Security Models And Architecture System Essay

Question:

Discuss about the Security Models and Architecture System.

Answer:

Introduction

Information technology and its affiliated components are today identified as important capital tools that offer valid information for business success. This outcome has influenced the application of IT components in different aspects of life, which has also contributed to the prevalence of security issues (Teymouri & Ashoori, 2011). This report, therefore, offers an assessment of the various security issues experienced in IT and their relation to the existing technological landscape. Furthermore, the existing models and control mechanisms of these security issues are highlighted, together with the commonly experienced threats and risks. In all, the report gives a thorough evaluation of the security elements in IT including system vulnerabilities and mitigation procedures.

Technology has always held a common objective despite the advances and inventions that have been seen throughout the years. In essence, the term will outline any element that makes life easier, and none of these elements is more profound and effective as IT. Now, in the past, the technological management landscape focused on mainframe systems that delivered services to users through complicated connections (Kuc, 2015). However, the modern landscape as shown in the diagram below is predominantly user centred including the applications themselves that use cognitive designs to enhance usability. Nevertheless, the same structure that enhances the usability of technological components creates many vulnerabilities that affect the security of modern technological systems (DSTO, 2016).

Vulnerabilities and threats

Rapid technology evolution: consider new technologies that are always been introduced into the market yet lack established standards to protect the users. For instance, social media was faced with several attacks at its onset propagated by the weak security measures used e.g. water holing attacks. The similar outcome is experienced with malware attacks that are now intensified by rapid advances in mobile technology which facilitate their propagation. Users today have extended access to connections (internet) which facilitates self-replicating malware e.g. WannaCry ransomware that used unprotected access ports (Sherr, 2017).

User negligence: most modern day users take security feature for granted including surrendering their information to multiple social network sites. These attributes trickle down to complex applications where organization fail to employ proper security measure exposing their data and users (GU, 2017).

Smart system: Technologies such as Internet of things have led to the development of smart devices that automatically connect and share information. They are also facilitated by wireless technology which unlike wired networks lacks physical security, a serious loophole for many forms of attack e.g. malware, denial of service and man in the middle (Antoli?, Mi?evi?, & Mili?evi?, 2014).

Mitigation and the benefits

  • Encryption of data which facilitates secure connectivity and transfer of information. This security feature enhances communication and increases system productivity.
  • User awareness most attacks are facilitated by poor security measures which can be avoided by user literacy saving on operational cost.
  • Policy enactment which establishes proper security standards(Antoli?, Mi?evi?, & Mili?evi?, 2014).

In IT, two fundamental elements of operation are used; one, the architecture of the computer systems and two, the security models or techniques that define and implement security procedures in the technological components. Now, an important part of security models is the security policy used which detects the terms for data access, an element that outlines the importance of access control methods (CISSP, 2012). Below is a simple depiction of the overall concept of security models.

Threats, vulnerabilities and access control

In all the system and technologies used, security models particularly access control methods and management denote the process subjects use to conduct certain actions (operations) to a given object (e.g. files and data). These mechanisms are important when one considers the different vulnerabilities and threats in place e.g. malware attacks that will interfere with legitimate programs as they try to further the course of intruders. In other instances, network vulnerabilities will be exploited to deny users services as a means to disrupt business operations e.g. DOS. Furthermore, there are those threats that intercept data or traffic to earn or benefit from other users work (Thion, 2008). Therefore, these threats and risk affect the systems confidentiality, integrity and availability (CIA), an outcome fixed by access control.

Mitigation: Access control models (3 common types)

Mandatory access control (MAC)- a static access model that assigns users clearance levels thus improving accountability based on access levels and labels. Therefore, the model is based on policy or matching criteria and not identity.

Discretionary access control – identity is used in this model where the owner decides who access the content directly based on subject. Access control lists are good examples of tools applying this model and so is the access seen in many operating systems.

Rule based access control – as the name suggests, access is done based on certain rules that determine if access is denied or allowed (Cicnavi, 2012).

  • Accountability – a clear record of those accessing certain systems is given which improves the security.
  • Confidentiality and integrity – these models ensure only the authorised personnel and processes accesses IT structures.
  • Cost saving – automation of security protocols is done which reduces the man power(Cicnavi, 2012).

Now, having established the different threats facing information technology, the mitigation procedures are usually identified and implemented. However, the identification element is critical as it determines the effectiveness of the chosen measures (SANS, 2002). Therefore, in a nutshell, risk assessment can be outlined as the process of identifying threats (risk and vulnerabilities), exposing them and developing appropriate effective countermeasures as outlined in the diagram below.

IT risk assessment of threats

Considering the threats that face IT systems, no single or specific assessment can be outlined as the best solution to risk evaluation. However, the process of identifying and mitigating threats follows a common approach management and will always start with the identification of the assets. In this case, the assets are the users, IT infrastructure (hardware and software) and information. Thereafter, the threats are identified which outline any element that exploits vulnerabilities or accidents to interfere with an asset. Finally, the vulnerability is identified, which is the security gap in the operational components. Now, using these three items (Assets, threats and vulnerability) the risk is developed i.e. A+T+V=R (TAG, 2010).

Examples:

  • Threats (Unauthorised access), asset (digital document), vulnerability (access control not defined).
  • Threat (virus), asset (hard disk), vulnerability (anti-virus is not up to date).

Mitigation procedures and benefits

After identifying the risk, which in this case can be classified as the probability that a given activity will occur, the user quantifies the problem based on the existing solutions. For instance, in the examples above, the user will in the first instance, define a proper access control procedure including an accurate access policy. This process can be done using access control list or access control applications. In the second instance, the user would simply update their existing antivirus. Now, the benefits of this are reduced operational costs as resources are protected and resource availability. Moreover, the productivity of the user or organization is increased due to lack of interruptions (Kosutic, 2017).

Conclusion

Information technology is no longer an optional facility but a mandatory component of daily life. This outcome has facilitated its growth in all the industries across the globe which have also facilitated the advances seen today such as wireless communication and smart cities. However, the same technological advances also create many vulnerabilities that facilitate the security threats experienced. Therefore, IT security is dependent on time as there are too many variations and factors to consider. So, the user should update their systems regularly including the IT infrastructure and their literacy levels. This operational procedure will protect the technology landscape, enhance access control models and improve the effectiveness of risk assessment procedures.

References

Antoli?, K., Mi?evi?, P., & Mili?evi?, A. (2014). VULNERABILITIES OF NEW TECHNOLOGIES AND THE PROTECTION OF CNI. Media, culture and public relations, Retrieved 25 August, 2017, from:

Cicnavi. (2012). Overview of Four Main Access Control Models. Utilize windows, Retrieved 25 August, 2017, from:

CISSP. (2012). Security Models and architecture. Chapter 5, Retrieved 25 August, 2017, from:

DSTO. (2016). Future Cyber Security Landscape. A Perspective on the Future, Retrieved 25 August, 2017, from:

(2017). Top 10 Threats to Information Security. Reterieved 25 August, 2017, from:

Kosutic. (2017). ISO 27001/ISO 22301 Knowledge base. 27001 Academy, Retrieved 25 August, 2017, from:

Kuc, S. (2015). Modern technologies and innovations landscape architecture education at Cracow University of Technology . World Transactions on Engineering and Technology Education, Retrieved 25 August, 2017, from:

SANS. (2002). An Overview of Threat and Risk Assessment. SANS Institute InfoSec Reading Room, Retrieved 25 August, 2017, from:

Sherr, I. (2017). WannaCry ransomware: Everything you need to know. Cnet, Retrieved 25 August, 2017, from:

TAG. (2010). Threat, vulnerability, risk – commonly mixed up terms. Retrieved 25 August, from:

Teymouri, M., & Ashoori, M. (2011). The impact of information technology on risk management. Procedia Computer Science, Retrieved 25 August, 2017, from:

Thion. (2008). Access control models. Retrieved 25 August, 2017, from:

How to cite this essay: