Engineering of Trustworthy Secure Systems †MyAssignmenthelp.com

Question: Discuss about the Engineering of Trustworthy Secure Systems. Answer: Introduction: It has been seen that due to insufficient and inadequate management of proper security arrangements and unexpected security incidents the small-scale industries had already suffered a huge loss of data and privacy information (Yeboah-Boateng and Essandoh, 2014). The need of proper security management technologies is a must in any organisation maybe it is a large-scale industry or any small-scale industry. A resolution to this delinquent may be the controlled and by proper management of the security schemes. However, there are enough evidences that the security practices are not strongly upheld within small and medium enterprise environments. A survey revealed that the SMEs lack this basic need because of the mismanagement of budget and this type of things are often handed to non-experts without proper qualification. This results in loss of data and rupturing of private information of the organisation. Without proper security arrangement a SME can even come down to verge of extinction . Risk assessment can be defined as the as the calculation done of intimidations, impacts and susceptibilities of data and info processing and the chances of occurring of these events. Also, the procedure of risk management may be defined as the identification, collection and execution of counter measures that are premeditated to reduce the identified levels of risk to acceptable levels, this way governing, minimalizing and potentially eradicating the acknowledged security risks, at an acceptable cost (Melendez, Dvila and Pessoa, 2016). The three basic terms related to the information security management are confidentiality that is the data must be accessible completely to official parties, integrity which means the completeness and accuracy of the data must be well-preserved and obtainability that is the authorised users must access the data when required. Data safety is a far-off multifaceted question than Information Technology security. At the present time it is not sufficient to contemplate in terms of firewalls, antivirus packages, unswerving hardware and clear-cut credentials systems. The mindful creation of the high-tech circumstantial is no longer sufficient (A. Harris and Patten 2014). The integrity, accessibility, and secrecy of data is mainly exposed by careless management or decisive mutilation by the hands of core workers through the establishments data control systems and or the internet and tactical associates with admittance via the internet, extranet or Automated Information Exchange to corporations databases contractors, vendors, collaboration associates and economic facility workers (Lo and Chen 2012). Numerous other assets, such as accurateness, liability, non-repudiation, and reliability may also be connected to data security. There are many information security requirements as mentioned by the international safety of the US and the UK the that any organisation needs to follow. Firstly, the need for risk assessments, risks must be understood and recognised. The IT security measures that are taken must be proportionate with these risks (Dillon and Vossen, 2015). Organizations needs to create, interconnect, implement, approve, monitor, and impose security strategies across the organization. Organisations needs to make every employee of the organization aware of the importance of IT security and to train the employees good IT security practices (Shameli-Sendi, Aghababaei-Barzegar and Cheriet, 2016). The organisation also needs to monitor audit and run regular security checks regularly in order to eradicate any incoming threat. Some of the security metrics that a small-scale industry needs to follow are the number of the previous reported incidents. The number of viruses or other malicious code outbreak are also to be recorded (Kimwele, 2014). Keeping a track of the unethical websites are also to be kept in the mind. Frequency of the IT systems failures are also to be checked regularly. The government of any country plays a key role in maintaining the security aspects for an organization specially the small-scale ones. Providing a good infrastructure and technical helps not only boosts the security aspects but also the working capabilities of any organisation. Major threats to the any SME are, the internal attacks, this type of attacks are done by someone who works in the organisation itself. Rough employees with access to the networks does this type of takes. IN order to regulate this, organisation needs tough laws and regulations for the person who does the same (Nguyen, Newby and Macaulay, 2015). This is one of the reason which cannot be reduced as no one can predict what goes on someones mind. accounts accounts with the capability to expressively affect or admittance core systems. Next, fire those persons that are no lengthier in use or are associated with staffs, no longer employed in the corporate. Phishing and spear phasing is of the other factor that is mainly responsible for the data loss in the seas. Lack of proper security knowledge is one of the other major factor that is responsible for the data loss in case of the security. This one of the key factors that are responsible for the breaches in the small-scale industries. Due t o the low budgets also, the organisations do not properly train the staffs. The D-Dos attack, that is the distributed denial of service is one of the attack (Devos, Van Landeghem and Deschoolmeester, 2016). Without knowledge of this it become nearly impossible for anyone to stop this attack. IN most of the SMEs it is seen that most of the employees does