Home
PhD Thesis topics Ideas Samples
Threats, risks, and vulnerabilities to achieve a holistic view of risk across the

PhD Thesis topics Ideas Samples

Threats, risks, and vulnerabilities to achieve a holistic view of risk across the

August 16th, 2022 Essays

Step 5: Security Weakness Assessment
Name
Institution

Threats, risks, and vulnerabilities to achieve a holistic view of risk across the entity
From the information gathered, it is evident that the company’s network systems do not have a strong security system, and this is one of the reasons why the attackers were able to access the system. In other words, Boeing’s firewall protection is inadequate. The company is also vulnerable to attacks that emanate from cloud computing since it has not invested in a cloud computing provider that could secure this system. Boeing faces security risks from its employees as well. Employees with malicious intents can attack its systems utilizing information and access routes provided to them (Aycock, 2010). Application threats are also present. When employees in the company share files with sensitive information over phone applications, those files could be exposed to attacks by cyber criminals. The risk of attack in the company may also emanate from the internet of things (IoT). Utilizing web services through applications in the phone expose the organization to IoT. This is attributable to the fact that the web is interconnected via multiple devices, and attackers can easily access one of these devices (Street et al., 2017). Another source of vulnerability comes from flaws in the development of software. Due to tight schedules or deadlines software developers may create products with flaws, which may in turn become vulnerabilities because hackers usually take advantage of them to initiate attacks into the organization’s database via different cyber-security attack methods.
Areas needing improvement
Various areas should be improved. From a technology perspective, Boeing needs to focus on redefining its current firewall settings and thus prevent unauthorized access to its systems. The company should also seek the services of a cloud computing company who will secure its cloud. Boeing should install intrusion detection and prevention systems, i.e., the IDS and IPS tools. These will assist the staff in the IT department to pin point and safeguard their wired and wireless networks against a number of security types of threat. From a people perspective, the company should ensure that confidential information is not sent to the public. The company can also cancel the credentials of workers who leave the company and make habitual changes in passwords to avert insider attacks from taking place. From a policy perspective, Boeing needs to provide rules and regulations that guide employees in the use of technological devices. This will ensure that they do not expose the company’s sensitive information to attacks.
Potential risks associated with maintaining the current security exposure include Man-in-the-middle attacks, Denial-of-service attack, phishing attacks and SQL injection. A man-in-the-middle attack takes place when the digital transmission channel is penetrated by the hackers allowing them to steal information that flows through it, particularly if the information is not encrypted (Dudorov, Stupples, & Newby, 2013). Denial-of-service attack occurs when a system or network is flooded with traffic with the aim of draining most of its bandwidth making it unable to accomplish genuine requests (Dudorov, Stupples, & Newby, 2013). Hackers usually implement phishing attacks via mails where the attacker sends multiple emails to unsuspecting targets, the main goal being to set up a malware into their gadgets which would then provide them with a leeway to steal important information. Attacks that pertain to SQL occur when hackers put in a number of malicious codes into the server. This then forces this server to expose information that would be retrieved easily.

References
Aycock, J. (2010). Spyware and Adware. Berlin, Germany: Springer Science & Business
Media.
Dudorov, D., Stupples, D., & Newby, M. (2013). Probability Analysis of Cyber Attack Paths against Business and Commercial Enterprise Systems. 2013 European Intelligence and Security Informatics Conference. doi:10.1109/eisic.2013.13
Street, J. E., Nabors, K., Baskin, B., & Carey, M. J. (2017). Dissecting the Hack: The
Forbidden Network, Revised Edition. Rockland, MA: Syngress.

Published by

Essays

View all posts

RELATED ARTICLES

Maternal and Infant Health Advocacy: A Critical Issue for Global Development

Maternal and Infant Health Advocacy: A Critical Issue for Global Development Maternal and infant health is a key indicator of the well-being and development of a population. According to the World Health Organization (WHO), maternal health refers to “the health of women during pregnancy, childbirth and the postnatal period” while infant health refers to “the […]

Investment & Fund Management

Module Handbook 2023/24 Investment & Fund Management School Leeds Business School Level H7 Semester 2 Credits 20 CRN 10056 Module Leader Email Address Communication Protocol: module staff will reply to student questions within a reasonable time, but this will normally be within office hours only. Students are advised to check this handbook and also to […]

Assignment (15%) Assignment (15%)

Course Name: Assignment (15%) Individual Assignment (15%) In this individual assignment, you will apply concepts learned in this module (CIFFA etextbook, CIFFA elearning, Lesson: Module 5) around Terms of Trade / Incoterms® 2020. Work out the assignment prior to beginning the quiz. Submit your completed assignment before the end of Module 6. You are asked […]

Get affordable writing help - for this paper or similar assignments; by simply placing an order with us!

Place an order | Check Price