n this assignment, you will consider the major security threats to an organization, and demonstrate your understanding of how to prevent these threats from materializing.
Using the South University Online Library or the Internet, research about the following:
- Web applications
- E-mail clients
Scenario
Paul Gray is the proprietor of a small share trading company allowing individuals to enter the stock market. He is currently running it with manual procedures and communicating with his clients using a free e-mail service provider and Skype telephone. He is planning to convert it to an online share trading company, but he is aware that there are security concerns when doing this. Gray needs his online trading portal to have the following key requirements:
- It should allow its registered users to trade from any net-enabled PC.
- It should allow real-time portfolio tracking.
- It should enable instant credit and money transfer.
- Its users should be able to communicate with the company using any e-mail service, free or paid.
You have been hired as a security consultant for Gray. You need to respond to the following queries in your initial meeting with Gray:
- What are the possible security threats to the online trading portal? Who would be interested in attacking the portal? Why?
- How may these security threats be mitigated? What are a few strategies that can be used to deter or prevent unauthorized use? At this point, these suggestions can be preliminary and non-technical, but they should suggest means of preventing or deterring attack on the system.
Gray does not realize that there are security threats to his current business model as well. Respond to the following questions related to the security concerns in Gray’s business model:
- What possible threats exist on free e-mail services? Consider the possible gain an attacker may have from attacking this system and enumerate several reasons why this would be a viable attack. Consider the risk of getting caught attacking this system. When would the payout make the attack worthwhile to the attacker? What factors would make this an undesirable target?
- How is the free e-mail service different from the share trading portal? Analyze which of these systems represents a greater potential gain for the attacker and justify your conclusion. Which system carries more associated risk to complete the attack? Give examples to justify your answer.
0 comments