The Companys Vulnerability of Information Leakages in BioMed Devices - Case Study Example

Information Classification Name Institution Information classification Executive summary The report is for the purpose of providing protection of BioMed company information from leakages. For instance, the Global System for Mobile Communications. The stakeholder in this process is the information security manager as he will help protect information leakage to th public and the company’s competitors to avoid exposing the company. The Company’s executive officer will ensure proper management. In the endeavor to information protection, global system for mobile communication will be made through the second generation principles that are derived from the first generation. GSM is meant to deal with cellular smart phones in networks operations. On carrying out the study it came out that several ways of protecting data (information) through methods like the use of safety containers, computers with passwords, and limited access must be applied to make the strategy a success. It was concluded that there should be restriction on the number of people that should have access to certain information. This is so to ensure they would not spread the information unnecessarily. The report ended with a three-months plan to achieve the duty of having an Information plan to protect information. Table of content Introduction……………………………………………………………………………………….4 Data protection……………………………………………………………………………………5 Information safety tools…………………………………………………………………………...6 Stated polices…………………………………………………………………………………….10 Action plan……………………………………………………………………………………….13 Work schedule...………………………………………………………………………………....14 Recommendation..……………………………………………………………………………….22 References………………………………………………………………………………………..23 Information classification Introduction It has come to attention that BioMed Company is under threat of information insecurity. This is after some rumours about information that leaked out from the company about BioMed Devices’ electronic implantable communications new product design. The CEO of BioMed Devices, Rachel James is concerned about the recent reports of GSM phones being vulnerable to call interception. The report is about the company’s vulnerability of information leakages into the consumers as well as the competitors. The report is meant to put forth measures to prevent further information leakages by utilizing soft wares such as Global System for Mobile Communications (GSM). In addition parties such as VPN that will keep all the emails pertaining to the phone of the CEO the company’s computers (Ruan 2013). Risks Many risks associated with GSM exist. There are those that relate to a person and the company. No. Vulnerabilities Threats Impacts Countermeasures 1. A person’s phone may undergo hacking. Exposure of personal data and accounts. The information could be action plans for the Company. Loss of valuable information to untrusted parties. Copying of techniques by other companies from BioMed. Encrypting codes that undergo constant changes 2. Phone insecurities Collapse of the company. Sense of unease. Lack of confidence in the company by customers. Reduction of sales of the new products. Loss of valuable ideas. Make trusted phone calls. 3. Inherent Security Weaknesses on phones Exposure of Company information Loss of valuable data. Cellcrpt mobile phones that only allow encrypted mobile calls only. 4. Interrupted and listened phone calls. Exposure of company information. Interruption of Company activities. Decrypting keys that do not allow passive scanners from operating in real time. 5. Cyberspace attackers on Company. Have a high strength signal that captures a specific voice and does not allow it to spread to other areas. The Information security manager will avoid the loss of information into the public to avoid shame. The CEO will promote the proper management of the company. The GSM will protect information using second generation (2G) principles derived from the first one (1G). The GSM deals with cellular phones in terms of operation of networks. The standard is now the world’s standard now. The creation of the standard by The European Telecommunication body (EITD) is impressive. The research emerged with a variety of options in data (information) protection through methods like the use of safety containers, computers with passwords, and limited access. Not all people should have access to certain information, as they would spread the information unnecessarily. The report ended with a three-week plan to achieve the duty of having an Information plan to protect information (Ruan 2013). Smartphone and wireless advances have developed to the point of being indistinguishable since the first radio signs were transmitted in the late nineteenth century. The coming of cell telephones and comparative gadgets has changed business and social collaborations and Internet get to no more relies on upon a wired framework, for example, a modem joined with a phone landline - rather, it can be attained by utilizing a versatile empowered gadget at whatever point and wherever a portable access point is accessible (Bidgoli,2006). Such get to focuses or problem areas are currently available in air terminals, lodgings, instructive establishments and other open structures, and expanding quantities of remote systems are being