Network Information

Network Information and Security – Threat Assessment

Introduction

The main purpose of this report is to critically discuss the threat assessment and penetration testing which are determined in concern of the network information and the security.

In this report, the deep analysis of the threat assessment or penetration testing is done that is quite beneficial for the users in order to understand the criticalness of the network information and the security aspects.

At the same time, the several advantages and disadvantages are also identified related to the threat assessment and penetration testing. Apart from this, the recent development parts of the information security such as cloud security, social network security, smartphone security, and the recent security bugs, etc. are also defined.

In the end, an effective conclusion is also made and included in this report study with respect to efficiently understand the topic.

Discussion

Description of the Threat assessments and Penetration Testing

While concerns the network information and security, it is determined that the threat assessment is also known by the name of risk assessment that is done under the cybersecurity (Halabi and Bellaiche, 2017).

In this manner, the cybersecurity threat or risk assessment is the continuous process in which identification, analysis, and evaluation of cyber risk, etc steps are included in respect to eliminate or reduce the cyber threats permanently so that information security and privacy can be maintained (Porcello et al., 2017).

In other words, under the risk assessment, the identification of various information assets is done which could be impacted by cyber attacks and then determines the different risks which could affect those identified assets.

In addition, it is also identified that the threat or risk assessment is the crucial part in respect of the risk management strategy of any company as well as organization.

Moreover, nowadays, most of the organizations rely on information technology as well as an information system in order to organize and operate the business with facing any cybersecurity risk (Farah et al., 2015).

At the same time, risk assessment also has the purpose to ensure the cybersecurity controls as to whether these cyber security controls are appropriate for the organizational risks that are faced by them.

Moreover, without an effective risk assessment system, it is a waste of time, resources and efforts to deal with the cybersecurity risks.  Generally, risk estimation and risk evaluation are performed, followed through the selection of control in order to treat the identified risks.

That is why it is quite necessary to monitor and review the risk environment continuously for detecting any changes in respect of the organization (Such et al., 2016). Similarly, it is also important to maintain an overview related to the complete risk management procedure.

Apart from the threat assessment, penetration testing is also called by the name of pen teasing or ethical hacking. It is determined as the practice of testing that is undertaken on the computer system, network or the web application in respect to determining the security vulnerabilities which can be exploited by attackers (Kolias et al., 2016).

In addition, it is also found that penetration testing may be automated along with the software applications as well as performed manually.

Furthermore, the process of the penetration testing includes the collection of information in the relation of the target before having any test,  determining the possible entry points, attempting for the break in either real or for virtually and the last one point is reporting back the findings that are also included under the penetration testing (Felderer et al., 2016).

Determine the advantage and disadvantages of the threat assessment and penetration testing

After concerning about the risk assessment and the penetration testing, it is reflected that both the process of risk assessment and the penetration testing in terms of network information and security have number of advantages and disadvantages too that are essential for all the cyber security users to be understood so that these processes can be adopted effectively and without having any issue (Shameli-Sendi et al., 2016).

In this way, there is a need to define the advantages and disadvantages separately so that these can be understood separately.  In this manner, the advantages and disadvantages of risk assessment under the network information and security are as follows:

Risk Assessment:

Advantages

  • With the help of risk assessment, it is very easy to identify and classify the information assets.
  • By conducting the risk assessment process, it becomes easy to conduct a baseline risk assessment because it provides a snapshot of the organization (Such et al., 2016).
  • The risk assessment helps the cybersecurity experts to identify the threats and threats agents.
  • After performing the risk assessment, it can be ensured by IT employees that all the security controls are appropriate for information security (Faruki et al., 2015).

Disadvantages

  • It is quite difficult in order to perform under the organization without having appropriate expertise.
  • It is required unnecessary resources for accomplishing the business objectives.
  • It is a too time-consuming process which wastes more time of the management (Shin et al., 2017.).

Penetration Testing:

Advantages

  • It is effective to identify the range of vulnerabilities under the organization.
  • With the help of this testing, small vulnerabilities are also examined (Halabi and Bellaiche,2017).
  • After accomplishing the penetration testing, its report is capable to provide specific advice to the organization.

Disadvantages

  • There is an issue of tester trustworthiness.
  • Under this testing, unrealistic test conditions are also determined.
  • If it is not done properly, then this can be the cause of a lot of damages which are not good for the organization’s information security (Rovida et al., 2015).

Critically evaluation of the recently developed parts in information security

Cloud Security or Privacy

The cloud computing security or cloud security is referred to a broad set of different policies, technologies, applications and the several controls utilized for preventing the virtualized IP, data, applications, different services and the related infrastructure of the cloud computing (Zhang et al., 2015).

Usually, cloud security is defined as the sub-domain associated with computer security, various network securities, and information security. In this manner, the risk assessment is an essential part of cloud security as it attracts several issues related to cybersecurity and network information.

In this manner, could computing provide the storage capabilities to the users but at the same time, it involves some security-related aspects too (Zhou et al., 2017).

