Side Panel Expand side panel Breadcrumb: Week 1 Discussion Previous Next For thi

Question

Side Panel

Expand side panel

Breadcrumb:

Week 1 Discussion

Previous Next 

For this discussion, you will need to address all of the questions below and be sure to participate fully by responding to your classmates and instructor. References are required to support your analysis and citations should be included in APA format.

Consider the following scenario:
Paul Gray is the proprietor of a small share trading company that allows individuals to enter the stock market. He is currently running it with manual procedures and communicating with his clients using a free e-mail service provider and Skype telephone. He is planning to convert it to an online share trading company, but he is aware that there are security concerns when doing this. Gray needs his online trading portal to have the following key requirements:

It should allow its registered users to trade from any net-enabled PC.

It should allow real-time portfolio tracking.

It should enable instant credit and money transfer.

Its users should be able to communicate with the company using any e-mail service, free or paid. 

You were hired as a security consultant for Gray. You need to respond to the queries below in your initial meeting with Gray.

Answer the following questions:

What are two to three possible security threats to the proposed online trading portal? Who would be interested in attacking the portal and what could the attacker gain by such an attack?

How would you mitigate these security threats? What are a few strategies that could deter or prevent unauthorized use of the portal? At this point, these suggestions can be preliminary and non-technical, but they should suggest means of preventing or deterring attack on the system. 

What possible threats exist on Gray’s current use of free e-mail services? Consider the possible gain an attacker may have from attacking this system and enumerate several reasons why this would be a viable attack. Consider the risk of getting caught attacking this system. When would the payout make the attack worthwhile to the attacker? What factors would make this an undesirable target?

Explanation / Answer

The security threats that may take place are

1) Ransomware attack which blocks user computer.

2) Phishing sends email and gather the user information.

The Strategies that can be followed are

1) Don't share any information to any one.

2) Use strong passwords which contains alphabet,numerical & special characters.

3) Don't store any passwords in the computer.

4) Don't use any public networks.

The use of free email services is a risk as the data is maintained by other company servers and data can be stolen any time and if users leave the services then the account and data will be lost.If some employee maintains the data and if he leaves the account data may be hacked.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.