User Account

All Pages

Implementation of secure authentication methods

Assignment Help Computer Engineering
Reference no: EM133637802

Case: Electric Vehicle Motors (EVM) creates and sells several specialized motor vehicles for personal and business use. EVM has invested significant funds into their Intellectual Property (IP) used within the battery management system called "Charge IT." This system enables drivers to plan trips around charging stations and reliably calculates remaining power to make sure no one runs out of battery power before reaching one of their available charging stations.

Other features of the EVM fleet of vehicles include auto-pilot mode for highway driving and several on-board sensors to allow for lane departure alerts, emergency braking, and self-parking capabilities. Owners of EVM vehicles have the option of allowing the EVM corporation to continuously monitor onboard diagnostics, performance data, and location information for a small monthly charge.

Security features of this motor vehicle include biometric authentication via face, fingerprint, or voice recognition to unlock and operate the vehicle. EVM vehicles are considered the most exotic and technologically advanced vehicles on the road today.

While the general public considers this one of the most advanced motor vehicles in production to date, the majority of the population is concerned with the security of their private data, including location, travel habits, speed, and stored biometric data. Understanding the importance of security and privacy from the start, the EVM CEO and Board of Directors have invested considerable amounts of money to develop a comprehensive security and privacy program. Failure to protect their IP could result in competitors gaining market advantage as well as allowing malicious hackers the opportunity to find weaknesses within the system information control and processing units, which could result in serious accidents and driver harm.

Your role:

You are the Chief Information Security Officer (CISO) at EVM. It is your responsibility to protect the information and information systems, including IP, supporting design and development environments and the customer vehicle monitoring systems. Should any system be compromised, the CISO is responsible for incident response and disaster recovery utilizing high-availability systems.

PART ONE: After reviewing the scenario above, select 5 risks that you consider the most important and explain your reasoning for your decision. Your responses should be detailed enough to show the thinking and logic that was used in making your choice.

Risk 1: Data breaches- Ensuring data privacy is crucial for the company as the infrastructure gathers substantial user and vehicle data. Proper encryption is necessary for the system to operate at maximum capacity. Any data privacy breaches can pose a grave threat if the private information of car owners and drivers is exposed. Additionally, a lack of access control in cases of data breaches can make individuals vulnerable to fraud and identity theft.

Risk 2: Vulnerabilities in the Artificial Intelligence System- It's crucial to consistently supervise, refine, and test the security of AI technology. A breach in the system can pose a severe threat to self-driving cars, as hackers can manipulate the algorithm to cause harm to drivers and others on the road. To prevent this, the system should be updated regularly, and certain AI functions can be turned off if the owners do not edit the local systems.

Risk 3: Vulnerabilities if vehicle AI system goes offline- Ensuring the safety and security of vehicles is of utmost importance. To achieve this, it is vital to have a reliable offline method for authorizing and controlling vehicles. It's not uncommon for data connectivity to be unavailable; in such situations, an offline backup method becomes crucial. This is especially important for vehicle owners who prefer to avoid going online or receiving system updates. The backup method will limit the functionality of automated features and authentication if the user misses consecutive updates. Ignoring this aspect could lead to vulnerabilities in the offline system that hackers can exploit. Hence, it's critical to address this issue by implementing proper patching to safeguard against potential security weaknesses in the offline system.

Risk 4: Social engineering or DDoS attacks- Social engineering and DDoS attacks pose a significant risk that can occur from both internal and external sources. To prevent such attacks, employees must receive appropriate training on recognizing and avoiding social engineering and DDos methods used by hackers to gain unauthorized access to systems and personal information and to boot offline. Furthermore, it is equally essential for the company to ensure that vehicle owners know the risks associated with these malicious attacks and how to avoid them. Being prepared and knowledgeable is critical to preventing cyber-attacks, often employing social engineering tactics.

