DELIVERABLE 3
pptx
keyboard_arrow_up
School
Seneca College *
*We aren’t endorsed by this school
Course
1207
Subject
Information Systems
Date
Jun 21, 2024
Type
pptx
Pages
27
Uploaded by CountTurkey2826
ADMN 4896A CURRENT TOPICS IN ADMINISTRATION 1
DELIVERABLE 3
PROFESSOR VINAYYARLAGADDA.
DUE DATE: 13/06/2024
GROUP O
JAYKUMAR PATEL (239587920)
HARPREET SINGH SIDHU (239577030) HARPREET KAUR (239612870)
GAGANDEEP KAUR (239536470)
JYOTI RANI (239698540)
UZMA FATIMA (229556150)
HARSIMRAN SINGH (239615480)
PROBLEM STATEMENT
•
Resolving privacy and security weaknesses, especially in data protection, authentication, and cryptography, is crucial for Zoom Video. In the next six months, prompt actions must be taken to advance protections, rebuild trust, and comply with regulations. Zoom may face a serious threat in the market position as well as future growth if the problems are not fully resolved as they can result in a damage to the brand, lack of users’ trust, and imposition of penalties by the authorities.
•
Three Mutually Exclusive Alternatives
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Alternative 1: Zoom Video – Independent Security Review Board Review Alternative 2: Berkeley’s Transparency and Bug Disclosure Program
Alternative 3: End to End Encryption with Princeton’s University
ALTERNATIVE 1:
ZOOM VIDEO’S– INDEPENDENT SECURITY REVIEW BOARD REVIEW •
Its possible for zoom to establish an independent security review board made up of some of the most credible and knowledgeable security analysts and cryptographers as a means of assessing and supervising zoom’s security measures and evaluations. •
This board would provide an additional layer of accountability and ensure that zoom’s security measures are aligned with industry best practices.
SCENARIO ANALYSIS
•
COST
•
Establishment and maintenance of the board: It ranges from $ 500,000 - $ 1,000,000 per year.
•
Compensation for board members: They expect to earn between $200,000 to $500,000 every year.
•
Audit and assessment costs: $100,000 - $ 200,000 per annum.
•
Total costs: All these suggested that the organization would require about $ 800,000 - $ 1,700,000 annually to achieve these objectives.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
BENEFITS
Improved safety protocols and adherence to industry best practices: This lowers the risk of security breaches and protects user data.
Conformance to industry best practices: zoom video upholds industry-recognized security standards and guidelines as a sign of its dedication to safeguarding user data and preserving consumers' confidence.
Appropriate accountability and supervision: zoom’s security is appropriately reviewed by an independent security review board or by implementing a transparency and bug disclosure program.
EVALUATION CRITERIA
•
Effectiveness in safeguarding user data and adding an extra layer of security: By default, end-to-end encryption adds an extra degree of security to user data, making sure that only individuals with permission may access and read sensitive data. •
Customer confidence and trust levels have grown because of Microsoft’s implementation of end-to-end encryption, which shows the company's dedication to safeguarding customer data. •
Cost-effectiveness in relation to substitutes: Contrary to other safety protocols, applying end-to-end encryption by default offers a high degree of protection at a comparatively lower cost, making it a cost-effective option.
•
Effect on Microsoft’s market-leading competitive advantage: Microsoft sets itself apart from rivals by providing end-to-end encryption by default, creating a differentiator that draws in security-conscious customers.
ALTERNATIVE 2:
BERKELEY’S TRANSPARENCY AND BUG DISCLOSURE PROGRAM
Zoom Video has a bug openness and candor mechanism in place whereby it regularly upgrades its security procedures and makes publicly available any security flaws. Through this approach, security researchers would be encouraged to responsibly disclose security flaws and would have an incentive to find and report risks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
SCENARIO ANALYSIS:
COST
Design and execution of the program: $200,000–$500,000
Regular program updates and upkeep: $50,000 to $100,000 annually
Bug bounty payouts: between $50,000 and $100,000 annually.