introduced in business structures and private homes. With developing portable access to remote systems, the outline in the middle of open and closed space is being reclassified. According to Brown, it has imperative ramifications regarding security for the individuals who make a portable access point accessible and for the individuals who use it. This paper portrays the security and danger components connected with mobile and remote advancements that need to be comprehended and tended to guarantee protected and secure business and individual utilization of versatile innovations (Brown 2011). Data Protection There are a few roles of individuals included in the assurance of data from BioMed Company. These individuals are the Information security manager who will guarantee that no information relevant to the organization goes into general society. If information goes to general community, he ought to have a methodology to handle the circumstance, for example, procuring an attorney for help on the off chance that a few individuals need to make pointless activities. Aside from the organization picking a Qualified, Experienced Mobile Security Provider, the CEO will be the leader of the team and concerned with the correct administration of the entire organization while guaranteeing that all divisions work as an inseparable unit for the benefit of society particularly in data assurance. In conclusion, it is VPN whose part will be to secure messages of the CEO's telephone and in addition the PC of the organization to maintain a strategic distance from spillage of data superfluously (Gifford 2009). Information Safety Tools There will be the use of programming, for example, DLP, which will have a framework in which when set; they hinder any conceivable spillages of data from the organization. The product will stay away from the activity of programmes who may hack into the servers and PC of the organization particularly all the more so the telephone of the CEO (Dhillon, G., & Ebrary, Inc. 2001) All specialists in BioMed will be in positions to go to sessions that discussion about the requirement for having inside issues stay inside and not to go outside, similar to the instance of a few organizations. The Information Security Manager will attempt that all individuals from the gathering figure out how to secure crucial data in the opportune spot. There will be punishments for individuals who act up and need to give path data to the outsider and contenders for the purpose of cash (Hovenga 2010). Smartphone’s and Organizational Security Risk The security market for items and administrations to address conventional figuring resources has come to a level of development that midget the outset of the versatile security market. The danger profile of perceptive cell phones nearly takes after that of conventional processing resources. Notwithstanding having comparative risk profiles, cell phones do not presently have a coordinating pattern of relieving advancements. Customary registering gadgets are ordinarily overseen by the undertaking. Undertaking administration gives affirmations that gadgets have affirmed working frameworks and programming, get security overhauls, have infection/malware/spyware assurance, keep up legitimate resource management and utilization encryption where suitable. Cell phones are frequently not oversaw by the undertaking; in this manner, there is no certification that the gadgets fulfil corporate security arrangements (Hovenga, 2010). Notwithstanding the absence of BioMed organization venture administration; there are presently a set number of portable methods accessible to meet corporate security strategies. The arrangements that exist are restricted in their convenience because of the large number of working frameworks being used all through the cell phone industry. Different correspondence instruments, for example, Bluetooth, Wi-Fi, USB, infrared, and removable media must be viewed as, making more channels to safety. There are likewise critical danger components that are either interesting or altogether expanded in appreciation to cell phones. Since cell phones are, by configuration, little and ultraportable, physical access is simple, physical security is non-existent, and the danger of losing a cell phone is fundamentally expanded when contrasted with conventional figuring gadgets. Another critical danger is that a cell phone will come under the control of an unapproved client by means of gadget turnover. Since these advantages are commonly not possessed or controlled by the organization, the worker has the capacity offer, dole out, exchange or necessarily discard the current gadget when it is replaced and who is staying informed regarding what corporate data may be on that gadget (Dhillon & Ebrary 2011). Truth be told somehow portable applications are secured contrasted with program sessions as in versatile applications, solid principles can be upheld as to which server authentication is to be acknowledged. Such authentication happens during the time spent SSL handshake, which in ordinary PC world could be, traded off for man in centre assault by befuddling the end client with spook Testament and comparable looking site (Dhillon & Ebrary 2011). Software classification The clearest issue in security matters is the transmission of decoded information. Case in point; envision you