Cyber security Paper Tasks

Q1 Identification, Authentication & Authorisation (IAA)
1.1 IAA System Criteria:
There are four criterions which the system should provide:
• Accessibility: The members need to be able to book in advance so this means that the system needs to be accessible at various times so that they are not left to disappointment, and it also means that the system should be able to determine if a booking is available at the timeframes given. It should not be possible to perform multiple bookings at the same time unless the member modifies their existing times.
• Availability: The system should be available to the members who make a booking, so the system should not crash or slowdown if many members are using the system at the same time. This requirement is also important for staff so they can monitor table usage and ensure the next booking can be made at the allocated time slot.
• Maximum of six attendees: This is an important criterion in the case that only three members and three guests are allowed to visit the establishments for the booking that was created. Hence the system needs to be able to store this data so the rules and regulations are not being broken. Otherwise there could be further consequences from the staff/police/government in this case (Liu, 2012).
• Security: One of the most important concerns of all is security since the authorised member will need to prove they are who they claim to be; hence a biometric system such as retina scan would be useful for the system. It would detect if the member has registered and made the booking at the time they attend. If the biometric system fails, there could also be an ID card which checks if the member is registered. The requirement allows guest to visit with members and provides ease of access so people don’t need to take cards every time (RAABE, 2020).
1.2 IAA System Design:
During this COVID-19 pandemic, the organisations have switched to online e-commerce business in which they are facing high risks to their system security, data security and user privacy (Cyber threat increase during COVID-19 pandemic, 2020). The system has to be developed as an online system which is available anywhere 24/7 which can be used through the mobiles, tablets, laptops and computers. These types of systems can be accessed online have high security risks such as vulnerabilities, loopholes and lack of oversight. However these systems will provide more benefits such as scalability, time efficiency, availability for the studio including its members in this pandemic and in future (Alton, 2018).
The system should use the verification and authentication facilities to verify the member is booking the studio by themselves. For installing these strong authentication techniques, the studio has to invest in some cost for installing the biometric system and for providing chip cards to every member. The studio will get high security in return in which they can save themselves from a huge loss, so this will be a cost-effective strategy for the studio. This is because a high security system is beneficial for the studio and its members as well. By following the security mechanism, the system should ask at the start of a booking about biometric verification of the member which can be done by fingerprint scan. The members have to use their mobile phones in which the biometric authentication can be completed.
By using a mobile phone, it will help in resolving the confusion of the members who have same names and at the same time keep social distancing measures. It also provides a positive impact on the members that their data is being tracked efficiently (Trader, 2010).
The system has to verify that there are only six attendants at the booking, 3 guests including 3 members; so a database which stores a rule of 6 members at the venue would be useful.
The members can be identified by the chip cards which are issued at the time of registration, although the cards can be carried by any other person on the behalf of members. Moreover the members should give a double identity check first through the chip card and second through the biometric verification so that the system can identify the right member. A benefit of using a chip card is the system used for the chip recognition keeps a record of the user, to record the entry and exit timing of a card user (GROUP, 2017). The guest record in the system is saved with the member reference to identify the members who came with each member.
The access control list can be used for the file system and network access control for authentication of member identities. The access control list is more justifiable as it controls traffic monitoring to check traffic, as it can filter the access to the system due to which the members can be identified (Access Control List (ACL), 2020). The members of the studio are also at risk because of some security and privacy issues as their confidential data can be stolen by hackers if the studio does not have good security policies. The guests can register into the studio by using their studio member account details, so the security of the studio is a major concern of both parties for the studio and its members (Are Club Memberships Compromising Your Privacy and Security?, 2012).
The third mechanism is the online booking with the member ID; the member will add the studio ID assigned at the time of registration along with that member’s ID he will also enter the member ID’s of other members and social security ID of the guests which are stored with the reference of the member. The studio staff will again check for verifying the details of the guests and members using their unique ID numbers. By taking all these contact details, it will become easier for the staff to check for the valid details.
Figure 1: IAA system design
The best part of my prescribed system is that it can be used by all types of members such as the permanent resident of the region or the visitors. Hence the member will get a chance to be a part of that studio for lifetime upon verifying their registration.
In order to secure the system, the top most priority for design is authentication. As per the assumption of the smart device application, the members have to authenticate before reserving any table. There are many methods available for authentication i.e. password based, biometric and Multi-Factor Authentication (MFA) [9].