Risk 5: Risk of Authentication mishap or failure- The safety of vehicles and drivers is crucial, and authentication methods play a vital role in achieving it. It is essential to ensure these methods are secure and cannot be bypassed by malicious third parties. If they can, the consequences could be catastrophic. For example, vehicle owners could be denied access if biometric recognition fails, causing many issues and trouble. Similarly, if facial or voice recognition is not foolproof, hackers could trick the algorithm into falsely authenticating the user, resulting in illegal access. As a result, it is crucial to prioritize the implementation of secure authentication methods to guarantee the safety of vehicles and drivers.

PART TWO: After reading through Assignment 2, review the NIST 800-53 R5 (Security and Privacy Controls for Information Systems and Organizations), and select 5 controls from the controls listing in Chapter 3 of the NIST document to match each of the 5 risks identified above.

For each control selected, answer the following questions.

[Note: Please keep your responses focused on the scenario provided above (EVM).]

ID each risk from Part One above and identify a NIST control from the link above to help with risk mitigation.
Why is this control important for EVM?
How would you implement the control to ensure success?
If the control isn't implemented correctly, what is the worst thing that can happen (in your opinion)?

Reference no: EM133637802

Questions Cloud

What are the appropriate codes for the encounter : What are the appropriate codes for the encounter - Complete the MDM Table. Utilize the Notes section to list ALL Codes for this visit (E&M, diagnoses
What deception technology did the organization deploy : What deception technology did the organization deploy to capture the attacker's techniques and tools
Why should we give attention to the examples of jehoash : What difficult situation did Jehoash, Uzziah, and Josiah face and Why should we give attention to the examples of Jehoash, Uzziah, and Josiah
Android malware dataset for machine learning dataset : Android malware dataset for machine learning 2 dataset is it static or dynamic?
Implementation of secure authentication methods : Calculate remaining power to make sure no one runs out of battery power before reaching one of their available charging stations
What are the best practices that should be put into place : What are the best practices that should be put into place to assess the maturity of PBI-FS's cybersecurity management program?
Manipulation to exploit the human element : access or harm information assets without (or exceeding) authorization by circumventing or thwarting logical security mechanisms
Have you broken any HIPAA rules : If you have a signed authorization from the patient but fax the medical record to a different business by mistake, have you broken any HIPAA rules? Why or why
Describe physical database. identify table names : Describe physical database. Identify table names and data field names and identify primary and secondary table key(s).

Reviews

Write a Review

Computer Engineering Questions & Answers

  Implement converter convert six-bit binary number into bcd

Implement a converter to convert six-bit binary numbers into BCD, using a ROM of the appropriate size.

  Print out the word if its first n bytes match the search

Write a C program that reads a text file and prints out any words that begin with a user-input string. The program should prompt the user for the search string.

  Research question and contextyou need to describe what your

research question and contextyou need to describe what your research aims to do the objectives that need to be meet to

  Get the requested file from the servers file system

Create a connection socket when contacted by the client (browser) Receive the HTTP request from this connection .

  Clearly describe the information security issue

Clearly describe the information security issue, Provide a discussion of the cultural/contextual issues associated with the information security issue

  What is the need for encryption

What is the need for encryption? Is it a good idea for an organization to buy encryption software that uses "secret" algorithms?

  Create a risk assessment on sangrafix

Create a Risk Assessment on SanGrafix, a video game design company. Risk Assessment can be as simple as noting an unlocked door or a password written on a note, or it can be a complex process requiring several team members and months to complete.

  How the resulting fft changes

Compare this result with the actual spectrum for the pulse. Try other combinations of the number of pulse samples and zero-pads to see how the resulting FFT changes.

  Create a base class for a banking account

Create a base class for a banking account. Decide what characteristics are common for checking and saving accounts and include these characteristics.

  Write a script that will take a vector as an input

Write a script that will take a vector as an input (the vector can be any size). Using a for loop, you must re-arrange the values of the vector.

  Discuss project with the team security specialist

For this week's contribution to the overall capstone project, collaborate and discuss with the team's Security Specialist about the security and privacy.

  Find the probability of vaccination among the people

CS 120 Harward Institute of Management & Technology find the probability of vaccination among the people with Covid-19 infection

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd