Wednesday, December 4, 2019

Important Aspect Economy As Far Business â€Myassignmenthelp.Com

Question: Discuss About The Important Aspect Economy As Far Business? Answer: Introducation In current business market, Big Data has come to be a norm of the day as it combines various technological aspects. Some of the aspects of Big Data are; distributed systems, Internet of Things (IoT), communication networks, distributed multimedia sensors and web based applications which are being sued for business transactions in modern world. Due to its increase in marketing activities and maturity in system development, Big Data is currently being adopted by many businesses in daily operations (Kerikmae, 2014). The case study provides a descriptive proof of how Big Data is of great importance and efficiency it brings into the market in terms of decision making in complex organizational structure. Bid Data is expected to provide an important aspect economy as far as businesses and world economy are relying on data for complex organizational decision making. Big Data will soon be a necessity of business because its application is expected to grow from normal business activities to mi litary and business intelligence application. In this regard, due to value of data being used in various businesses, data security becomes a fundamental aspect due to number of threats facing Big Data. Big Data has turned to be target of attack in business, by threat agents and it is expected the nature of attack will be growing rapidly (Tryfonas, Askoxylakis International Conference on Human-Computer Interaction, 2015). Data security threats is alarming rapidly because of need and importance of organizational data to competitors and even other non- interested parties. This makes Big Data security core of any business that makes use of its services to transact business activities. The ENISA Data threat considers various scenarios in data security. It focuses on ordinary data threat which involves Big Data replication strategy in storage and frequency involved in organizational information sourcing. According to Axelrod (2013), in data storage replication strategy, data leakage and its related degradation threats are some of the emerging specific Data security lapses. With emergency of Big Data, there is significance need for data privacy and protection of organizational data. Similarly, there is growing demand and interest of organizational assets which owners has to put a lot of privacy. In regard to organizational need to safeguard its assets, there is emergency of complex ecosystem of desirable security countermeasures which should be planned and be executed to protect organizational data. Application of privacy and data protection has been implemented as some of the measures being used by organizations to uphold good security practices and lower data risks encountered in Big Data. Lastly, there is provision of existing gaps when analyzing, comparing Big Data threats and necessary counter measures in solving data security lapses. Mainly, this analysis revolves around moving from traditional data approaches, coming up with Big Data solution specifications, developing a focus on gaps and other needs in regard to current organizational standards while planning on standardization. Additionally, according to Felici Fernandez-Gago (2015), there is a focus on professional training specialization, defining tools to be implemented on security and privacy of Big Data, selecting and identifying Big Data assets while making it easy to mitigate data threats and risks. Insufficient Web Application Security Holding to the fact that most of organizations rely on various applications to contact or interface with their customers, data security has become one of the challenging issue (KORSTANJE, 2017). Each application need to be secured in order to make all transactions secure and safe. In regard to Big data security, organizations has to make sure all transactions are secure and data collected from customers is free from manipulation and transactions are real and free from manipulation. Some of attacks that are prone to data include; insufficient authentication occurs when organizational website allows attackers to have access to very sensitive functionality and content without being authenticated by the system in the right manner. A good example of the system that has been permitting users without undergoing proper authentication procedures. ENISA Big Data threat on authentication procedures has to follow the due procedure in regard to available online data resources. Proper authenticati on procedures stipulates that, any web application should not give direct access to Big Data infrastructure without requesting proper user identity. To facilitate complete authentication procedures, websites and other applications which are used by organization to transact and communicate with customers should involve location hiding (Lepofsky, 2014). This makes it possible to protect users point of operations. To ensure maximum security of the system, ENISA recommends that, system should hide their specific locations in which they are operating from. Consequently, Web shell where its functionality is based on scripts which is uploaded on webservers to facilitate remote user authentication and administrative checks as it provides organizational internal operations. Generally, web-shell is described as malicious scripts which are used by attackers targeting websites that escalates continuous access to any web application that has been attacked (Harwood, 2015). In regard to persistent system remote access, web shell should have backdoor which gives chance to an attacker to gain access to organizational servers. On the other hand, an attacker might decide to choose to fix vulnerabilities by making sure no one else can access and exploit the system. This technique makes it possible for system attacker to take a low profile position without administrators knowledge while manipulating the system to obtain all required and sensitive information. Important to note is that, most of web shells makes use of log in credentials besides availab le techniques to ensure attackers have access to it for anonymity purpose. Lastly, SQL injection is one of Web Application Security issues which many organizations has been facing. SQL injection involves an attack where malicious codes are injected into servers which control organizational database. With SQL injection, some codes are used to access organizational data by use of sophisticated retrieval criterion. These codes involves information such as code to fetch