Blog #4: “If I am a computer security consultant...”
Image Source: https://www.insurancebusinessmag.com/ca/news/breaking-news/edc-bungles-it-security-consultant-announcement-45156.aspx
To start, a computer security consultant, according to Cyber Degrees website, has a role in designing and implementing the best security solutions for the needs of an organization. He/she gives advises and guides firm/s about the security level of their computer system.
Now, assuming that I am a computer security consultant, though I may not be good at this since I am only assuming, I will be giving advises about security measures to four (4) customers, with different types of organizations and business activities they have, listed below.
1) An online company who accepts credit card details wants to secure its customers’ details, and safeguard against damage
In this kind of company, since it is online, this company is vulnerable of hacking of credit card details where details gathered by the hackers may be used illegally and destroy the company. Also, credit card fraud, where fraudsters stole cardholder’s information and illegally use it even without the card’s physical presence (Bounaguidi, B., 2017).
These threats came from the hackers external to the company who are technically challenged and wanted to explore even in illegal ways, some likes to expose the vulnerability of the security levels of companies. The internal threats are those spies who worked inside the company that may secretly gather credit card information and other company details relevant to the competitors, or those employees who are assigned to secure information but are tempted to secretly use them illegally, as some employees cannot be trusted verily.
The technical security measures for these crimes are first for the company - they should encrypt the credit card and customer’s data to further secure, they must have a program where they can continuously monitor cardholder expenditure and information, and have a tight security department which monitors, investigates, and protects the company business. As for the customers, the company should give guidelines on how to protect themselves against credit card hacking, on what they should do and not do for them to be knowledgeable and aware.
2) A communications company employing a lot of young, technically able people, wants to ensure its online facilities are not being abused
In this company, since most employees are still young, the crimes that are likely to be committed are abuse of company’s time and resources which affects business’s productivity and profit to decline by doing things that are unrelated to their job, downloading a software or inappropriate material from the Internet illegally which is still not related to the company, and hacking company’s restricted areas. (Duquenoy, P.,et.al., 2008)
The internal threats would be from the young employees who have adventurous minds and likes to explore when curiousity comes in, and also they’re technically able which means they can do things technically to the point that its beyond the company policies about employees. The external threats would be outsiders like hackers who tries to invade the communication networks of the company and plant malware if security is not strong enough. (Duquenoy, P.,et.al., 2008)
The security measures that fit for these are workplace monitoring and auditing software installation so that young employees can be monitored of their activities real-time. To limit employees from accessing the Internet abusively inside the company, use firewalls, and increase the security level of Internet so outsiders cannot easily invade the network communication. The company must also increase their level of security in network communication against outsiders. (Duquenoy, P.,et.al., 2008)
3) A high-security establishment needs to ensure that only authorized users can access certain parts of the system
The likely crimes to be committed here according to Duquenoy, P.,et.al. (2008) are security breaches where no matter how high the security, invaders will always try to find a way to get through it with advanced computing or hacking. Next is hacking into restricted parts of the network or system.
The internal threat is that the people who worked inside the establishment who are unauthorized to access certain parts of the system are likely to commit those crimes, and external threat is the same here also where they are unauthorized personnel outside the establishment. (Duquenoy, P.,et.al., 2008)
For this case, the security measures are first, to set access rights and privileges across the network, they must have an access control software. Next is an highly thorough enforced password system that ensures that only authorized users can have an access to some system parts. For the most sensitive parts of the system, it is recommended to use high security system which is biometric identification. (Duquenoy, P.,et.al., 2008)
4) A private consultant has a contract with a research organization working on highly sensitive issues. He needs to be sure his communications are secure, and some of the documents he sends might be used as legal proof of his recommendations
In this case, it involves documents with highly sensitive information. The likely threats here are document theft with the purpose of corporate espionage or spying, fraud, and blackmail. (Duquenoy, P.,et.al., 2008)
The threat internally may be disloyal employees who are being secretly paid much from external people to spy inside the organization. But mostly are external threats which includes rivals and competitors who finds ways to get ‘not releasable’ information from the company. (Duquenoy, P.,et.al., 2008)
For this case, the appropriate security measures are strong encryption and digital signatures which adds strong additional security to transferring and authenticating files. (Duquenoy, P.,et.al., 2008)
References:
Cyber Degrees (2018). Becoming a Security Consultant. Retrieved from https://www.cyberdegrees.org/jobs/security-consultant/. Accessed 26 October 2018
Bounaguidi, Bruno (2017, July 10). Credit card fraud: what you need to know. Retrieved from http://theconversation.com/credit-card-fraud-what-you-need-to-know-78542. Accessed 26 October 2018.
Leviticus, Jill. "How Do Employees Steal Time While at Work?" Small Business - Chron.com, http://smallbusiness.chron.com/employees-steal-time-work-38624.html. Accessed 28 October 2018.
Duquenoy, P., Jones, S., et.al. (2008). Ethical, Legal and Professional Issues in Computing. Australia, USA: Thomson.












