CMGTCB 556 Enterprise Models Security Analysis Threat Competency 3
docx
keyboard_arrow_up
School
University of Phoenix *
*We aren’t endorsed by this school
Course
556
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
10
Uploaded by GeneralCrownTiger25
1
Security Analysis Threat – Competency 3
University of Phoenix
Enterprise Models/ CMGTCB/555
Steven Johnson
5/16/2023
Grade: MA
2
Security Threat Analysis
Personal identity is a vital component of our existence, and its protection is crucial in today's digital age. Our identity consists of unique elements, including our name, date of birth, social security number, and other sensitive information. Identity information is often used to identify us, and its misuse can have severe consequences.
Protecting personal identity is essential to prevent theft, financial fraud, and other malicious activities. Identity theft occurs when someone steals personal information and uses it to open new accounts, make purchases, or apply for credit. Financial fraud can also occur when personal identity is compromised, leading to unauthorized access to bank accounts and credit cards. Cybercriminals can also use personal identity to access sensitive data, such as medical records or government files.
Advertising Sensitive Information
Todd Davis, the CEO of LifeLock, used his social security number in his advertising campaign in attempts to gain trust of potential customers looking to protect their personal identity. There is a high risk exposure by allowing millions of people to know sensitive, personal
data. Although LifeLock advertises as an identity-theft protection service that monitors and alerts
of fraudulent activity backed by a guarantee to “cover all losses and expenses up to $1million” (MarketSmiths.com) . After LifeLock’s advertisement aired, Todd Davis’s identity was successfully used 13 times. The advertisement was a bad idea.
One of the 13 times his identity was used was to secure a $500 loan. It may have gone unnoticed except for the fact Todd Davis’s wife received a phone call to collect payment on the outstanding debt. Although Todd Davis publicly advertised his social security number, but oftentimes people are the weakest security link. It is plausible that the identity thief used open-
3
source intelligence (OSINT) to find information about Todd Davis and identify his personal connections. Open-source intelligence (OSINT) is “covertly, intelligence gathering usually starts with scraping information from public sources” (SentinelOne.com). There are many ways to gather information on a person or organization from social media searches to using tools such as Shodan. The internet is a highly available source cybercriminals can begin passive reconnaissance on the intended target. Starting an internet search about the intended target can “rabbit-hole” through the interconnected sources, the cybercriminal can gather information such as place of employment, high school, college, date of birth, work connections, friend connections, and family connections. Cybercriminals can use tools like TheHarvester to gather email addresses and subdomains from different public sources; or Recon-ng to gather information from online resources such as search engines or the deep web. If the identity thief used OSINT to find additional information about Todd Davis’s wife, such as her cell phone number, what other information was discovered to successfully secure the loan, as described in the scenario? In addition to the identity thief able to secure the loan, the loan company could have been complicit in approving the loan. As we recalled, Todd Davis’s marketing strategy was to advertise his social security number to prove his identity is protected by LifeLock. Advertising personal, sensitive data puts a person’s identity at high risk. As LifeLock’s scenario described, Todd Davis had many attempts to fraudulently use his identity, but 13 times identity thieves were successful. Organizations use many techniques in their marketing campaigns to gain trust and increase their customer base, however using sensitive information was disconcerting, and ultimately a poor decision.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Security Threats to SCM, CRM, and ERP
Organizations use many different systems to connect to data to have a holistic view of the
data and information. For customer-driven organizations use supply chain management (SCM), customer relationship management (CRM), and enterprise resource management (ERP) systems that help comprise a management information system (MIS). The systems are often integrated and become an integral part for organization units to access data to gain insights into making informed decisions. SCM, CRM, and ERP systems store sensitive and valuable information, such
as customer data, financial records, and confidential organizational information. Cybercriminals target these systems by seeking to exploit vulnerabilities to gain unauthorized access to this information.
One of the leading security threats to these systems is the risk of data breaches. Data breaches occur when person gain unauthorized access to sensitive data, which can significantly affect organizations. For example, a data breach in an SCM system can result in the loss of valuable supplier data and disrupt the supply chain, leading to delays in production and delivery. A data breach in a CRM system can compromise customer data, including personal and financial
information, harming the organization's reputation and leading to legal consequences. In an ERP system, a data breach can result in the loss of confidential information, leading to financial losses
for the organization.
Another security threat to these systems is the risk of cyber-attacks, such as malware, ransomware, and phishing attacks. Malware can compromise the security of these systems by infecting them with malicious software that can steal data, damage files, or lock the system. Ransomware can lock and encrypt files and demand payment for the decryption key, while
5
phishing attacks can trick users into providing login credentials, compromising the system's security.
Additionally, insider threats, including malicious employees or unintentional errors by employees, can also pose a security threat to these systems. An employee with authorized access can intentionally steal or misuse sensitive data, while an unintentional error can lead to data loss or a data breach. If organizations do not have a security policy, employees may not use strong password management, leave exposed information on their desk, or have a higher level of access than needed for the type of job performed.
Measures to Avoid Security Breaches
Security threats to SCM, CRM, and ERP systems can harm organizations. These threats can result in data breaches, financial losses, legal consequences, and damage to the organization's
reputation. Organizations must implement robust security measures, including access controls, firewalls, encryption, and employee training, to protect these systems from security threats. Organizations must prioritize the security of these systems to ensure the availability, integrity, and confidentiality of their data and to maintain the trust of their customers and stakeholders.