are utilizing the Facebook application over wi-fi. Then again, you are not the proprietor of the door (i.e. switch) or your passage is traded off. On the off chance that your information is not scrambled in such a situation, your username/watchword, your data or even other individuals' close to home data are helpless before somebody sniffing the system. Facebook apparently can be viewed as a low-security hazard; however web-keeping money over cell phones is as of now conceivable and applications do not essentially scramble information. Relief against loss of respectability is the utilization of cryptographic hashes (which will demonstrate if the company information is intact or not. Extra relief may be slip-revising codes that permit you to recuperate information that is changed. Moderation against loss of accessibility is information reinforcement and appropriately arranged access control. The support can restore the availability of information in the event that it is demolished, and the entrance control can constrain who can erase which information. Stated Policies Likewise, with past advances in correspondences frameworks, there are numerous focal points to remote and versatile innovations (Krone 2006): Flexibility - frameworks can be introduced and reconfigured at the negligible expense and with insignificant disturbance, which is especially essential in legacy structures, or where a business needs to be adaptable designed Leeching - data transfer capacity can be utilized by gatecrashers to the detriment of true blue organizations and clients. Exploitation - system access can be abused to dispatch disavowal of administration (DoS) assaults against outsiders, transmit unlawful material, for example, youngster erotic entertainment, or take part in other criminal exercises. The expanded utilization of cell phones to store a lot of information likewise conveys a danger of misfortune or robbery, which can trade off the security of data. With a specific end goal to minimize the dangers of such misuses, versatile and remote clients need to be mindful of security issues identifying with the innovation (Krone 2006). The key contrast in the middle of wired and remote systems from a security point of view is access to the framework. With a wired framework, there must be a physical association to get to information on the system. With remote systems then again, this is not the situation - any individual who is inside the compelling separation secured from a remote access point (hotspot) can get to the system by tuning into the suitable recurrence (Kang 2005: 6). This implies that an unsecured or inadequately secured remote system is very helpless against inadvertent or planned interruption. Unintentional interruption is a moderately regular event and is not itself regularly viewed as destructive unless the entrance is then abused for further unlawful purposes. Security dangers to PC systems incorporate both physical and virtual perspectives. An absence of sufficient security in remote systems can prompt criminal assaults, for example, robbery of information, defilement of framework honesty, hacking, damage, secret activities, burglary of limit, and misfortune or robbery of portable and convenient gadgets (Krone 2006). These can be comprehensively partitioned into dynamic and latent assaults (NIST 2006; Rahman & Imai 2002; TISN 2006b). Up to this point, cell phones were not composed with a system to get working framework or application upgrades. There still is not a predictable strategy to give overhauls, but rather a few producers, transporters and engineers are starting to perceive the need to furnish clients with security redesigns. The absence of a predictable overhaul process for cell phones hampers the capacity of clients to check that their gadget contains all apropos security upgrades. At the point when an association successfully secures their versatile surroundings, it adds to better security for the whole endeavour. Gadgets with lacking security can prompt information ruptures of delicate corporate data through physical misfortune, malware, Trojans, worms, and spyware. Portable abuse identified with SMS, information, and voice is additionally an expense and security issue. Viable security helps control costs by proactively securing applications before the malignant plan, not after its belongings (Krone 2006). Suitable portable security helps undertakings address the data security necessities in administrative orders and contracts. Misfortune or robbery of information could open the undertaking to the danger of rebelliousness with different data fraud and security laws. The right security aides alleviate the impacts of misrepresentation or bargain, in this way securing an association's image and notoriety (Dhillon & Ebrary 2001). To help associations secure their versatile applications and the fundamental supporting base, a supplier ought to have wide and profound involvement with all parts of security. Case in point, they have to comprehend that applications work more like local applications as opposed to using a standard program and that portable applications are not limited to utilizing standard HTTP/HTTPS. They should likewise have entry to numerous security testing assets, as a fracture in equipment, working frameworks, applications, and administrators can present difficulties. For