MKTwain - CMGTCB-582 - Competency 1 Reflection
docx
keyboard_arrow_up
School
University of Phoenix *
*We aren’t endorsed by this school
Course
582
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by PrivateOtterPerson4789
Mark Twain
January 15, 2024
CMGTCB/582 – Competency 1 Reflection
We have become a society highly reliant on apps, software systems, devices of all sorts, especially mobile
devices, as well as AI digital assistants such as Alexa, Google, Siri, WatsonX and several other newer AI platforms in the last year. Most major search engines have created an AI variant of what their browsing search bar could assist with in the past, however, with their AI variant, it is a much quicker, thorough, smarter and efficient way to search. However, with the expansive digital frontier we are advancing into, there comes security threats that we must be aware of and know how to mitigate. Mitigating these risks has become a full-time job for many individuals, and there are organizations that exist in their entirety just to provide these mitigation services to customers. There are AI platforms that are being developed to aid in counteracting these threats, even in forecasting the likelihood of such an attack based on system vulnerabilities.
Safeguarding Against Security Threats
There are several security threats that are quite common in any organization, and as safeguards are put into place to mitigate them, the security threats are also advanced in order to bypass the safeguards. This is similar to a bacterial illness (security threat) that mutates in order to be resistant to an antibiotic (safeguard) that was created to mitigate the severity of this bacterial illness.
Social Engineering is a threat that has recently seen an increase in the digital landscape. This may be one
of the most recent and greatest risks to many individuals and organizations alike because there are various ways to gather information for this type of threat to be effective. Two safeguards that can help mitigate this risk is to make sure that you verify the identity of the source that is requesting the information such as someone calling and asking for any system or network specifics. Also, if installing software or apps on a network or device, verify that the software has been vetted, that the app is real from a developer site and not a counterfeit app, especially if it seems too good to be true that and is free. These are effective in helping to mitigate the risks, however, they are not full proof if they are costly, and an organization chooses to use the basic version or free trial and then forget to upgrade to the full version that has the higher level of protection.
Ransomware is a common threat that has been around for decades, and its methods have evolved as have mitigation techniques. Two safeguards, such as implementing MFA for all users in an organization and providing credentials to only those privileged to access certain systems, can help reduce the likelihood of systems or passwords being compromised. MFA is effective in verifying it is the actual user trying to gain access to the device or system, but once logged in if the user doesn’t sign or walks away, then access may be gained by an internal threat, in this case, MFA was only effective as far as preventing unauthorized access from an external threat. This is the same as with providing privileged access to systems to only those that are authorized to do so, if the individual that has access decides to share their
credentials to a co-worker out of convenience to provide them temporary access in order to complete a
task, then this opens up the possibility of a breach as well. In these two cases, human error is what may result in the breach, not systems or software failure.
Vishing is another form of threat that has become common, but most recently, its tactics have changed due to AI and its capabilities. Simply by answering a phone call that asks you to verify your name, it can record your voice and use it for voice verification for other purposes, such as access to systems and devices. Two safeguards to help deter this are to not provide information to anyone who calls to solicit for information that you did not request. Another safeguard is to simply not answer a phone call from an unknown source or number, if it is truly important, they may leave a voicemail or follow up with an email so that you may get back to them. In most cases, these two methods will reduce the threat, however, if the bad actor trying to gain access is persistent, they may engineer a story to make it believable that they are trying to troubleshoot a system issue or device on your network. If this is the case, you should contact your IT security department to verify the validity of this. If you don’t contact your IT department to verify, and the bad actor has gained enough legitimate information to sound like they are part of your organization, then this is where these mitigations are ineffective.
In these examples of possible threats and methods to deter them, there is still the possibility of a breach.
This may be in part due to human nature preferring the simplest way to do something, such as accessing systems with a single sign on or a password that will be easy to remember. Employees may see all these safeguards as a disadvantage to gaining access to their systems or devices in a simple manner and may not want to set up these safeguards if they’re not required to do so. An IT manager may see these safeguards as a disadvantage because it will require more time from their team to help train employees on setting up and using these safeguards, as well as troubleshooting any issues employees may have with these safeguards once they are in place. With new safeguards in place, it also brings about the training and support aspect of making sure everyone in the organization is able to use these safeguards.
GDPR
The GDPR is said to be one of the toughest security and privacy laws in the world, with strict requirements on organizations to abide by when handling data of users as well as large fines for those that violate the policies. Many of the protections to EU citizens are actually straightforward and common sense about their privacy and the handling of their personal information. It prevents the excessive sharing on citizen’s data that may seem to be an invasion of privacy at an extent. It also allows them to request erasure of their information if they’d like so. This is something that in the United States wasn’t available until recently, in part due to the GDPR’s influence around the world. It appears that in the United States, the collection and management of data on citizens is not as strictly safeguarded by laws such as the GDPR, but organizations are moving toward this as a standard instead of a recommended best practice.
Advantages and disadvantages of the GDPR vary from consumer to organization, consumers may see it as an advantage that their information is protected, yet organizations may see it as a way to keep them from collecting useful information to promote products to certain consumers or certain demographics of
consumers based on the data collected. Most consumers value their privacy, their purchase history, browsing history, the secrecy of their personal information and the safeguarding of their identity, and the
GDPR helps aid in that so that minimal information is allowed to be held or shared by businesses. This is important if a business experiences a breach. But for the business, they must work harder to target a customer with certain products or services that are tailored to their interests.
The GDPR has had a global impact in various ways, two of the ways have been that businesses around the work need to abide by GDPR policies if they intend to do business with EU consumers, or even if allowing EU consumers access to browse their websites, even if they don’t intend to sell to EU consumers, but still gather information on them. This has also led to organizations around the world to revisit their own data privacy policies to provide better protections for their consumers in order to maintain their trust and keep their business. It has affected US companies in the same way, that they must revamp their own policies for EU consumers and US consumers alike, otherwise they may be faced with large fines. But also, it has opened the door for US companies to expand their business and increase their revenues by reaching EU consumers. A small investment to make in their own data security policies that will generate a significant ROI from protecting EU consumers data.
In the US, organizations keep various data on consumers, mostly for targeted advertising and possibly for
legal purposes in the case of illegal activity. In some instances, chats, emails, and camera data is kept in K-12 educational environments to protect students from bullying, self-harm, violence or predatory organizations. The Google Class suite of applications has the capability to do this, as well as Blocksi applications. Google’s privacy policy clearly explains what they can and do actually do when you agree to sign up for their services, you may opt out or configure your account to not collect so much data, you can even delete your data or set it to auto delete every few months as you choose. This is a good option to have, however what makes me uncomfortable is that from the start, their access to collecting all this data is standard, and you must take the time to search where to delete or deactivate these services to keep Google from collecting, storing and accessing your data from your own devices.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help