Social Network Security or Privacy

These are the primary sources for users with respect to communicating as well as keeping in touch with their friends, family, and relatives (Zhang, 2018).

In this, users are capable to share different pictures, post updates, and reveals some sort of personal information about them that is why it is the prime target for the criminal activities.  In this manner, there is a need for appropriate security controls as well as risk assessment tools so that these sites can be kept safe and private.

For example, Facebook is one of the major sources of criminals for information.

Smart Phone Security

In like manner of social network sites, smartphones are also the crucial part of the user’s life as it contains several private information, pictures, and other things so it is also the main target of the cybercriminals and hackers so that they can hack the person’s private information. In this way, it is also important for users to keep their smartphones safe so that privacy can be maintained (Martínez-Pérez et al., 2015).

At the same time, there is much information related to the banks and the businesses that are saved by the users in their smartphones that is why it becomes more essential to manage the smartphone security to stay safe and keep the private things private. In this, fake id, and I cloud security are the main focus areas.

Recent Security Bug

The Security bugs are defined as the software bug which can be exploited for gaining unauthorized access as well as privileges on a computer system.

In addition, security bugs usually introduce the security vulnerabilities through compromising one as well as more of authentication of the users and others entities, the authorization of access the rights and privileges, the data confidentiality and the data integrity, etc (Ferraiuolo et al., 2017).

In this way, there are some causes such as Software developer training, Software engineering methodology, and the Quality assurance testing, etc that are considered as the root causes that can be traced for absent or inadequate.

Conclusion

At the end of this report study, it is concluded that the threat assessment or penetration testing is one of the major concern aspects in the computer networking and the information security as with the help of threat assessment and penetration testing,

it is quite beneficial for identifying the relevant issues and addressing them efficiently so that information security and privacy can be maintained without hindering any aspect.

References

Porcello, D. and Wies, O., RAPID FOCUS SECURITY LLC, 2017. System and method for remotely conducting a security assessment and analysis of a network. U.S. Patent 9,544,323.

Such, J.M., Gouglidis, A., Knowles, W., Misra, G. and Rashid, A., 2016. Information assurance techniques: Perceived cost effectiveness. Computers & Security60, pp.117-133.

Kolias, C., Kambourakis, G., Stavrou, A. and Gritzalis, S., 2016. Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials18(1), pp.184-208.

Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R. and Pretschner, A., 2016. Security testing: A survey. In Advances in Computers (Vol. 101, pp. 1-51). Elsevier.

Halabi, T. and Bellaiche, M., 2017. Towards quantification and evaluation of security of Cloud Service Providers. Journal of Information Security and Applications33, pp.55-65.

Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of information security risk assessment (ISRA). Computers & Security57, pp.14-30.

Such, J.M., Gouglidis, A., Knowles, W., Misra, G. and Rashid, A., 2016. Information assurance techniques: Perceived cost effectiveness. Computers & Security60, pp.117-133.

Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M. and Rajarajan, M., 2015. Android security: a survey of issues, malware penetration, and defenses. IEEE communications surveys & tutorials17(2), pp.998-1022.

Shin, J., Son, H. and Heo, G., 2017. Cyber security risk evaluation of a nuclear I&C using BN and ET. Nuclear Engineering and Technology49(3), pp.517-524.

Halabi, T. and Bellaiche, M., 2017. Towards quantification and evaluation of security of Cloud Service Providers. Journal of Information Security and Applications33, pp.55-65.

Rovida, C., Alépée, N., Api, A.M., Basketter, D.A., Bois, F.Y., Caloni, F., Corsini, E., Daneshian, M., Eskes, C., Ezendam, J. and Fuchs, H., 2015. Integrated Testing Strategies (ITS) for safety assessment. ALTEX-Alternatives to Animal Experimentations32(1), pp.25-40.

Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X. and Luo, H.H., 2015. Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Communications22(4), pp.104-112.

Zhou, J., Cao, Z., Dong, X. and Vasilakos, A.V., 2017. Security and privacy for cloud-based IoT: Challenges. IEEE Communications Magazine55(1), pp.26-33.

Martínez-Pérez, B., De La Torre-Díez, I. and López-Coronado, M., 2015. Privacy and security in mobile health apps: a review and recommendations. Journal of medical systems39(1), p.181.

Ferraiuolo, A., Xu, R., Zhang, D., Myers, A.C. and Suh, G.E., 2017, April. Verification of a practical hardware security architecture through static information flow analysis. In ACM SIGARCH Computer Architecture News (Vol. 45, No. 1, pp. 555-568). ACM.

Farah, T., Alam, D., Kabir, M.A. and Bhuiyan, T., 2015, October. SQLi penetration testing of financial Web applications: Investigation of Bangladesh region. In 2015 World Congress on Internet Security (WorldCIS) (pp. 146-151). IEEE.

Zhang, D., 2018, October. Big data security and privacy protection. In 8th International Conference on Management and Computer Science (ICMCS 2018). Paris: Atlantis Press.

 

Leave a Comment