Security Management for Reliance Insurance - MyAssignmenthelp

Question: Discuss about theSecurity Management for Reliance Insurance. Answer: Introduction Reliance insurance was formed in 2007 to offer both insurance and assurance services where at the time the primary customers were people who were below the middle-class category as they lacked a stable organisation that would provide these services based on their needs. Since then the company has grown to have five branches across Australia with the headquarters been located in Sydney. In all, the company has employed over 100 employees which in the past has made resource allocation a big problem due to their scarcity as a result of its minimal financial resources. The scarce resources have been mostly IT infrastructure where among many other items employees have been forced to share workstations e.g. computers and printers. This outcome has always made operations difficult as the organisation deals with a lot of data, as demanded by the analysis venture they perform. This outcome has forced the management to outline its BYOD strategy in order to improve its services while lowering the operational cost. Furthermore, the organisation wants to focus its resources on developing its in-house management and control systems including expansion of the central server. This expansion would boost the efficiency of the enterprise system used across the branches of the company, as the current system has minimal capabilities owing to its size. Discussion BYOD BYOD outlines new technological concepts that allow employees to use their own mobile devices in the workplace environment. This concept helps to facilitate their duties from accessing e-mails to performing complex tasks such as using specialised applications. In all, BYOD improves the efficiency and convenience of an organisation. However, as noted by ICT experts, this outcome poses high risks to the security of information where the confidentiality, availability and integrity of an organisations assets are affected (Arregui, Maynard Ahmed, 2016). Furthermore, the risks seem to increase when one considers the devices and system used in conjunction with BYOD i.e. laptops, smartphone, and even USB drives among many others. Each one of these devices presents considerable risks as they have their associated vulnerabilities that when combined create a multitude of threats and attacks (Gajar, Ghosh Rai, 2013). Deployment Vulnerabilities Lost and Stolen Devices Securing mobile devices is a big challenge, for one they are not attached to any physical structure which outlines the first vulnerability where they can be easily tampered with or stolen. Therefore, while employees conduct their daily activities using mobile phones and laptops these devices can be stolen exposing the data as well as assets owned by the organisation. Now, while one may choose to ignore this eventuality one cannot fail to recognise the threat faced, in fact, based on current mobile device deployment rates this outcome is more likely to happen. According to EY (2013), over 22 percent of all mobile devices produced are lost during the course of their operations which outlines the risk. Furthermore, out of these devices, more than 50 percent are never recovered which means if Reliance Insurance enacts the concept it must have adequate backup procedures as information will eventually be lost. Physical Access Another high vulnerability of the concept is its lacks for physical mitigations against attacks or threats. Stationary PCs will have an added advantage as they are closely monitored based on their location. However, mobile devices can be accessed from any location using a wide range of techniques (EY, 2013). Moreover, unlike servers and other workstations, its difficult to control attacks once they have happened as control measures are hindered by the operating principles of mobile devices. For instance, the hardware and operating system predispose these devices to security threats where employees may use old gadgets and devices which have inadequate security measures which expose the entire system led by it networking infrastructure. Consider the iPhone models which in the past i.e. before the emergence of 3GS lacked the capability to offer hardware encryption (Downer Bhattacharya, 2015). If an employee in the organisation brought one of these old devices/models, a rogue access poi nt is created which exposes the companys network to attacks. Managing the Mobile Environment Connectivity threats from Wireless Networks For Reliance insurance to optimise its BYOD resources it would deploy the said devices of the employees using mobile infrastructure i.e. wireless networks to boost connectivity outcomes. This model would see more devices connected to the central system at a minimal cost, effectively sharing the scarce resource. Now, while wireless connectivity is easier and faster through its simple configurations and reconfigurations procedures, the same methods can be used to access the said networks. For one, radio frequencies can be accessed by anybody with a receiving device and without encryption or authentication can be compromised (Choi, Robles, Hong Kim, 2008). Several vulnerabilities of mobile networks can lead to attacks, they are: Accidental association BYOD encourages employees to stay connected at all time, and as result of this mantra, employees will always have their access points turned on to connect to the companys wireless networks e.g. Wi-Fi. However, there are instances when these devices accidentally connect to neighbouring networks as they are automatically configured to do so. These connections can expose the data owned by an organisation if the neighbouring network is set up for malicious intentions (Bilger, Cosand, Singh Xavier, 2005). Rogue access points Reliance insurance will likely implement all the necessary security measures needed for wireless connection, this will include authentication to encryption procedures. However, employees with their devices may choose to create access point such as ad-hoc connections to enhance connectivity. These new AP lack the same security measures imposed by the organisation which exposes the entire system to many forms of attack through the rogue access points created. Non-traditional networks Finally, we have networks such as Bluetooth which lack the necessary security features needed by todays ICT systems. These networks, pose a huge security threat as most of them lack proper authentication and encryption procedures. BYOD commonly have these networks and are readily used by employees to transfer data and files, which serves as a serious security threat (HKSAR, 2010). Application risk Applications in the mode of open source Softwares have accelerated the use of mobile devices by facilitating functions such as social networking, gaming and mapping activities among others. While they may provide many favourable outcomes, these applications have increased security risks more so in a corporate environment where their inefficiencies can lead to data losses and breaches (EY, 2013). Malicious applications like other people, Reliance employees are likely to download applications from a wide range of websites hosted by the internet. These applications, either from legitimate or illegitimate sites may hold serious vulnerabilities. Some of them will have malicious codes embedded in them which creates loopholes in the supporting systems of the devices. Furthermore, the same applications can be sourced from colleagues using USB drives that also can be infected with malicious files. In the end, these applications will take root in these devices which will infect and affect the companys systems when connected to the enterprise network (Pollock, 2014). Applications vulnerabilities BYOD devices are not managed by IT administrators, therefore, the application used may have vulnerabilities owing to their development process. Moreover, with the increased popularity with system development, apps are consistently modified and customised to suit users needs. These modifications alter the original codes that may include the security features used. This outcome exposes the host devices to many security threats (Techwell, 2011). Conclusion BYOD like many other new technological concepts has many benefits that can improve the application of IT resources more so, through its optimisation feature where a few central services can be accessed by many subsequent branch resources. However, its also faced by many security risks which as seen in the analysis stem from its deployment structure and from the fact that its a new technology. Therefore, for Reliance Insurance to optimise its operational services it must develop effective measures to mitigate the risks identified while applying the employee's resources as their own. Furthermore, these measures must be regularly updated to fit the immediate demands as outlined by some security measures that are no longer effective today. Nevertheless, BYOD holds great promise as it diversifies the resources owned by an organisation. Recommendations Based on the vulnerabilities identified above, Reliance Insurance should implement the following key solutions: Policy and education The users i.e. the employees are the biggest risks as their actions dictate the extent of vulnerabilities or risk identified. Therefore, they must be educated on the proper use of BYOD devices. In addition to this, the relevant application policies should be enacted. Strong encryption and authentication This will include all the security measures and policies devised to prevent unauthorised access to networks and business systems, they include: Encryption of data transmitted in networks Limitation of mobile devices from accessing secure systems such as servers. Blocking sites that hold undesirable applications. Deleting mobile data held by employees devices. Implementing strong authentication procedures for joining the business networks and systems. Regular updates for passwords and other authentication procedures. Additional layers of security e.g. firewalls and packet filtering. Using verified applications for the enterprise systems and functions (Fliplet, 2017). References Arregui. D Maynard. S. (2016). Mitigating BYOD Information Security Risks. Australasian Conference on Information Systems. Retrieved 25 May, 2017, from: https://business.uow.edu.au/content/groups/public/@web/@bus/documents/doc/uow223871.pdf Bilger. J, Cosand. H, Singh. N Xavier. J. (2005). Security and Legal Implications of Wireless Networks, Protocols, and Devices. Retrieved 25 May, 2017, from: https://courses.cs.washington.edu/courses/csep590/05au/whitepaper_turnin/WiFi%20-%20final.pdf Choi. M, Robles. R, Hong. C Kim. T. (2008). Wireless Network Security: Vulnerabilities, Threats and Countermeasures. International Journal of Multimedia and Ubiquitous Engineering, 3(3). Retrieved 25 May, 2017, from: https://pdfs.semanticscholar.org/1b0d/e694f8ac13396df9fc8a821164d95dcd04f5.pdf Downer. K Bhattacharya. M. (2015). BYOD Security: A New Business Challenge. Proceedings of The 5th International Symposium on Cloud and Service Computing (SC2 2015). Retrieved 25 May, 2017, from: https://www.researchgate.net/publication/289519738_BYOD_Security_A_New_Business_Challenge (2013). Insights on governance, risk and compliance. Retrieved 25 May, 2017, from: www.ey.com/Publication/vwLUAssets/EY_-_Bring_your_own_device:_mobile_security_and_risk/$FILE/Bring_your_own_device.pdf Fliplet. (2017). 9 Simple Solutions to BYOD Security Risks That Affect Your Company. Enterprise mobility. Retrieved 25 May, 2017, from: https://fliplet.com/blog/9-solutions-byod-security-risks-that-affect-your-company/ Gajar. P, Ghosh. A Rai. S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies. Journal of global research in computer science. Retrieved 25 May, 2017, from: HKSAR. (2010). Wireless networking security. The Government of the Hong Kong Special Administrative Region. Retrieved 25 May, 2017, from: https://www.infosec.gov.hk/english/technical/files/wireless.pdf Pollock. C. (2014). The Mobile App Top 10 Risks. VERACODE. Retrieved 25 May, 2017, from: https://www.owasp.org/images/9/94/MobileTopTen.pdf Techwell. (2011). Five mobile application challenge for IT teams. Business white paper. Retrieved 25 May, 2017, from: https://www.techwell.com/sites/default/files/resource/download/4AA3-8985ENW_5%20Mobile%20Challenges.pdf