Application Security and Data Protection

Application Security and Data Protection

(Student’s Name)

(Professor’s Name)

(Course Title)

(Date of Submission)
Application Security and Data Protection

Introduction

There are now many digital outlets where organizations can display themselves.

However, these only work if the organization controls what gets out. It is important to

understand the various ways these outlets could affect an organization so that the necessary

safeguards can be put in place.

Events of the Hacked Account

Social media has permeated the public consciousness to the point that most users wholly

depend on the platforms for information. This being their primary information source, they will

tend to believe what they read on the sites. The social media feeds of news organizations can be

especially desirable targets for people wishing to spread misinformation or discredit those trying

to disseminate accurate information. Also, the given the audience of the sites and the prominence

of popular accounts, an attack on them could provide the perfect platform for the hacker.

Impact of Poor Information Security

The technological age has placed a premium on applications and data for any entity

leveraging on technology. As such, any laxity in the securing of these resources has the potential

of devastating an organization’s reputation and business operations. A good reputation is one

thing any organization desires to have. Maintaining this good requires a careful flow of

information that ensures the public will view the said organization in favorable light. However, a

breach in information security switches of the narrative from the reins of the organization. Once

the public gets a hold of information it wasn’t supposed to get, it is extremely difficult to control

their perception of the company.

Application Security and Data Protection

The loss of business opportunities is a given in case an information breach occurs. First,

the organization will not only be spending time, but also resources in a bid to stem the fallout.

These are time and resources that would have otherwise been spent focusing on its core

operations. There are also legal implications in store after such an event. This is especially so if

the data stolen included personal identifiable information of its customers. The organization

could face lawsuits from those affected and sanctions from federal and state regulators.

Protection Policies

Web applications should be guided by the following policies to safeguard against web

originating threats.

 The use of secure encrypted protocols like HTTPS as an added defense in web

communication.

 All web communication should be filtered through security applications to screen for

threats.

 Social media accounts should be protected by using strong passwords.

 After a social media account is believed to have been hacked, the owners should

immediately notify site administrators to close down the account.

 Anti-phishing software should be installed on the email server and all spam emails should

be discarded immediately on arrival.

The data an organization has should be granted the most robust information security

protocols available. Policies for such include the following.

 All data, whether in transit or at rest should be encrypted. Advisable encryption system is

the federally approved Advanced Encryption Standard (AES).

Application Security and Data Protection

 The database server should be separated from the web server, preferably by using a

demilitarized zone (DMZ) firewall.

 Access to protected information should only be for pre-approved users who should have

strong login credentials.

 Downloads should only be allowed within certain parameters to prevent from the

download of malware executables.

 Random security scans should be done to catch any time-delay threats that might have

been missed the first time round. (Vacca, 2012).

Increasing Organization Information Security Awareness

Even after all logical security measures have been taken, the human component still

remains the most unpredictable of security risks. The organization can reduce likelihood of

insider threats by conducting mandatory information security awareness programs. Information

security training should be an ongoing activity as newer threats emerge. Users should understand

how to identify potential threats and the appropriate response. They should understand how to

have a strong password and to never share it with anyone, including fellow employees. Social

engineering attacks can be prevented by ensuring the employees have full understanding of

legitimate communication.

As stated before, information security threats are constantly changing and this requires

that the above mentioned awareness and training programs evolve to reflect this. This way, they

will stay informed on the latest threats, how to identify them and how to respond to them.

Background security checks for employees with access to sensitive information should not be

disregarded. (Vacca, 2012).

Application Security and Data Protection

References

Websense Threat Report, February 13, 2013. Retrieved from

https://www.websense.com/content/websense-2013-threat.aspx

Vacca, J. R. (2012). Computer and information security handbook. Newnes.