Figure 2: IAA Booking System Process
Among these aforementioned ones, MFA has been widely accepted by the community due to its secure features. In MFA, the user is authenticated only if the user passes all the authentication factors presented to them. These factors use information which can consist of:
• Something you know
• Something you have
• Someone you are
The first one includes passwords, credit card pin, mother name or first school attended and similar kind of information which only the user knows. The second one includes the possession of smart phone or credit card while the last one ensures the identification using biometric or retinal scan.
MFA has a subcategory called Two-Factor Authentication (2FA) in which the user is presented with two factors from two different categories. The possible combinations can be credit card, pin, email and One Time Password (OTP). Due to the strong features of 2FA, we are incorporating this feature as our authentication mechanism in the design of our system.
Figure 3: IAA System Use Case
When the members log-in into the mobile application for reservation, the member will be authenticated by asking for the mobile application password and an OTP sent to their cell phones. Now the user is logged-in into the system. The scenario is depicted in step 1 and 2 of Figure 3.
After successful authentication, the second system design to discuss is the authorisation. It is mentioned in the requirements that only members of the restaurants can make the bookings. So, this limits random people who have downloaded and logged-in into the mobile application from making reservations as they do not have authority to do so. This can be achieved by allowing premium features for the members and limited ones for the non-members. The scenario is depicted in Figure 2 and step 3 of Figure 3
1.3 System Upgrade for Guests such as Tourists:
The new members (guests) are registered into the system when the following steps for authentic registration have been completed:
• The guests arrive at the studio; the system takes their biometric identity such as their fingerprint and stores it in the system for future evidence.
• The guest then provides other details in a form such as name, contact, address, email, mobile number, and security questions.
• These details are then entered in the system and the system issues a Guest ID to the guest for a specific length which expires after that time. So that the system can verify if the guest checked out after that specific time.
• The guest leaves the studio after checking out from the system, this will be done by the staff that will change the status of the guest as being left on the system.
• In this way, the system can use the details of the guest to register them with the name of a member again when every time a member of the studio wants to register a guest.
So the system prescribed above provides the facility of user authentication by using a fingerprint authentication and chip card verification. For the registered members the chip card verification is done after the fingerprint, in order to do a double check on authentication of member [10]. The new members or the guests are verified on the system by taking their card details, which are then matched with the details provided by the member who has invited the guests.
The members are authenticated and identified and now the members can enjoy the studio facilities knowing that the system is secure overall. The studio has to monitor and manage the security every time so it is very important that they take these detailed steps for authenticating and verifying the members. The process can be annoying for the members as well. The studio has to be very conscious because most of the companies do not take cyber security serious as they follow some common misconceptions such as cyber-attacks are likely to occur in big organisations only. The entertainment facilitators are not attacked, the attackers don’t need data of a club or studio, however these misconceptions are totally wrong and can lead the studio to a high security risk [11].
By using these mechanisms, the guests can also get the facilities of the studio for some time, this is favorable for the studio because there are various people who want to go to the studio for once or for just checking its facilities, so such guests should have a chance to try studio facilities, after which they can choose to be a member of the studio if they want to do so. The guests will also be comfortable that they are not forced to be members or have a member in their belongings to be a guest at the studio. Hence they can enter in the studio without getting access through a member.
Q2 Reputation Management
i. A scheme for review and ratings into the system
Through the analysis of customer behavior, it is determined that many customers in the world do not provide their precious feedback to the company professionals by using face-to-face communication. So, it is very essential and necessary to develop an online system [12].
The proposal I give for the feedback system is that the company should introduce a different feedback system in which the customer of the company should enter the review only if they have a customer ID. The ID is assigned to a customer by the company when they have made their first purchase from the company either online or from any outlet or exhibition. The review system should ask for the customer ID when the customer starts giving the review after which the review is saved with that unique customer ID and name.
This will help in controlling the reviews of fake customers. With the help of this, the management can also identify the positive and negative feedback of the customers to know which customers are giving positive ratings and which type of customers are giving negative ratings. This will also help in analysing the rating and reviews by region. The regions from where customers are giving negative ratings can be shortlisted to improve the overall service for those regions. Mobile phone verification is another
There is another suggestion which will help in detecting the fake reviews. The system should have an algorithm with which can detect the fake reviews. Detecting fake reviews can be possible by following some rules:
• Reviews with no details:
Reviews having no details are considered fake so they can be analysed to verify if they are actually fake or not [13]. So the algorithm should tell the system about such reviews.
• Include Verbs rather than Nouns:
The reviews include more verbs rather than nouns in which the algorithm can detect if a review is fake or not and, this can be entered in the list of fake reviews [13].
• One star reviews:
The review which is based on one star should be checked further by the algorithm whether it is a fake review.
• History of reviewer:
The reviewer which has a history of fake reviews should be added in a screening list, this should be done by the algorithm [13].