The second measure that an organization would use is encryption. Encryption involves transforming data into unreadable code without the correct decryption key. This measure ensures
that even if a breach occurs, the data is still secure as it is unreadable without the key. Encryption
can be implemented at various levels, including the application, database, and network.
The third measure that an organization would use is firewalls. Firewalls help to prevent unauthorized access to an organization's network. They can be implemented at various levels, including the application, database, and network. Firewall configurations allow or block traffic based on various criteria, including the source, destination, and type of traffic.
6
The fourth measure that an organization would use is intrusion detection and prevention systems. Intrusion detection and prevention systems help to detect and prevent unauthorized access to an organization's network. It is possible to configure intrusion detection systems to monitor traffic for suspicious activity and block traffic that appears to be malicious.
The fifth measure that an organization would use is security information and event management (SIEM) systems. SIEM systems collect and analyze security-related data from various sources, including enterprise systems, network devices, and security logs. The system can generate alerts when security incidents occur, enabling organizations to respond quickly and effectively.
Evaluating the type of measures related to enterprise models that an organization would use to avoid a breach is critical. Access control, encryption, firewalls, intrusion detection and prevention systems, and SIEM systems are just some measures an organization can implement to
protect its enterprise systems from breaches. By implementing these measures, organizations can
ensure that their enterprise systems remain secure and their data remain confidential and protected.
Secure Marketing Campaigns
Security breaches have become a significant concern for organizations in the digital age. As organizations rely more on technology to handle and secure confidential data, they become more vulnerable to cyber-attacks. This is particularly true for organizations that use digital marketing campaigns to reach their target audience. In order to avoid exposure to security breaches, it is essential to implement effective marketing campaigns prioritizing security and data protection.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
The first step in creating a secure marketing campaign is to ensure all data is stored and transmitted securely. This can be achieved by using encryption technology to protect sensitive data from being intercepted or accessed by unauthorized parties. It is also important to regularly update security protocols and ensure that all software and hardware are up to date with the latest security patches.
Another critical element of a secure marketing campaign is transparency. Organizations should be upfront with customers about the type of data they collect and how it is used. This can help build customer trust and reduce the risk of security breaches caused by misunderstandings or miscommunication.
It is also essential to implement robust security protocols for all digital marketing channels.
For example, email marketing campaigns should use double opt-in processes to verify the identity of subscribers, and social media marketing should use two-factor authentication to prevent unauthorized access to accounts.
Organizations should also ensure that all employees are trained in best practices for data security and are aware of the potential risks of cyber-attacks. This can include regular training sessions on phishing scams, password management, and device security.
A secure marketing campaign requires a multi-faceted approach prioritizing data protection, transparency, and employee training. By implementing these measures, organizations can reduce their risk of exposure to security breaches and build trust with their customers.
Influence of the Internet on Enterprise Data
The internet has significantly influenced the way organizations handle and manage data. The increase in digitalization has enabled organizations to access, store, and share vast amounts of data in real-time, leading to massive growth in enterprise data. However, with this growth
8
comes the challenge of managing and using the data effectively to make informed business decisions.
Enterprise models are designed to help solve business problems by providing a comprehensive platform for managing and organizing enterprise data. These systems allow organizations to manage data, automate business processes, and improve productivity.
One of the significant impacts of the internet on enterprise data is the increased need for data security. Organizations can access data from remote locations, making securing their data against cyber-attacks crucial. Enterprise systems offer robust security features that enable organizations to safeguard their data and ensure confidentiality, integrity, and availability.
Another impact of the internet on enterprise data is the need for real-time data analysis. With the internet, organizations can collect vast amounts of data in real-time. Enterprise systems can analyze this data to identify trends and patterns, enabling organizations to make informed decisions.
Enterprise models also help organizations overcome challenges such as data silos, which result in fragmented data sets that cannot be used efficiently. These systems provide a centralized
platform for managing and organizing data, ensuring that all business units can access and use the same data to make decisions.
The internet has revolutionized how organizations handle and manage their data. Enterprise
systems have emerged as the solution to manage enterprise data, offering organizations the tools to automate processes, improve productivity, and make informed decisions. As organizations continue to rely on digitalization and the internet, enterprise systems will become more critical in
managing enterprise data and solving business problems.
9
Conclusion
Todd Davis’s marketing campaign to reveal his social security number to prove how LifeLock can monitor and protect a person’s identity had the intended effect to grow the customer base, but also came with consequences of identity theft and fraud. The internet has a vast amount of information that anyone can research information about a person or organization. Organizations collect and store sensitive business data and customer information. Cybercriminals
use the internet for passive reconnaissance to collect data about organizations and use internet tools to look for system vulnerabilities to steal data or encrypt data for ransom. It is critical that organizations implement strong security on enterprise models and train employees in security best practices. Protecting organizations’ data can help guard sensitive data and build customer trust.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
References
Baltzan, P. (2021). Business Drive Technology (9th ed.).
McGraw-Hill Higher Education.
Secjuice. (2018, 10 21). Passive Reconnaissance Using OSINT
. Retrieved from Secjuice: https://www.secjuice.com/passive-reconnaissance-osint/
Sentinel One. (2023). What is Open Source Intelligence (OSINT)?
Retrieved from SentinelOne.com: https://www.sentinelone.com/cybersecurity-101/open-source-
intelligence-osint/
Yoakum, J. (n.d.). Badvertising: LifeLock’s Backfiring Marketing Campaign
. Retrieved from Market Smiths: https://www.marketsmiths.com/2014/badvertising-lifelocks-backfiring-
marketing-campaign/