Total expense: $250,000 to $600,000 annually.
BENEFITS:
•
Promotes proactive threat disclosure: By rewarding security researchers for responsibly disclosing vulnerabilities, a bug bounty program enables Zoom Video to fix problems before malevolent actors can take advantage of them.
•
Gives security researchers a reason to find and disclose vulnerabilities: Zoom Video encourages investigators working on security to find and disclose problems by providing incentives, which aids in the discovery and resolution of security concerns that may have gone unnoticed.
•
Enhances user confidence and transparency: Zoom Video's dedication to security and openness is demonstrated through its bug bounty program, which boosts user confidence and trust in the platform.
•
Increases security posture by finding flaws and fixing them: Through an incentive program, Zoom Video finds and fixes vulnerabilities, strengthening its safety precautions and lowering the likelihood of hacking attempts.
EVALUATION CRITERIA
•
Quality in promoting accountable airing of security issues: By offering a transparent reporting route and offering incentives to researchers for disclosing flaws, a bug compensation program successfully promotes irresponsible disclosure of security concerns.
•
People' perception of tolerance and communication: Zoom Video shows users that it is transparent and that it is committed to security by putting in place an incentive initiative, in which boosts trust among users in the platform.
•
Effectiveness in terms of in comparison to other options: Identifying and fixing weaknesses through a bounty system for bugs is more affordable than using internal testing or employing a sizable staff of security experts.
•
Importance of bug reward programs on security study commitment and threat determination: Security experts are drawn to and involved in bug bounty programs, therefore encourages them to find and disclose flaws.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ALTERNATIVE 3:
END TO END ENCRYPTION WITH PRINCETON’S UNIVERSITY
For all meetings and chats, Zoom Video sets end-to-end encryption as the default configuration. This guarantees that the encrypted data is only accessible by the sender and the intended receiver. This strategy would offer an extra degree of protection and shield user data from illegal access. based on this, provide me with the costs and advantages by including assessment criteria and value.
SCENARIO ANALYSIS:
COST
It will cost between $500,000 and $1,000,000 to develop and install end-to-end encryption.
Periodic upkeep and modifications: $50,000 to $100,000 annually
.
The entire expense is between $550,000 to $1,100,000.
BENEFITS
Safeguards user data and adds another level of security: By finding and fixing security flaws that an attacker may exploit, a bug bounty program provides an additional layer of protection for user data.
Boosts user belief and conviction: A bug bounty program boosts user belief and trust in Zoom Video's capacity to secure their data by showcasing an active role to security.
Boosts Zoom's competitive advantage: Zoom Video distinguishes itself from rivals with a bug bounty program, demonstrating its dedication to security and providing it with a competitive advantage in the market.
Enhances adherence to data protection laws: By finding and fixing shortcomings, a bug bounty program assists Zoom Video in adhering to data protection laws, including GDPR and HIPAA, and avoiding potential penalties.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
EVALUATION CRITERIA
•
Cost-effectiveness in comparison to other options: Identifying and fixing vulnerabilities through a bug bounty program is more affordable than using internal testing or employing a sizable staff of security experts.
•
Impact on vulnerability identification and researcher engagement: A bug bounty program draws in and keeps security researchers interested, which encourages them to find and disclose vulnerabilities. This results in a greater number and better caliber of vulnerability findings.
RECOMMENDATION
:
•
Alternative 2: Berkeley’s Transparency and Bug Disclosure Program
RATIONALE FOR EVALUATION CRITERIA
Effectiveness in supplying an extra protective layer and safeguarding user information: The best option for finding and fixing vulnerabilities and shielding user data from any intrusions is a bug bounty program.
An individual trust and assurance levels rose:
By showing a proactive commitment to security, a bug bounty program boosts trust among customers in Zoom Video's capacity to protect user data
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Cost-effectiveness in relation to substitutes:
Comparing a Bug Bounty Program to other options like employing a huge team of security analysts or depending only on internal testing, it is more affordable to find and fix vulnerabilities.