If such reviews are detected, they can be controlled by the following ways [14]:
• Pause such customers
• Try to remove reviews
• Respond to the buyer
The other recommended system for the company is the use of social media accounts because they are playing a major role in the community of many businesses. It can easily provide help to the company to increase the popularity around the region, as well as the company. It would attract and generate a lot of new customers from the online market. On the other side, the company will also have a larger number of feedback and they can also effectively improve its business operations. This can include products for increasing customer satisfaction [15]. People can also provide their feedback comments using social media. Social media accounts increase the customer engagement and their precious feedbacks can provide specific information to both the company and customers.
ii. An analysis of the security threats
Reputation attacks as target systems: In this attack, the attacker tries to mislead the public.
Direct and Indirect attacks: The attacker makes the reputation bad by direct attacks to the system. Indirect attacks are done to improve the reputation of other companies such as the companies giving good feedback about another company in the review section [16] of the app.
Collusion attacks: Dishonest feedbacks are through independent users. Non-collusion attacks are triggered by the malicious users which get access to the feedback system and give wrong feedback [16].
These security threats affect the solution I have proposed as they can enter into the system by taking customer ID from the company; however the ratio of such fake reviewers will be very low.
For mitigating these attacks, the company should first design good algorithms in which the system can identify the fake reviews and then block the customer ID of such users. If there is a unique customer ID assigned to every customer, it will be very easy to block such fake reviewers. The information security team will use the NIST framework to make the network of the system secure. By implementation the NIST framework, the attackers will be unable to attack the system. The best strategy to mitigate the risks for the online feedback system is to use HTTPS protocols which provide a secure environment where the user can easily purchase items and it will also help in securing the confidential information of the customers. To increase the security, the company has to purchase a SSL certification from an authorised hosting company.
Furthermore, the antivirus and anti-malware software applications are also very beneficial in the threat mitigation because they can easily help with the critical online purchasing problems. Most importantly, the firewalls of the servers must be stronger because any weakness in the system or any flaw can attract the hackers to enter into the system [17].
References
[1] Y. L. S. Y. Liu, “Security of Online Reputation Systems: The evolution of attacks and defenses,” researchgate, 1 3 2012. [Online]. Available: https://www.researchgate.net/publication/229033643_Security_of_Online_Reputation_Systems_The_evolution_of_attacks_and_defenses.
Comment on Source: Research gate is a research website providing blog information about the evolutions in the field of cyber attacks and defense.
[2] S. RAABE, “Fitness club’s fingerprint entry system pumps up debate over biometric identity,” denverpost, 13 11 2020. [Online]. Available: https://www.denverpost.com/2010/11/13/fitness-clubs-fingerprint-entry-system-pumps-up-debate-over-biometric-identity/.
Comment on Source: Fitness club is a website which provides fitness facilities in this blog it describes what they think about biometric security system.
[3] “Cyber threat increase during COVID-19 pandemic,” norclub, 16 march 2020. [Online]. Available: https://www.norclub.com/insights/cyber-threat-increase-during-covid-19-p.
Norclub describes facts about clubs in this blog it describes about the increase in cyber attacks in COVID 19 pandemic.
[4] L. Alton, “Automated Systems and Security: Threats and Advantages,” isaca, 28 7 2018. [Online]. Available: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2018/automated-systems-and-security-threats-and-advantages.
Comment on Source: Isaca blog provides information about the benefits of automated systems and the threats which effect these systems.
[5] J. Trader, “Why Biometrics Is A Great Solution For Club And Membership Management,” 26 7 2010. [Online]. Available: https://www.m2sys.com/blog/membership-management/why-biometrics-is-a-great-solution-for-club-and-membership-management/.
Comment on source: Blog describes research on the importance and benefit of using biometric for clubs membership
[6] M. GROUP, “National-Club-Association-Club-Trends-Magazine.pdf,” 1 1 2017. [Online]. Available: https://www.torchstoneglobal.com/wp-content/uploads/2016/03/National-Club-Association-Club-Trends-Magazine.pdf.
Comment on Source: Magazine shows trends of club associations about membership
[7] “Access Control List (ACL),” imperva, 1 1 2020. [Online]. Available: https://www.imperva.com/learn/data-security/access-control-list-acl/.
Comment on Source: Imperva is a website which describes the facts about access control for systems.
[8] “Are Club Memberships Compromising Your Privacy and Security?,” yourcmto, 9 12 2012. [Online]. Available: https://yourcmto.com/are-club-memberships-compromising-your-privacy-and-security/.