instance, there are various variants of the same applications for unique portable working frameworks. Moreover, there are innumerable cell phones, and the bolstered advancements (correspondence, access control, stockpiling, and so forth.) shift by producer and OS (Symbian, Oracle J2ME, Qualcomm BREW, iPhone, Windows Mobile, Window Phone 7, webOS, and Android). The supplier must have skill with joining over numerous measurements: voice and information; altered and portable (Wi-Fi and cell); and PC and telephone, on the grounds that all are interrelated in the matter of fruitful versatile security (Dhillon & Ebrary 2001). BioMed supplier ought to have the capacity to give access to master assets inside and remotely, and exchange powerful best practices that have been demonstrated to work. A respectable supplier serves the choice bolster part, controlling an association to settle on the right choice, paying little heed to whether the arrangements prompts them, an accomplice or the client association internally. Framework Protection A few product bundles help in the insurance of data. Case in point, Excel sheets having ordered data can have passwords. Case in point, the Security Information Manager will advise all labourers attempting to recall to put passwords on their garments to keep away from the pointless presentation. The same technique meets expectations for all small-scale delicate reports, for example, word, and office records. The utilization of these passwords ought to be such that nobody can find the passwords. The Information Security Manager ought to build up a system to square the opening of the watchword (Brown 2011). Work Schedule (Plan) The work arrangement has three months to be implemented by BioMed Company. The beginning stage is to recognize the data that needs insurance thereby after selecting an ideal method for assurance. The data needs to experience assessment to focus the level of significance of the report. The level of significance of the material will focus the technique for security. After the data is safe, a survey takes after. The audit will check if the technique for keeping the data is all right while expressing the explanations behind characterizing the record (Brown 2011). Table 1: Three-Month work Schedule No. Month Duties Sub duties 1. 1 Collection of Data 1. Search for information . 2. The information should be made available to the company’s security information manager 3. Situate all the information into the section that show the weight. This section is First, Second, and Third Classes. In the each group, there are crucial documents with valuable information. The second class has intermediate information. Last class needs no information for classification. The data could as well be unclassified. 2. 2 Picking Countermeasures. 1. Each of the classes undergoes criticism and checks for the in-depth quality and quantity in them. 2. Providing evidence as to why the information should undergo testing. 3. Pick the data and arrange it in order from the most to the least part of the information. 3. 3 Classifying data 1. Consider all the policies on classifying information. 2. Pick a suitable strategy like using encrypting codes. 3. Determine the classification time that is the time for the given document needs protection. 2. Develop new strategies to protect the new Product. For example no using any parts of the new products till the right time. Use a special team of people to make the plans and manufacture the new product. Recommendation At the point when BioMed Company upgrades its versatile security, and additionally its general data and base security, it will be making the best choice to secure its workers, licensed innovation, cash, and its reputation. Therefore, several countermeasures such as use of crypt cell mobile, encrypting codes and lastly phoning trusted people only. Moreover, this way the new product would be safe from hackers or unsafe usage. Reference American Society of Insurance Management., & Risk and Insurance Management Society. (1969). Risk management. New York, N.Y: American Society of Insurance Management. Brown, S. A., & Brown, M. (2011). Ethical issues and security monitoring trends in global healthcare: Technological advancements. Hershey, PA: Medical Information Science Reference. Bidgoli, H. (2006). Handbook of Information Security Volume 3. Hoboken: John Wiley & Sons. Black, C., Beken, T. ., Belgium., & Rijksuniversiteit te Gent. (2001). Reporting on organised crime: A shift from description to explanation in the Belgian annual report on organised crime. Antwerpen: Maklu. Dhillon, G., & Ebrary, Inc. (2001). Information security management: Global challenges in the new millennium. Hershey, Pa: Idea Group. Gifford, N. (2009). Information security: Managing the legal risks. Sydney: CCH Australia Limited. Hovenga, E. J. S. (2010). Health informatics: An overview. Amsterdam: IOS Press. Information Resources Management Association., & Khosrow-Pour, M. (2001). Managing information technology in a global environment. Hershey, PA: Idea Group Publishing. Norman, T. L. (2007). Integrated security systems design: Concepts, specifications, and implementation. Amsterdam: Elsevier Butterworth-Heinemann. Ruan, K. (2013). Cybercrime and cloud forensics: Applications for investigation processes. Hershey, PA: Information Science Reference. Read More