not even know about the term DDOS attacks. and this leads to the lack of the systems. Malwares are the one of the other vulnerabilities that harm the systems of any organisation. Malware is a comprehensive word that covers any software that gets connected on a system to do undesirable tasks for the advantage of a third party. Ransomware is a type of malware, which includes adware ,spyware, Trojans , and bots . SQL injection, just about every organisation depend on on the websites to do work and operate day to day business work. Sell injection opens up vulnerabilities web pages and downloads or lets the third parties read the contents of the web sites without the knowledge of the users (Peltier, 2016). This is one of key reason for many organisations data loss. Lastly, many companies accept the employees to bring their own devices inside the organisation for doing works and connect to the network. This is one of the major source that lets the user use the vulnerabilities of the network and do wrong things. As we can see that the small-scale industry faces many problems in maintaining the security in the organisations. Improper infrastructure is one of the key reason for such type of issues. Simple things that can be done in order to make the structure more secure 1st, installing and running proper anti viruses and keeping them updated is one of the key task to be done. Patching the systems with regular security updates from the OS providers also helps in making the system more secure (Cavelty and Mauer, 2016). Using the unique and complex passwords and helps a lot in maintaining servers. Using simple and easily guess able passwords is one of the main reason for the data leaks and using complex alphanumeric passwords can reduce such things easily. Keeping up backup of the data in a regular interval of time also helps a lot. If the data is properly backed up, in any cases of data loss, the backup can be used. This can be done using the cloud services, which also helps in easy maintenance of data (Ross, McEvilley, and Oren, 2018). Other things that the senior officials can do in order to make an organisation more secured are, 1stly ensuring that the employees and the vendors can access the data which are only required for their job (Ab Rahman and Choo, 2015). This ensures that the informations are secured in every hand, steps must be taken if information of one employee is used by some other user.IN any case if an employee leaves the organisation, the knowledge of the information which was access able by that person must be altered immediately. In a small-scale industry, ideas are the key to success, and idea must be kept secret in safe hands. Thus, concluding the topic, it can be said that maintaining proper IT security id one of the key factor for any small-scale industry. Proper analyzation of the risk and solving the same is part of the process. Some of the major issues that I have discussed in the paper are the major causes for the data loss for any organisation. I have also provided some of the steps that can be taken in order to reduce such problems. In order to gain maximum success a small-scale industry other that focussing on the products must also think about the security part. Proper IT technicians must be employed and further trained for the betterment of the organisation. Cloud systems can help a lot in maintaining the security as well as the structure of the data maintenance. Securing the networks from outside world also helps a lot in maintaining proper security. References Harris, M. and P. Patten, K., 2014. Mobile device security considerations for small-and medium-sized enterprise business mobility.Information Management Computer Security,22(1), pp.97-114. Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling in the cloud.Computers Security,49, pp.45-69. Cavelty, M.D. and Mauer, V., 2016.Power and security in the information age: Investigating the role of the state in cyberspace. Routledge. Devos, J., Van Landeghem, H. and Deschoolmeester, D., 2016.INFORMATION SYSTEMS FOR SMALL AND MEDIUM-SIZED ENTERPRISES. SPRINGER-VERLAG BERLIN AN. Dillon, S. and Vossen, G., 2015. SaaS cloud computing in small and medium enterprises: A comparison between Germany and New Zealand.International Journal of Information Technology, Communications and Convergence,3(2), pp.87-104. Kimwele, M.W., 2014. Information technology (IT) security in small and medium enterprises (SMEs). InInformation Systems for Small and Medium-sized Enterprises(pp. 47-64). Springer, Berlin, Heidelberg. Lo, C.C. and Chen, W.J., 2012. A hybrid information security risk assessment procedure considering interdependences between controls.Expert Systems with Applications,39(1), pp.247-257. Melendez, K., Dvila, A. and Pessoa, M., 2016. Information technology service management models applied to medium and small organizations: A systematic literature review.Computer Standards Interfaces,47, pp.120-127. Nguyen, T.H., Newby, M. and Macaulay, M.J., 2015. Information technology adoption in small business: Confirmation of a proposed framework.Journal of Small Business Management,53(1), pp.207-227. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Ross, R.S., McEvilley, M. and Oren, J.C., 2018.Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [including updates as of 1-03-2018](No. Special Publication (NIST SP)-800-160). Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of information security risk assessment (ISRA).Computers security,57, pp.14-30. Yeboah-Boateng, E.O. and Essandoh, K.A., 2014. Factors influencing the adoption of cloud computing by small and medium enterprises in developing economies.International Journal of Emerging Science and Engineering,2(4), pp.13-20.