Risk Analysis for A New Website
Managing the digital Firm provides the most comprehensive overview of information systems used by business firms today, while drawing connections between MIS and business performance. Internet of things (IoT) for quite some time has been a key topic where researchers have spent time on it trying to connect physical objects as a result of convergence of several technologies. Considering the fact IoT is developing at a higher growth rate, IoT is very vulnerable to risks related to security and privacy which makes it difficult for tangible growth. IoT has four major key levels which include; Perception layer, network layer, middle-ware layer and application layer. Perception layer involves different types of data sensors like BFID and barcodes. Basically, this level deals objects that are unique and uses data collected from the real world. Second, Network layer has a function to convey the information gathered from the perception layer to a specific information processing system through the internet, mobile networks and the likes.
The major IoT security goals include provide appropriate identity authentication mechanisms and high level data confidentiality (Bocij, et al., 2014) In IoT, there is a security triad known as CIA triad where a special feature for the development of mechanisms related to privacy implement the security by enforcing confidentiality integrity and availability. In case one of the three is breached, it can cause a serious issue to the system and therefore they must be highly considered. Data confidentiality provides the sense of freedom of privacy where by users sensitive information is protected from disclosure by the unauthorized parties and hence can only be accessed by permitted users only. Second, data integrity is the protection of helpful information from the cybercriminals or the external interferences during transmission and reception with some common tracking methods so that the data cannot be tampered without the system catching the threat. Third, data availability ensures there is fast and easy getting in by the appropriate persons to the information even in difficult times. Basically, it’s to ensure that information is always available to the users whenever required.
Security issues and challenges are also key factors to consider whenever it comes to online projects. Threats in each layer needs to be given more attention when it comes to security challenges and the discussion as follows (Maurer, 2015). Perception layer consists of a range of technologies that are left to dangerous threats such as unauthorized access to the tags. As a result of poor authentication mechanisms in most numbers of inline gaming, tags can be easily accessed by someone without necessarily the need of authorization. The harm in this is that not only will a crooked person read the information but he/ she can as well as delete or even modify the data which is a great harm. Second, spoofing is a threat when an attacker introduces fake information to the gaming system which in return makes it to assume its originality falsely which makes it appearing from the original source. Third, eavesdropping is another threat where the wireless attribute of online gaming becomes very vulnerable to attackers.
At the network layer level, challenges include Sybil attack, sleep deprivation attack, sinkhole attack and denial of service (DoS) attack. Sybil attack is a kind of danger where by the attacker corrupts the node to present multiple identities for a single node (Kaaniche, et al., 2007). Second, there is also another attack known as denial of service, in this attack the system is filled with a lot unnecessary traffic by an attacker hence causing exhaustion of resources of the targeted system. Lastly, an attack known as sinkhole is a type of attack in which the attacker makes the corrupted network more accommodative compared to the other stable networks resulting into the corrupted nodes attracting data more than the stable nodes. This results in to dropping of packets.
At the middle ware layer level there are several challenges which include; unauthorized access, malicious insider and DoS attack (Dehling, et al., 2015). Talking of denied access, a nasty person can often cause danger by making getting into the system difficult to the related functions of IoT or else by doing away with the data in existence (Dehling, et al., 2015). Second, DoS attack at this level turns off the system that in return results to lack of the services. At application layer level, the challenges include; malicious code injection and sniffing attack. Malicious code injection is situation whereby an attacker can introduce the viruses on the system from a user by using various methods of hacking making the hacker to introduce corrupt codes into the gaming system (Dehling, et al., 2015). On the other side, sniffing attack is whereby an attacker introduces an application of sniffer into the system of gaming resulting into accessing network information causing damage to that particular online gaming system.
As a basic concept, every challenge has a solution, the security challenges discussed above have the solutions which am going to discuss to below. Middle ware and application layer have a security categorization which include authentication, intrusion detection, risk assessment and data security (Dehling et al., 2015). Not forgetting the perception layer, several securities are offered, this include; authentication and Data privacy whereas at the network layer security is divided into three types which include authentication, routing security and data privacy.
Talking of risks vulnerable to a new website, here are the risks; security, maintenance and skill level (Laudon, 2011). Weak security increases the chances of making some nasty persons to enter in to your website and corrupt it fully or partially. To avoid this, it is always good and advised for one to use a hosting company for your site, alternatively if one is a having a backup system it easy to access the previous saved version since all you need is to press one button. Second, whenever creating a website one need to be responsible for its maintenance. This means that by creating an online gaming site the owner should be responsible of its maintenance. Basically, when talking about maintenance it’s not about content like text and projects, it is the updating word press and plugins. The owner of the website needs to do this regularly so as to ensure that he/she keep up to date with security patches. It is not hard to do; you just log in to your site and it will tell you what needs to be updated by clicking on dashboard then updates (Laudon, 2011). The key thing is to regularly check the site for those updates. Third, skill level is also a key factor when talking of risks affecting a new website. If the owner of a website is not well equipped with the knowledge to run a website then it is highly recommended for him/her to hire someone to run the account on his behave, that is if the owner does not want to be hosted by someone else owning a website.
Top database threats noticed over the last couple of years are discussed thoroughly in this paragraph. First, excessive privileges, in case the owner of the online gaming gets a default database privileges that exceed the requirements of their job functions, these privileges can be abused (Maurer, 2015). Second, legitimate privilege abuse, user’s abuse legitimate database privileges for unauthorized purposes. Third, database injection attacks, when talking of this there are two major types of database injection attacks which are SQL and NoSQL injections. SQL injections target traditional database systems whereas NoSQL injections target big data platforms. Fourth, malware, it is an annual threat that is used to steal sensitive data through legitimate users using infected devices (Maurer, 2015). Fifth, storage media exposure, this is exposing of the storage sites to outsiders who are not allowed to access the sites. In online gaming the owner should ensure that the gaming history and games are well stored from hackers and the nasty characters in the cyber industry.