Effect on Zoom's market-leading competitive advantage: Zoom Video's competitive edge in the market is strengthened by a bug bounty program, which helps it stand out from rivals and draw in security-conscious clients.
EVALUATION OF ALTERNATIVES
1. ZOOM VIDEO – INDEPENDENT SECURITY REVIEW BOARD REVIEW •
Pros:
1.
Offers an unbiased
2.
Professional assessment of Zoom's security procedures
3.
Boosting trust and transparency. •
Cons:
1.
It might take a lot of time
2.
Money, and resources, and it might only cover a small area due to review board prejudice.
•
OVERALL ASSESSMENT:
This technique is limited in scope and has significant expenses, despite offering in-house knowledge and committed resources.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
2
. BERKELEY'S TRANSPARENCY AND BUG DISCLOSURE PROGRAM
•
Pros: 1.
Economical
2.
In-house knowledge •
Cons: 1.
Narrow focus
2.
Possible prejudices
3.
Absence of outside viewpoint
•
OVERALL ASSESSMENT:
•
Although this strategy is less expensive and makes use of internal expertise, it is less successful due to its narrow focus and possible biases.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3. END TO END ENCRYPTION WITH PRINCETON’S UNIVERSITY
•
Pros: 1.
Affordable
2.
Varied viewpoints
3.
Expandable •
Cons: 1.
Managing low-quality contributions may cause noise
2.
It may take resources.
•
OVERALL ASSESSMENT:
A bug bounty program offers a scalable, diversified, and economical way to security testing, which offers the optimal combination of competitive advantage, cost-efficiency, and efficacy.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
CONCLUSION
In conclusion, there are benefits and drawbacks to the Zoom Video Independent Security Review Board Review. Enhancing openness and reliability, it offers an unbiased assessment of Zoom's security procedures under the guidance of experts. Through this examination, security flaws may be found and fixed, security procedures can be strengthened, and user confidence can grow. However, the review procedure might be expensive, time-consuming, and have a narrow scope. In addition, the review board could establish prejudices, and it might not be able to find every security flaw. Additionally, Zoom's security posture may be exposed to new and emerging attacks because of the assessment process' inability to keep up with the quickly changing threat landscape.
A bug bounty program, on the other hand, provides a more successful and efficient way to improve Zoom Video's security posture. Zoom can find and fix security flaws more rapidly and affordably by utilizing the combined knowledge of a large international community of security researchers. A bug bounty program can help Zoom get ahead of any security issues by offering a scalable solution that can keep up with the quickly changing threat landscape.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Furthermore, Zoom can benefit from a bug bounty program by:
Detect security flaws more rapidly and effectively Lower the possibility of data leaks and security lapses bolster the platform's overall security stance Boost user confidence and trust Increase accountability and openness
In conclusion, a bug bounty program is a more practical and efficient way to improve Zoom Video's security posture, even though an independent security review board review has its benefits. Zoom can detect and fix security flaws more rapidly and affordably while also staying ahead of any security risks by utilizing the combined knowledge of a worldwide community of security researchers.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
REFERENCES
•
Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023 | CISA
. (2024, April 1). Www.cisa.gov. https://www.cisa.gov/resources-tools/resources/cyber-saf
ety-review-board-releases-report-microsoft-online-exchang
e-incident-summer-2023
•
Privacy Considerations When Using Zoom | Office of Ethics
. (n.d.). Ethics.berkeley.edu. https://ethics.berkeley.edu/privacy-considerations-when-u
sing-zoom
•
Zoom: Video Conferencing - Security and Privacy Best Practices
. (n.d.). Princeton.service-Now.com. Retrieved June 12, 2024, from https://princeton.service-now.com/service?id=kb_article&
sys_id=4cb3ae7c1b774050b69cca292a4bcb1e
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
THANK YOU
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help