Security Threat Analysis
Security Threat Analysis
United states government issue citizens with a nine-digit number referred to as social security number (SSN). The number is used to track earnings while employed and to calculate the benefits one will receive after retirement. An employed person has to make contributions to Social Security for them to receive after work benefits. The major benefits seen from the Social Security Administration include retirement benefits, disability benefits, supplemental security income and benefits for family survivors for members who passed away. Social security number is useful when on many occasions which include: applying for federal loan, opening account with a financial institution, enrolling for medical care, applying for a passport, filling tax returns and applying for a driving license among others.
It is clear that most sensitive transactions are performed with the social security number. It is therefore important to ensure that it is not exposed anyhow to avoid cases of identity theft. The owners should also ensure that they replace their numbers after a while and avoid using one number all their lives. Identity theft occurs where another person uses someone else financial information, assumes that identity, and perform monetary transactions. If a malicious person gets hold of the social identity number, they can use hacking skills to retrieve more information from back databases and use it to make transactions. It is, therefore, not advisable to use the social security number in advertising as it makes it get exposed to many people, some of whom may have malicious intentions. It is shown in the case of LifeLock advertisement that Davis has fallen victim of identity theft thirteen times.
The security breach involves here is the company exposing the number the number to everyone. The government recommends to everyone to keep their numbers confidential and only provide it where it has to be provided, such as to the employer and a financial institution. The government even goes ahead to warn people of producing their number just because they are asked to. Places such as medical institutions may ask for the number but they can still administer medication by using other information about the person. Another security breach occurred when Davis’s number is used to borrow bank loan without him knowing, a situation referred to as identity theft.
SCM stands for supply chain management, CRM for customer relationship management and ERP for enterprise resource planning. SCM is the oversight of information and finances pertaining the purchase of materials and the movement of these materials between the supplier, the manufacturer, the wholesaler and the retailer. CRM involves devising ways to interact with both the current and the future customers. This may involve the use of internet to market and advertise and to reach out to various customers. ERP is the business software for carrying out the business transactions. All these branches involves handling business data stored in databases and also involves the use of technology, therefore, susceptible to identity theft. A hacker can look for ways of gaining database administration privileges to gain access to enterprise systems. Once they are able to access these databases, the can make purchase orders, perform transactions or even alter the setting of the ERP system to divert information to their places on interest.
Identity theft can be avoided by keeping the social security number confidential. The number should only be given out in places where it is a must to. If one realizes that their number has been stolen or fallen into malicious hands, they should report immediately to the social security who will verify whether cases of security breach have occurred. There are also other provided platforms for filing and reporting theft alerts such as the police and Federal Trade Commission among others. (Newman, G. R., & McNally, M. M., 2005).These institutions will ensure that no unauthorized transactions are performed or arrest the concerned persons. In addition, the backs and micro-finance institutions should ensure tight security policies using firewalls to prevent hacking of their databases.
To avoid exposure of the social security fund number, it is important to consider smart ways of advertisement. In designing of advertisement billboards, it is crucial to not include the social security number on the advertisement. In this case, use of different social security fund number should be considered. The “clown” social security fund number should not belong to any of the registered members. All forms of available advertisement should be considered so long as social security fund number is not included. The advert should be designed in a manner as to expose little information on the bearer of the card used in the advertisement.
Use of internet has brought both positive and negative impacts on enterprise data. Internet has enabled sharing of information across the world enabling enterprises to be known worldwide (Meltzer, J. P., 2015). In such cases, they have been able to get customers from different parts of the world boosting the businesses. Internet has also enabled storage and analysis of large volumes of data. Through the introduction of cloud computing, businesses are guaranteed of servers of whatever volume they require while paying for what they are utilizing at any give time. Internet has enabled invention of software tools that process large volumes of data, giving desired results within a very short period of time. Artificial Intelligence (AI) has made this possible. Internet has fasten enterprise transactions through ease of access to the data within the databases. Use of internet has also improved data recovery thus ensuring business continuity through ensuring data redundancy. The redundant servers are placed on different parts of the world, set is such a way that if the primary data goes down, another server picks up the operation and becomes the primary server.
Despite the many positive impacts of internet of enterprise data, there are still threats to the information exposed to the internet. The internet is always considered unsafe environment as it is accessible to all. If no measures are taken to protect enterprise data, it will be subjected to risks of getting compromised. Hackers are always out there looking for ways to make themselves rich by messing on other people’s information. Data packets moving from one server to another can easily be tapped by the so-called men-in-the middle. If the data is being transferred in clear text, it becomes easy for the hacker to retrieve important information such as passwords and use them to get into the databases to carry out transactions.
Newman, G. R., & McNally, M. M. (2005). Identity theft literature review.
Meltzer, J. P. (2015). The I nternet, Cross‐Border Data Flows and International Trade. Asia & the Pacific Policy Studies, 2(1), 90-102.
Click following link to download this document
Security Threat Analysis.docx