[9] Author, G., 2020. User Authentication Methods & Technologies To Prevent Breach. [online] ID R&D. Available at: https://www.idrnd.ai/5-authentication- methods-that-can-prevent-the-next-breach/ [Accessed 6 November 2020].
[10] “Smart Cards and Biometrics – FINAL – 030111,” 1 3 2011. [Online]. Available: https://www.securetechalliance.org/resources/pdf/Smart_Cards_and_Biometrics_030111.pdf.
Comment on source: Securetechalliance provides research on smart card and biometric and the effect by using them together.
[11] CLUBPROCURE, “Cyber Attacks: Your Club Could Be At Risk,” clubprocure, 16 11 2015. [Online]. Available: https://www.clubprocure.com/blog/post/cyber-attacks-your-club-could-be-at-risk.
Comment on Source: Club procure shows research on the security risks for clubs.
[12] T. Hatziapostolou and I. Paraskakis, ” Enhancing the Impact of Formative Feedback on Student Learning through an Online Feedback System,” Electronic Journal of E-learning, pp. 111-122., 2010.
[13] “HOW TO DEAL WITH FAKE ONLINE REVIEWS OF YOUR BUSINESS,” digitalmarketinginstitute, 1 1 2020. [Online]. Available: https://digitalmarketinginstitute.com/blog/how-to-deal-with-fake-online-reviews-for-your-business.
[14] “Fake Online Reviews – How To Deal With Fake Customers Reviews In 4 Simple Steps,” reputationstacker, 1 1 2019. [Online]. Available: https://reputationstacker.com/how-to-deal-with-fake-customer-reviews/.
[15] Y. T. Sung, C. N. Liao, T. H. Chang, C. L. Chen and K. E. Chang, ” The effect of online summary assessment and feedback system on the summary writing on 6th graders: The LSA-based technique,” Computers & Education, pp. 1-18., 2016.
[16] Y. L. S. Y. Liu, “Security of Online Reputation Systems: The evolution of attacks and defenses,” researchgate, 1 3 2012. [Online]. Available: https://www.researchgate.net/publication/229033643_Security_of_Online_Reputation_Systems_The_evolution_of_attacks_and_defenses.
[17] S. Chatterjee, “Security and privacy issues in E-Commerce: A proposed guidelines to mitigate the risk,” In 2015 IEEE International Advance Computing Conference (IACC), pp. 393-396, 2015.
[18] C. Haack, “Verification of Security Protocols – Chapter 6: BAN Logic,” 31 03 2008. [Online]. Available: http://cs.ru.nl/~chaack/teaching/2IF02-Spring08/chapter06-print.pdf. [Accessed 1 11 2020].
[19] H. Goldsby, “http://www.cse.msu.edu/~cse914/F02/Public/MiniTutorials/BAN/BANLogic2,” 1989. [Online]. Available: http://www.cse.msu.edu.
[20] K. Rungta, “10 most common web security vulnerabilities,” Guru99.com, 01-Jan-2020. [Online]. Available: https://www.guru99.com/web-security-vulnerabilities.html. [Accessed: 05-Nov-2020].
Comment on Source: Guru99 is a platform which provides comprehensive information about the latest cyber threats and adversaries.
[21] “Fortinet NSE Institute,” Fortinet.com. [Online]. Available: https://training.fortinet.com/auth/saml2/selectidp.php. [Accessed: 06-Nov-2020].
Comment on Source: Fortinet has designed NSE-1 training to educate the cyber security learner/professional about Cyber adversaries and their way of committing crime.
[22] “Automate your work with webhooks and custom functions,” Zoho.com. [Online]. Available: https://www.zoho.com/inventory/customize-workflows-functions/. [Accessed: 07-Nov-2020].
Comment on Source: Zoho provides organised and efficient inventory solutions. It automates major business operations in an organisation.
[24] “Zipline – How It Works,” Flyzipline.com. [Online]. Available: https://flyzipline.com/how-it-works/. [Accessed: 07-Nov-2020].
Comment on Source: Zipline use drones to deliver medicine to different remote areas.
[25] CNBC, “Amazon tests first drone delivery service ‘Prime Air’ | CNBC,” 14-Dec-2016. [Online]. Available: https://www.youtube.com/watch?v=MR9PoBAssw0. [Accessed: 07-Nov-2020].
Comment on Source: Amazon introduced a Prime Air package delivery system to deliver packages to customers through drone.
 
Order Now

Calculate a fair price for your paper

Such a cheap price for your free time and healthy sleep

1650 words
-
-
Place an order within a couple of minutes.
Get guaranteed assistance and 100% confidentiality.
Total price: $78
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?