysis of security risks and their respective solutions.
IT security or computer security can be defined as the significant protection of several computer systems either from damage or theft to the respective software, hardware and electronic data (See Appendix A). This even help in stopping from any type of misdirection or disruption of the services they are eventually providing. IT security involves the control of physical access to the system hardware and protection against harm or damage that are done through network access, code injection as well as malicious data. Any type of attack or problem in the IT security is termed as IT security problem (Bajdor and Grabara 2014). These types of attacks can either be accidental or intentional.
In the year of 2011, the infamous Comodo Certificate Authority Fraud Hack took place and all the IT organizations were concerned for the data security of their network. A contractor maintains the several networks of various business clients, who have received payments for services (Grimes, R. 2018). For the purpose of ensuring privacy and security of the confidential data or information, proper measures should be undertaken. The various attacks of the IT security could be extremely vulnerable and hence their data will be lost forever.
In the case study of Comodo Certificate Authority Fraud Hack, an Iranian hacker duped the certification authority to issue the digital certificates into either one or more unauthenticated parties (Demir and Krajewski 2013). This hacker moved some critics to call for both Microsoft and Mozilla for the purpose of removing Comodo as the most trusted rooted certification authority. He generated certificates for various popular sites like Google, Yahoo, Skype and Live.com.
In respect to this popular hacking case study, the various information system security risks that are dangerous for the organization and data of small business clients are given below:
iii) Spyware: Computer spyware can be defined as the specific software, which aims for gathering information or data regarding any organization or person without taking permission for accessing the data from the authenticated user. There are eventually four types of spyware, which are adware, Trojans, tracking cookies and system monitors (Peltier 2013). This particular malicious software is mostly utilized to track as well as store the respective movements of the Internet users, by either serving up the pop up ads or by sending suspicious links.
vii) Threat to Digital Certificate: The Comodo Certificate Authority Fraud Hack was regarding this particular IT security attack. The digital certificate can be defined as the electronic passport, which enables the computers, persons or organizations for exchanging confidential information securely over the Internet connection with the help of PKI or public key infrastructure (Singh 2013). The other name of this public key infrastructure is the public key certificate. There is a major threat to the digital certificate and hence it should be protected with proper measures for this particular organizational data.
The proper analysis of the above mentioned risks after researching Comodo Certificate Authority Fraud Hack is done eventually (See Appendix B). These risks, however, could be easily mitigated or reduced with proper mitigation strategies (Feng, Wang and Li 2014). The proposed solutions for all the identified risks to the confidentiality of data or information are given below:
iii) Solution for Spyware: A proper antispyware technology should be implemented within the network of the organization by the IT engineer for securing the confidential information or data of the small clients. Several vendors are present, who are absolutely reluctant to use adware as the users’ consents often raise liability issues (Von Solms and Van Niekerk 2013). With the help of this antispyware technology, the organizational IT engineer can easily detect or prevent the computer spyware efficiently without much hassle or complexities. Moreover, the Trojans, adware and other types of spyware will also be stopped with this technology and hence it is termed as one of the most important and significant solution for the computer spyware.
vii) Solution for Digital Certificate Threats: The trusted certificate authorities or CAs should be utilized in this type of threats and for this purpose the organization should remove all the previously existing CAs from their systems and add only the CAs that are obtained from the PKI (Demir and Krajewski 2013).
Conclusion
Therefore, from the above discussion, conclusion can be drawn that the kind of network security even includes the authentication of data access within the network that is being controlled by the respective network administrator. The users can either choose any specific username or password for authenticating the information within the authority. Network security comprises of the combination of computer networks like private and public. Hence, the transactions as well as communications within the departments of any particular organization are extremely easier with this security. The above report has clearly mentioned about the detailed security risks with measures for the case study.
The organization can face several significant IT security risks like distributed denial of service attack, computer viruses, eavesdropping, phishing, spoofing, data breaching, spyware and many more. These above mentioned security risks are extremely vulnerable for the organizational network; however, these risks could be easily prevented with proper precautions. The following recommendations will be extremely effective for this organization.
iii) Changing Passwords Periodically: The third significant recommendation of the case study is that the passwords should be changed periodically. This particular measure is responsible for securing the confidential information to a great extent and thus overall security is enhanced.
References
Bajdor, P. and Grabara, I., 2014. The Role of Information System Flows in Fulfilling Customers’ Individual Orders. Journal of Studies in Social Sciences, 7(2).
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & management, 51(1), pp.138-151.
Castronova, A.M., Goodall, J.L. and Ercan, M.B., 2013. Integrated modeling within a hydrologic information system: an OpenMI based approach. Environmental Modelling & Software, 39, pp.263-273.
Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information assurance & security. In 2013 International Conference on Availability, Reliability and Security (pp. 546-555). IEEE.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.
Demir, I. and Krajewski, W.F., 2013. Towards an integrated flood information system: centralized data access, analysis, and visualization. Environmental Modelling & Software, 50, pp.77-84.
Feng, N., Wang, H.J. and Li, M., 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information sciences, 256, pp.57-73.
Grimes, R. 2018. The real security issue behind the Comodo hack. [online] CSO Online. Available at: https://www.csoonline.com/article/2623707/hacking/the-real-security-issue-behind-the-comodo-hack.html [Accessed 18 Aug. 2018].
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Klukas, C., Chen, D. and Pape, J.M., 2014. IAP: an open-source information system for high-throughput plant phenotyping. Plant physiology, pp.pp-113.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule compliance. Computers & Security, 33, pp.3-11.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education India.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill Education.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.
We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.
Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.
Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.
Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.
Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.
Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.
We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.
Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.
You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.
Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.
Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.
You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.
You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.
Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.
We create perfect papers according to the guidelines.
We seamlessly edit out errors from your papers.
We thoroughly read your final draft to identify errors.
Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!
Dedication. Quality. Commitment. Punctuality
Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.
We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.
We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.
We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.
We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.