Sixth, unmanaged sensitive data, most people find it difficult to maintain accurate inventory of their databases and the crucial data in them and this is not an exceptional to the online gaming database. Lastly is the human factor that according to research has resulted in to more than forty percent of data breach incidents, also known as human negligence (Maurer, 2015). This also caused by lack of skills and knowledge required to enforce security controls and conduct incident response processes. Online gaming database is not an exceptional when it comes to human negligence since either way these databases will be at some point be governed by human, and as the old saying states that human is to error, human negligence will be experienced at some point.
Solutions to risks of new databases include; assessing for any database vulnerabilities and identifying sensitive data, blocking nasty web requests, managing users in getting rights and removing excessive privileges and dormant users, automating auditing with a protection platform, archiving external data and encrypting databases and finally training employees on risk mitigation techniques and how to recognize common cyber threats (Lewis, 2006).
Here are the risks of a CRM; invalid project assumptions, data conversion delay, lack of continuity of business among multiple locations as well as the introduction of sub optimization by some locations and finally project establishment omissions (Gartner, 2009). Other risks of a software as a service CRM include; downtime and SLAs, System integration, information security, software customization and total cost of ownership (TCO). First, incase downtime happens to the online gaming software, the business will ultimately be rendered. Second, when talking about information security, in online gaming security is highly required in maintaining the privacy around information assets. In this case, the information assets are the gaming sites and the score sites. The two should be highly secured to avoid causing nightmares to the clients. For example, a client will be very disappointed when the scores in a game gets corrupted while in the middle of the game. This will lead to loss of several clients. This risk can be mitigated by ensuring that the gaming software has a strong and updated information security plan backed with both security protocols and disaster recovery methods (Gartner, 2009). Third, whenever dealing with CRM, the owner of the gaming project should be very keen when it comes to how all the systems in that software get linked together so as to minimize wastage of time by keeping records manually.
A mitigation strategy to this risk is getting to get help from vendors who hire out tools and equipment needed to conduct standards-based system integration. Another risk related to CRM is software customization. In case there is a failure in the function of a CRM software that either way cannot be corrected using software customization or any other practically accepted method, then a lot of labor and time will be wasted hence reducing productivity and profits expected from the gaming business (Wilson, et al., 2002). To counter this, leading CRM systems which the owner of the gaming project should use have come up with PaaS tools that basically allow customization to take place thus increasing productivity and profits.
Since all risks have a management strategy, the following are the management strategy of the risks of CRM; engage the customer at the beginning of the project with a well written charter that outlines the objectives and success criteria and business problems the project intends to solve, complete training as early as possible in the project, train end users constantly throughout the project (Lemon, et al., 2002). Besides that, always have documented deployment steps and checklists, frequent effective communications with customer.
An information system means software, hardware, procedures, data and computer networks used in institutions for day to day activities. The function online gaming system is to gather, secure and distribute the gaming data to ensure that gaming is effective (Bocij, et al., 2014). Now, in software there is normally a big challenge when it comes to connecting an old information system and a new information system. This is likely to happen due to missing codes and coordinates when trying to fit the two information systems together. This can be avoided if only the owner of the online gaming project asks for help from well skilled personnel in the field of software.
In conclusion, this paper has greatly discussed the critical security analysis which the ABC company should consider when setting up their online job for renting and paying online games. At the introduction of this paper Internet of Things (IoT) has been discussed as it forms very concrete bases when it comes to new and existing software in the technological world. IoT is very vulnerable to risks related to security and privacy which makes it difficult for tangible growth. Besides that, this paper has fully discussed the risks vulnerable to ne websites together with their mitigation strategies. Security, maintenance and skill level are the risks to new website just to mention a few. Risks to new database in relation to the online gaming software has been fully discussed in this paper and also the mitigation plans given. To mention a few Excessive privileges, legitimate privilege abuse, database injection attacks, malware, storage media exposure, unmanaged sensitive data and human factor are the risks connected to new databases. On top of that, CRM risks and ways to counter them have been fully discussed in this paper. Finally, the risks of the link to the existing information systems to the new information system has also been discussed in length.
References.
Bocij, P., Greasley, A., & Hickie, S. (2014). Business information systems: Technology, development and management.
Maurer, R. (2015). Top Database Security Threats and How to Mitigate Them. Retrieved from; https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database- security-threats.aspx
Dehling, T., Gao, F., Schneider, S., & Sunyaev, A. (2015). Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and Android. JMIR mHealth and uHealth, 3(1), e8.
Gartner, Inc (2009) “Gartner Says Worldwide CRM Market Grew 12.5 Percent in 2008”, Retrieved from; Available from: http://www.gartner.com/it/page.jsp?id=1074615
Kaaniche, M., Deswarte, Y., Alata, E., Dacier, M., & Nicomette, V. (2007). Empirical analysis and statistical modeling of attack processes based on honeypots. arXiv preprint arXiv:0704.0861.
Laudon, K. (2011). Management information systems mymislab with pearson etext access card. Place of publication not identified: Prentice Hall.
Lemon, K. N., White, T. B., & Winer, R. S. (2002). Dynamic customer relationship management: Incorporating future considerations into the service retention decision. Journal of marketing, 66(1), 1-14.
Lewis, J. A. (2006). Cybersecurity and critical infrastructure protection. Center for Strategic and International Studies (Washington, DC).
Wilson, H., Daniel, E., and McDonald, M., 2002. “Factors for Success in Customer Relationship Management Systems, “Journal of Marketing Management, (18), pp.193-219