User Account

All Pages

Implementation of secure authentication methods

Assignment Help Computer Engineering
Reference no: EM133637802

Case: Electric Vehicle Motors (EVM) creates and sells several specialized motor vehicles for personal and business use. EVM has invested significant funds into their Intellectual Property (IP) used within the battery management system called "Charge IT." This system enables drivers to plan trips around charging stations and reliably calculates remaining power to make sure no one runs out of battery power before reaching one of their available charging stations.

Other features of the EVM fleet of vehicles include auto-pilot mode for highway driving and several on-board sensors to allow for lane departure alerts, emergency braking, and self-parking capabilities. Owners of EVM vehicles have the option of allowing the EVM corporation to continuously monitor onboard diagnostics, performance data, and location information for a small monthly charge.

Security features of this motor vehicle include biometric authentication via face, fingerprint, or voice recognition to unlock and operate the vehicle. EVM vehicles are considered the most exotic and technologically advanced vehicles on the road today.

While the general public considers this one of the most advanced motor vehicles in production to date, the majority of the population is concerned with the security of their private data, including location, travel habits, speed, and stored biometric data. Understanding the importance of security and privacy from the start, the EVM CEO and Board of Directors have invested considerable amounts of money to develop a comprehensive security and privacy program. Failure to protect their IP could result in competitors gaining market advantage as well as allowing malicious hackers the opportunity to find weaknesses within the system information control and processing units, which could result in serious accidents and driver harm.

Your role:

You are the Chief Information Security Officer (CISO) at EVM. It is your responsibility to protect the information and information systems, including IP, supporting design and development environments and the customer vehicle monitoring systems. Should any system be compromised, the CISO is responsible for incident response and disaster recovery utilizing high-availability systems.

PART ONE: After reviewing the scenario above, select 5 risks that you consider the most important and explain your reasoning for your decision. Your responses should be detailed enough to show the thinking and logic that was used in making your choice.

Risk 1: Data breaches- Ensuring data privacy is crucial for the company as the infrastructure gathers substantial user and vehicle data. Proper encryption is necessary for the system to operate at maximum capacity. Any data privacy breaches can pose a grave threat if the private information of car owners and drivers is exposed. Additionally, a lack of access control in cases of data breaches can make individuals vulnerable to fraud and identity theft.

Risk 2: Vulnerabilities in the Artificial Intelligence System- It's crucial to consistently supervise, refine, and test the security of AI technology. A breach in the system can pose a severe threat to self-driving cars, as hackers can manipulate the algorithm to cause harm to drivers and others on the road. To prevent this, the system should be updated regularly, and certain AI functions can be turned off if the owners do not edit the local systems.

Risk 3: Vulnerabilities if vehicle AI system goes offline- Ensuring the safety and security of vehicles is of utmost importance. To achieve this, it is vital to have a reliable offline method for authorizing and controlling vehicles. It's not uncommon for data connectivity to be unavailable; in such situations, an offline backup method becomes crucial. This is especially important for vehicle owners who prefer to avoid going online or receiving system updates. The backup method will limit the functionality of automated features and authentication if the user misses consecutive updates. Ignoring this aspect could lead to vulnerabilities in the offline system that hackers can exploit. Hence, it's critical to address this issue by implementing proper patching to safeguard against potential security weaknesses in the offline system.

Risk 4: Social engineering or DDoS attacks- Social engineering and DDoS attacks pose a significant risk that can occur from both internal and external sources. To prevent such attacks, employees must receive appropriate training on recognizing and avoiding social engineering and DDos methods used by hackers to gain unauthorized access to systems and personal information and to boot offline. Furthermore, it is equally essential for the company to ensure that vehicle owners know the risks associated with these malicious attacks and how to avoid them. Being prepared and knowledgeable is critical to preventing cyber-attacks, often employing social engineering tactics.

Risk 5: Risk of Authentication mishap or failure- The safety of vehicles and drivers is crucial, and authentication methods play a vital role in achieving it. It is essential to ensure these methods are secure and cannot be bypassed by malicious third parties. If they can, the consequences could be catastrophic. For example, vehicle owners could be denied access if biometric recognition fails, causing many issues and trouble. Similarly, if facial or voice recognition is not foolproof, hackers could trick the algorithm into falsely authenticating the user, resulting in illegal access. As a result, it is crucial to prioritize the implementation of secure authentication methods to guarantee the safety of vehicles and drivers.

PART TWO: After reading through Assignment 2, review the NIST 800-53 R5 (Security and Privacy Controls for Information Systems and Organizations), and select 5 controls from the controls listing in Chapter 3 of the NIST document to match each of the 5 risks identified above.

For each control selected, answer the following questions.

[Note: Please keep your responses focused on the scenario provided above (EVM).]

ID each risk from Part One above and identify a NIST control from the link above to help with risk mitigation.
Why is this control important for EVM?
How would you implement the control to ensure success?
If the control isn't implemented correctly, what is the worst thing that can happen (in your opinion)?

Reference no: EM133637802

Questions Cloud

What are the appropriate codes for the encounter : What are the appropriate codes for the encounter - Complete the MDM Table. Utilize the Notes section to list ALL Codes for this visit (E&M, diagnoses
What deception technology did the organization deploy : What deception technology did the organization deploy to capture the attacker's techniques and tools
Why should we give attention to the examples of jehoash : What difficult situation did Jehoash, Uzziah, and Josiah face and Why should we give attention to the examples of Jehoash, Uzziah, and Josiah
Android malware dataset for machine learning dataset : Android malware dataset for machine learning 2 dataset is it static or dynamic?
Implementation of secure authentication methods : Calculate remaining power to make sure no one runs out of battery power before reaching one of their available charging stations
What are the best practices that should be put into place : What are the best practices that should be put into place to assess the maturity of PBI-FS's cybersecurity management program?
Manipulation to exploit the human element : access or harm information assets without (or exceeding) authorization by circumventing or thwarting logical security mechanisms
Have you broken any HIPAA rules : If you have a signed authorization from the patient but fax the medical record to a different business by mistake, have you broken any HIPAA rules? Why or why
Describe physical database. identify table names : Describe physical database. Identify table names and data field names and identify primary and secondary table key(s).

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd