Contents
Associated and potential vulnerabilities threats:
1). Webserver:
2). Student Information Database:
3). Artificial intelligence:
Migrate of the Risk:
1). Webserver:
2). Student Information Database:
3). Artificial intelligence:
Table of risk assessment:
Top 3 risks:
1). Privacy and security.
2). Service attack of the denial:
3) Security of Information:
1). Mechanism of Certificate based authentication.
Working Principle:
Comparison between Password based and Certificate based authentication:
Advantage of the Certificate based authentication.
Disadvantage of the Certificate based authentication:
Comparison of Certificate based authentication and password-based authentication:
Key features:
List of the key features regarding to security:
Anti-spam guideline:
2). Characteristics of a spam:
Analyzing of the email address:
Checking of “from” email address:
3). Act of Spamming
2). Examples of the spam:
3). Spam handling instructions:
Don’t Email Address publicly:
Don’t click on every link/ think before clicking
Major security vulnerabilities for website are
In case of SQL injection attacker, attack database content and corrupt it by using of application code. If attacker become successful in attacking the content of the database, he gets the access of the data base which is threat for the university. Attacker can change, read as well as update or delete data in data base by using unfair mean resources. (M. KADOGUCHI, 2019)
This could occur in case, when website reveal its reference to a specific internal object. That specific internal objects are like files as well as directories and database keys. As exposed reference by website to these objects, as a result attacker/hacker can access to the personal data. (R. Trifonov, 2018,)
III. Misconfiguration of security:
Misconfiguration of security is the major type of vulnerabilities which is occur due to the lack of maintenance as well as lack of attention of website. For secure website database, framework as well as application server should be defined to minimize the security risk or to overcome attack of the hacker. (S. Lee, 2018)
Following are the security vulnerabilities for Student Information Database
In case of Malware, hackers can attack the Student Information Database by using of unfair mean resources like watching computer work as well as download malware. By using of the unfair mean resources, hacker can take over control the system and can change the information according to his will. Hacker can attack by using multiple resources like malware, spyware as well as spams. (Aldlaee, 2013)
If required precautions can not be taken then documents and files shares through the internet which contain personal information might be hacked by the attacker. Hacker can take access to the system through these unsafe files and take over control to the system. (Aldlaeen, , 2013)
III. API of Third Party:
This could happen, when organization tend to access the third-party APIs. If organization do this to access third party APIs, personal data of the institute like files database and record could be exposed to the third party which can access to the system. These type of risk like exposing information to the third party can be minimizes by using of cloud-based service. (Aldlaeen, 2013)
These are major security vulnerabilities for Artificial intelligence
Capabilities of the Artificial Intelligence are increasing worldwide. By increasing of AI institutes and companies explore the usage of this technology to overcome the work burden to human which rapidly replace the human based service. As institutes come to AI, but Al also have security vulnerabilities risks which can expose them to geopolitical risks. (V. Kanimozhi and T. P. Jacob, 2019)
In current era, institutes purchase the AI and their existing products in it. As companies add their products, but they do not know about the code as well as do not have the capability to learn that code which creates major security issues. Artificial intelligence continuously trains the system which create security issues. If there are security issues in the system, hacker can attack the system like database easily which may cause major security issue for the institute. (Xie, 2008 )
Applications of the artificial intelligence can be developed by anyone who has access to code storage which allow anyone to manage projects as well as review the codes which increase the major security risk for organization like institute, schools’ colleges etc. There are security risks in this system, hacker can hack the system of any organization and can change the record as well as database of specific organization. (Zhiquan Lai, 2016 )
These are the following tips to migrate risk from the webserver:
It is necessary to keep all software of the institute up to date to overcome the security risk. The webserver as well as website which is used by the specific institute should be up to date to avoid attacking of the hacker. up to date of Webserver are necessary because hackers can attack easily if there are holes in the webserver or in the website. If third party software like APIs are used by the specific institute, you should apply the security specs to overcome attacking of the hackers. (S. Lee, 2018)
This type of attack could be happening when hacker uses a web from the field which can access to the system and control the data base. If attacker hack the webserver which creates the major security issues. If parameterized queries use by the institute then it’s easy to handle this issue of hacking which makes the webserver more secure. (M. KADOGUCHI, 2019)
Following are the tips to migrate risk from Student Information Database
I). Protect sensitive data:
Administration as well as concern authorities should be preventing the sensitive data which may create security risks for the institute. There should be authentications before accessing the database of the organization as well as institutes. Authorities should create the backup database for the concern of the student’s information. (Aldlaeen, , 2013)
II). Checking of the third-party provider:
To overcome the security risk, third party apps like APIs should be verified before the installation in the system. If there is no verification of the third-party apps like APIs which may can damage the system as well as create holes in the database. If there are holes in the database, hacker can easily attack to the database. So, it is necessary to verify all third-party apps before the installation. (Chatur, 2015)
These are the tips to migrate risk from Artificial intelligence
DPIA (Data Protection Impact Assessment:
For the implementation of the DPIA, ICO is used which is necessary during handling the data by AI. DPIA provide the record of all decisions which are done by the AI. By implementing of DPIA system of the artificial intelligence could be secure which prevent the system to attack by the hacker. (Zhiquan Lai, 2016 )
During the processing as well as collecting the data, legal basis should be considered. By implementing the legal basis, AI should be more secure. By applying this, we can make our system more secure for the attack of the hacker to hack the system. (V. Kanimozhi and T. P. Jacob, 2019)
Risk to university’s management using a semi-quantitative risk assessment approach:
Asset |
Vulnerabilities and Threats |
Impact |
Likelihood |
Risk |
Control |
Student Database |
Weak security of database may cause to access hacker |
4 |
3 |
12(major) |
· Administration should be preventing the sensitive data. · Third party apps like APIs should be verified before the installation in the system. · Renaming the admin user and password. |
Web server |
Misconfiguration of security is the major vulnerabilities which is occur due to the lack of maintenance and attention. |
10 |
8 |
20(Major) |
· keep all software of the institute up to date to overcome the security risk. · SQL injection should be watched |
AI |
Applications of the artificial intelligence can be developed by anyone who has access to code storage. |
5 |
4 |
16(Major) |
· DPIA (Data Protection Impact Assessment · legal basis should be considered to overcome security risk. |
In current era, privacy as well security is the major issue in artificial intelligence.
As the increasing of the artificial intelligence mean more security risks. If we talk about AI, Institute gave the access to artificial intelligence which can also create the security threats. Hacker can hack the system more easily which have the holes in its system of AI.
If we talk about service attack of the denial, this could make a data base corrupt as well as slower. After that attack system of the institute becomes weak then hacker can hack the system which may result loss of the data as well as editing or changes in the data.
Security of the information concern that transfer data between server and the user. Information that send by the server should not be modified or read by the unfair mean resources. If hacker attack the website through holes in the website, they can access data of the institute which may cause the major security issue.
Task 2:
This type of the mechanism is the need of current situation to identify the mechanism as well as the users in the university. Certificate based authentication is a type of digital certificate which is very helpful to handle the security issues in the institute. This is also responsible for having all type of information as well as proofs related the institutes which can handle the security issue and overcome the attack of the hackers. The main feature used by the Certificate based authentication is cryptographic public key. By using of cryptographic public key, institute can handle security issues more easily which can prevent the data of the university from the attack of the hackers. (Zhiquan Lai, 2016 )
If we talk about the working principle of the Certificate based authentication Mechanism. It is the type of the digital cryptography which can access the important information as well as database of the university. Identification of the user can be done by the digital cryptographic approach which is overall called SSL (secure socket layer). Protection of the data because data remains between the layers of them. Its main advantage is that, for the first time demands password but next do not demand any password to open the key. User can get access to keys of server as well as the user to handle the security issue. Digital certificate is responsible to check the certificate which is issues by the trusted authorities.
Comparison of After the verification, it decides that server should allow to the assets or not. (M. KADOGUCHI, 2019)
These are main differences:
Advantage of the Certificate based authentication:
III. Identical verifications are necessary by using of the Certificate based authentication
Main limitation of the Certificate based authentication is require a public key infrastructure which can increase the cost in many environments during compared to the authentication of the public key.
2). Working Principle of Certificate based authentication:
working principle of the Certificate based authentication Mechanism. It is the type of the digital cryptography which can access the important information as well as database of the university. Identification of the user can be done by the digital cryptographic approach which is overall called SSL (secure socket layer). Protection of the data because data remains between the layers of them. Its main advantage is that, for the first time demands password but next do not demand any password to open the key. Digital signature is used by using of this approach as digital key is the proof to the digital signature. User can get access to private key whenever he wants with the help of digital signature. (M. KADOGUCHI, 2019)
User can get access to keys of server as well as the user to handle the security issue. Digital certificate is responsible to check the certificate which is issues by the trusted authorities. Comparison of After the verification, it decides that server should allow to the assets or not.
Password based authentication appealing the password continuously but Certificate based authentication do not demand the private key continuously. As password is required continuously in password-based authentication which is not secure especially for the security purposes. If we talk about Certificate based authentication its demand is not continuously to appealing the password which is more secure for security purposes.
Both password as well as the private key is necessary in certificate-based authentication which make it more secure. But in case of Password based authentication require username as well as password of the user. In the light of the comparisons we can say that certificate-based authentication is more secure than Password based authentication regarding security purpose. (S. Lee, 2018)
If we talk about security issue, Certificate based authentication is overhelpful to overcome this problem. As one-time password as well as biometric is needed in this case which don’t need of extra hardware. By using of this approach, security threats should be minimized. There is no need of token as well as don’t need backup plan for the token. User can access by using any device. (Aldlaeen, , 2013)
Management of the Certificate based authentication is very easy because cloud based managed platform is used for this purpose to minimize the security threats. Its very easy to handle like helpful to issue certificate to fresher employee as well as organization of the institute.
Task 3:
Electronic message known as the spam if identity of the recipients as well as contexts are irrelevant. This message is spam because it’s applicable to other many the recipients. We can say that scam is issue regarding the content of the electronic message. (Zhiquan Lai, 2016 )
These are the ways to notice email is spam or not:
I. Analyzing of the email address:
Analyze the email, if address of the email is not as like your email it is spam which is sent to many other people.
II. Checking of “from” email address:
If we talk about checking of “from”, we have to notice the domain name of the website because if the email is sent by the specific institute its necessary to has domain name of the website. If email don’t have domain name, this type of email is spam email. (V. Kanimozhi and T. P. Jacob, 2019)
These are the act for spamming electronic message:
There are many examples of the spam:
PayPal spam:
PayPal users mostly receive the spam message in its PayPal account. Spammer sent message to PayPal user and inform it about its login changes which recently happen by the company. If user click on this link for the purpose of updated login, fake PayPal login will be sent by the spammer which can steal your password as well as personal information. As a result, spammer can withdraw money by using of password and personal information. (Aldlaee, 2013)
Fake response spam:
In this case spammer use the fake response message which look like user’s earlier sent message response because it has “Re” prefix in the subject line of the message. If user open that type of message, there would be nothing subject line of its sent message. This type of email has imperfectly written which can take user to fake websites.
Following are the main instructions to handle the spam electronic message:
In current rea everyone has access of the internet. As access of the internet is available for everyone, so spammers are looking for the emails which he can sent spam email by using of users email content. It is possible, if email address is publicly available for everyone, spammer can access email address. So, don’t public your email address. (Aldlaeen, , 2013)
Mostly spam emails go to the spam folder which have drugs description as well as have poor writing material. You must have security for their content before opening the email to overcome danger of the spammer. Sometimes, spammer sent an email which look like innocent but have illegal content which can damage your system as well as can get access to your system. (Aldlaee, 2013)
Aldlaee, N. A. A.-S. a. D., 2013. N. A. Al-Sayid and D. Aldlaeen, "Database security threats: A survey study," 2013 5th International Conference on Computer Science and Information Technology, Amman, 2013, pp. 60-64, doi: 10.1109/CSIT.2013.6588759.. Amman, s.n., pp. . 60-64.
Aldlaeen, N. A. A.-S. a. D., , 2013. Database security threats: A survey study. Amman, s.n., pp. 60-64,.
Aldlaeen, N. A. A.-S. a. D., 2013. Database security threats: A survey study. Amman, s.n., pp. 60-64.
Chatur, A. A. S. a. P. N., 2015. Efficient and effective security model for database specially designed to avoid internal threats. s.l., s.n.
El-Qawasmeh, H. A.-A. a. E., 2012,. Discovering security vulnerabilities and leaks in ASP.NET websites," Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Kuala Lumpur, 2012, pp. 329-333, doi: 1. Kuala Lumpur, s.n., pp. 329-333.
Goto, H. L. a. H., 2014. Certificate-Based, Disruption-Tolerant Authentication System with Automatic CA Certificate Distribution for Eduroam. Vasteras, s.n., pp. 169-173, .
KADOGUCHI, S. H. M. H. a. A. O., 2019. Exploring the Dark Web for Cyber Threat Intelligence using Machine Leaning," 2019 IEEE International Conference on Intelligence and Security Informatics (ISI), Shenzhen, China, 2019, pp. 200-202, doi:. Shenzhen, s.n., pp. 200-202.
Trifonov, O. N. a. V. M., 2018,. , "Artificial Intelligence in Cyber Threats Intelligence," 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), Plaine Magnien, 2018, pp. 1-4, doi: 10.1109/ICONIC.2018.8601235.. laine Magnien, s.n., pp. 1-4,.
Lee, H. C. N. K. B. K. a. J. P., 2018. Managing Cyber Threat Intelligence in a Graph Database: Methods of Analyzing Intrusion Sets, Threat Actors, and Campaigns. Jeju, s.n.
Takdir, A. W. W. a., 2014. Fighting cyber crime in email spamming: An evaluation of fuzzy clustering approach to classify spam messages. Bandung, s.n., pp. 19-24,.
Kanimozhi and T. P. Jacob, 2019. Artificial Intelligence based Network Intrusion Detection with Hyper-Parameter Optimization Tuning on the Realistic Cyber Dataset CSE-CIC-IDS2018 using Cloud Computing. s.l., s.n.
Xie, G. W. a. X., 2008 . Research and solution of existing security problems in current internet website system. Guiyang, s.n., pp. 132-135.
Zhiquan Lai, Y. S. a. G. Z., 2016 . A security risk assessment method of website based on threat analysis combined with AHP and entropy weight. Beijing, s.n.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help
Get 24x7 instant assistance whenever you need.
Get affordable prices for your every assignment.
Assure you to deliver the assignment before the deadline
Get Plagiarism and AI content free Assignment
Get direct communication with experts immediately.
Get
500 Words Free
on your assignment today
It's Time To Find The Right Expert to Prepare Your Assignment!
Do not let assignment submission deadlines stress you out. Explore our professional assignment writing services with competitive rates today!
Secure Your Assignment!