information administrators log in details. These details might be used in various ways such a way that, it can track data selection, update, delete and insert data into organizational servers (Cruz-Cunha, Portela IGI Global, 2015). The result of all these threats include system denial of services where normal users of the system are prevented from having access to the system. Otherwise, attackers renders system availability to organizational users. Key Threat Agents ENISA explains threat agent as an individual with all capabilities to pose a threat to the system. With Big Data, ENISA finds it important to be aware of all existing threat and their areas of originality. It is clear that, each threat posed on Big Data must be originating from a threat agent or group of threat agents. According to evaluation of ENISA threat agents, cyber criminals has manifested a lot of hostility in nature, organizations and related government agencies have found themselves on the receiving end of hacking (Information Resources Management Association, 2017). Though ENISA has come up with policies that governs its member states on the mode of operations regarding cyber security, cyber criminals has been quite diverse and sophisticated so solve due to the nature of evolving technology. Origin of cyber criminals is basically based on both local and international level. The main reason of coming up with ENISA security strategy is to have one goal and unified security m easures in solving cyber security problems. Though these policies helps in mitigating cyber security lapses, this does not mean there is complete ENISA strategy in solving cyber criminals problems. Lehto Neittaanma?ki (2015) argues that, to minimize cyber criminals problem, some measures need to be taken in order to minimize threats originating from cyber criminals. Some of the ways which can be used to lower these risks include; setting up of policies that govern general access of information from one country to the other. Since cyber criminals are rising up with alarming rate, it is important to put up strict measures that each ENISA member state has to follow when handling cases related to cyber security. Similarly, with rise in cyber criminals, organizations from each ENISA member states should educate member states on best cyber security strategies while protecting related data. According to Akhgar Brewster (2016), ENISA recommends use of data encryption so that if hackers gains access to the system, data is of no use because they do not have decryption key. When data is encrypted, even after hackers gain access to information system, data obtained would be of no use to the attacker. To make sure data is well preserved, encryption method used should be very strong to make it difficult decipher for security purposes. To make encryption more effective, ENISA recommends all encryption keys to be managed by Chief Security Officer (CSO). Additionally, other security measures includes educating all involved stakeholders on their roles to protect organizational data. With rise in cyber criminals, data protection and policies implementation does not work sufficiently, creating awareness to all employees on data theft and hackers is of impotence. In this case, all employees are aware of their roles and responsibilities in protecting data. Data threat trends is growing rapidly due to changing nature of technology (Gupta, 2015). Increase in data protection strategies has raised other measures of compromising information system that are not familiar to system owners. The trend of changing technology has made it difficult to handle systems security business law the nature of hacking has changed from real compromised of the system to sending of viruses that extract sensitive information while authorized users of the system are being authenticated. ETL process improvement There so many headaches that database administrators deal with on their line of duty. With increase in data growth, ETL processes have been taking long to complete due to fowling issues which are mainly attributed to various aspect (Rao et al, 2015). In this regard, performance issues on database can usually be attributed to ETL codes starting to increase system load. Some of the ways in which ETL database processing can be improved include but not limited to; when working with butch processing it is recommended to only pull the amount of data that is needed from system source. Though one can take a paramount approach to this and pull out all required data, it is important to compare all target with aim of comparing what changed in regard to additional memory and systems processing speed. Next, database administrators are cached on lookups in ETL tools against database large tables (EuroSPI Conference et al, 2017). Usually, lookups are quite useful for small database systems dimensio ns and code blocks. With large database tables, it would not be wise idea to have memory catch tables, recommended is using left outer joins in debatable queries. Similarly, when using ETL, database administrators should at all cost avoid row related processing tools. Instead, they should turn to an alternative of bulk loading available from ETL tools. This is because, it is highly recommended for use in large database scenarios. Moreover, in sources that make use of database, it is advisable to upload database table joins to specific applications. There are chances that, individual database is able to do inner joins more efficiently with use of ETL tools (Fauzi, 2012). Additionally, one should not make use of courser when working with ETL codes because courser have their own use which should be regularly scheduled in ETL processes. ETL is usually rewritten using logic codes. In this regard, ETL logic scheduling is meant to make sure there is full utilization of so many parallel thr eads for maximum utilization of system application. Consequently, there is a step by step at the end of the job processes to help in rebuilding database indexes in any of reporting tables. This makes all indexes created on data tables are optional and not for reports only but should include ETL processes downstream that are related to subject tables. Further, it would be quite hectic for an administrator to fail to upgrade and turn on Auto Statistics updates. In cases where subject database does not make use of Auto Statistics Update, it is important to turn it off for security purposes El (Akkaoui et al, 2011). Still, one should not forget to limit the number of CTEs and its related table joins and check whether data staging into data tables may be of any value to ETL processes. Finally, when using stored procedures in ETL operational processing, it is wise to copy all related input parameters into stored procedures. This is usually done because mostly, SQL has some problems of suffering from sniffing of parameters. To solve such pro blems, use of internal variable helps in mitigating these risks. ENISA current state of IT security IT security cannot be said to be in satisfactory state due to many lapses that has been experience from different parts of world include ENISA member states. Taking in consideration the rate in which cyber security is growing at, it would be quite absurd for ENISA member state to assume IT security is up to date and no action is needed to upgrade on the same. IT security problem is growing at alarming rate and need to be dealt with without taking breath (Great Britain, 2010). If ENISA members assume security is constant, they should reconsider their decision because cyber security gradually evolving with time and major milestones are being made by hackers and some other groups to advance their carriers as they try to compromise systems. Relenting on IT security war by any of the ENISA member state would mean allowing systems to be compromised by hackers without our knowledge because on their part, they are working daily in order to catch up security measures (Lovelace, 2015). Enactin g policies would not mean systems are safe. This is because policies works on criminals who have been identified. It is very clear that, identifying cybercriminal requires a lot of technical expertise and there is need to advance on security measures by implementing current technological ways to curb the problem. Furthermore, assuming technology advancement alone would work well poses a lot of treats to our systems. Educating organizational staff would be of great importance because they work on systems on daily basis. Being daily system users makes them important part of organizational assets because they should be able to detect any abnormality from within the system. In conclusion, ENISA member state should invest heavily on IT security in order to reap maximum from its policies and other security implementation strategy (Advances in Communications, 2013). Coming up with strict IT security riles would be a great boost for security implementation but this has to be done in regard to specific state. Failing to address specific member state problem and comparing it with all involved parties need would render al processes ineffective. Addressing each member state problem would give an opportunity to compare existing challenges in cyber security so that all set out programs would be quite diverse to ensure there is commonality in solving the problem. Joint effort is the key strategy in fighting IT security lapses and if members loose unity, it will be a total fail that no one member state can solve by itself. Having analyzed all security lapses and solutions available, it is now clear that, a lot of research is need from ENISA member state to ensure t here is common goal in fighting security lapses in technology (SmartGridSec (Workshop) In Cuellar, 2014). This should involve; developing common agenda in fighting IT security lapses, creating a common team of IT experts in cyber security to be on constant access and test of security lapses that might be thriving into the market. Creating awareness to all member states on rules and their responsibilities in solving cyber security problems.; References Advances in Communications. (2013). Plymouth: University of Plymouth Press. Akhgar, B., Brewster, B. (2016). Combatting cybercrime and cyberterrorism: Challenges, trends and priorities. Akhgar, B., In Brewster, B. (2016). Combatting cybercrime and cyberterrorism: Challenges,trends and priorities. Axelrod, C. W. (2013). Engineering safe and secure software systems. Norwood, MA: Artech House. Cruz-Cunha, M. M., In Portela, I. M., IGI Global. (2015). Handbook of research on digital crime, cyberspace security, and information assurance. El Akkaoui, Z., Zimnyi, E., Mazn, J. N., Trujillo, J. (2011). A model-driven framework for ETL process development. In Proceedings of the ACM 14th international workshop on Data Warehousing and OLAP (pp. 45-52). Accounting. EuroSPI (Conference), In Stolfa, J., In Stolfa, S., In O'Connor, R. V., In Messnarz, R. (2017) Systems, software and services process improvement: 24th European Conference, EuroSPI 2017, Ostrava, Czech Republic, September 6-8, 2017, Proceedings. Fauzi, S. S. M. (2012). Software process improvement and management: Approaches and toolsfor practical development. Hershey, PA: Information Science Reference Felici, M., Fernandez-Gago, C. (2015). Accountability and security in the cloud: First Summer School, Cloud Accountability Project, A4Cloud, Malaga, Spain, June 2-6, 2014, Revised selected papers and lectures. Great Britain. (2010). Protecting Europe against large-scale cyber attacks: Report with evidence : 5th report of session 2009-10. London: Stationery Office. Gupta, M. (2015). Handbook of research on emerging developments in data privacy. Harwood, M. (2015). Security Strategies in Web Applications and Social Networking. Burlington: Jones Bartlett Learning, LLC. Information Resources Management Association. (2017). Identity theft: Breakthroughs in research and practice. Kerikmae, T. (2014). Regulating eTechnologies in the European Union: Normative realities andtrends. KORSTANJE, M. A. X. I. M. I. L. I. A. N. O. E. (2017). Threat mitigation and detection of cyber warfare and terrorism activities. HERSHEY: INFORMATION SCI REFER IGI. Lehto, M., Neittaanma?ki, P. (2015). Cyber security: Analytics, technology and automation. Lepofsky, R. (2014). The manager's guide to web application security: A concise guide to theweaker side of the web. Lovelace, D. C. (2015). The cyber threat. Rao, H. S., Chen, B. X., Li, W. G., Xu, Y. F., Chen, H. Y., Kuang, D. B., Su, C. Y. (2015).Improving the extraction of photogenerated electrons with SnO2 nanocolloids for efficient planar perovskite solar cells. Advanced Functional Materials, 25(46), 7200- 7207. SmartGridSec (Workshop), In Cuellar, J. (2014). Smart grid security: Second international workshop, SmartGridSec 2014, Munich, Germany, February 26, 2014, Revised selected papers. Tryfonas, T., Askoxylakis, I., International Conference on Human-Computer Interaction. (2015). Human aspects of information security, privacy, and trust: Third international conference, HAS 2015, held as part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015. Proceedings.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.