Course Code - CSI6199 Report on contemporary cyber security issues
Introduction
TrueCrypt is considered as a discontinued source available freeware utility that is used for encryption. From the current scenario it has been focused that Imperial cyber has been contracted for providing Consultancy Services to ABS. Hence the client has contracted Imperial cyber regarding the cyber issues that have taken place recently in the business context. It has been found that TrueCrypt is a significant threat to ABS and this product has been used throughout the business. Here the Imperial cyber has been assigned to justify an alternative open source product that can be reduced the issues in ABS. The study will be developed based on the product that is going to be suggested by Imperial Cyber to ABS and its test plan.
Demonstrate the issues and vulnerabilities within the TrueCrypt can be faced by the client
Issues in TrueCrypt
Considering the given scenario it has been identified that the firm Auto Body Supplies has experienced major factors that have taken place in the business context due to TrueCrypt. This section is going to critically identify and evaluate the various issues that take place within the business context due to the use of TrueCrypt. TrueCrypt husband found with major vulnerabilities and it is known for various attacks that are also present in other software based disk encryption software. it has been found that in recent times this tool does not support any encryption within the system drive that has been converted into the dynamic disks. different documentations and information are being distributed with the help of TrueCrypt and here due to lack of security concerns it has become a valuable problem for the client to maintain the security precautions within the business infrastructure. Moreover it has been found that the software tool has a major security problem due to its encryption of the entire hard drive and it is not free from security bugs too. Therefore auto body suppliers have faced various issues due to lack of encrypted data and security flaws (Levesque, 2017).
Communicate the Vulnerabilities faced by ABS due to TrueCrypt
From the given scenario it has been found that Imperial Cyber has been appointed by Auto Body Supplies in order to find major vulnerabilities that are present within the software TrueCrypt that have created e-mail problems for the firm. In this concerned aspect the primary thing that has become the most important is to communicate with the client and to make him convinced that the entire platform should stop using TrueCrypt as soon as possible. Hence while communicating with the client determines that the issues that have been faced by him have been illustrated based on the issues that have been faced by the ABS Company. The reason behind declaring software tools are not secure is going to be stated below. While meeting with client it must be convinced that there are enough reasons behind telling him to stop using TrueCrypt for any kind of data and fractions. In accordance of the developers regarding this existing software it has been stated that they have mentioned that TrueCrypt is not secure as it has been found with various unfixed security issues. It has been found that in the program there could be compromise and in users machines where the back-doors access cannot be allowed but the register reports that can be used for both record keystrokes and installing spyware to the host machine. In this respect it can be stated that this security flaw can make the developer capable sufficiently to capture all the drive encryption keys according to their end user security practices. therefore the Imperial Cyber has communicated with the client and demonstrated to him to instantly stop using the software in his business (Lawrie& Gacek, 2016).
Open source product with of both symmetric and asymmetric encryption
PGP which stands for Pretty Good Privacy can be the next encryption software that can be used by Auto Body Suppliers. in accordance with the Imperial Cyber it is necessary for ABS to incorporate such a software. Moreover it can be stated that it is not only open source but has both of the facilities symmetric and asymmetric encryption. Considering this scenario it can be stated that PGP can be the best option which has both symmetric and asymmetric platform of data encryption. Considering some of the main features and functions of PGP the below section is going to be encompassed.
Product Description
Wireless writing in regards of PGP it can be stated that it is a encryption software that has been designed for providing security, authentication and privacy for online communication system and concept of openPGP, recommended to ABS. that can be considered as standard of PGP encryption which is open source for public use this standard allows the users to use software freely. Hence along with various tools and features open source PGP encryption technology is being used in the PGP software.
If Symmetric and asymmetric both
While suggesting PGP for ABS it must be elucidated that this encryption software has become the widely available software that is mostly influenced by the organizational owners in order to have public key cryptography. This hybrid system uses both symmetric and asymmetric encryption in order to achieve a high level of security. The combination of symmetric and asymmetric encryption allows users to secure their information and the cryptographic keys to the internet. hence does encryption software derive benefits from both the security of asymmetric Cryptography and symmetric encryption. Additionally it can be stated that the speed security and digital signatures in short the integrity of authenticity and data of the center will help to reduce uncertainties within their online platform. While elaborating this section it can be stated that openPGP protocol has allowed the emergence of standardized competitive environment for most of the companies. The symmetric and asymmetric encryption will help ideas to ensure the high potential security within the business infrastructure even by allowing the users to generate the keys and files in one program and to use in another program without having any kind of disturbances that is going to be very much useful for the firm (Desouza, Awazu& Baloh, 2017).
Test Plan for the Product
Name of the Product |
PGP or Pretty Good Privacy |
Approved by |
The Managerial Department of ABS |
Recommended By |
Imperial Cyber |
Test Plan Identifier |
While testing the software the configuration manage system has been taken into account |
Overview , Goals and Any Constraints |
The entire test plan will be conducted upon the recommended encryption software which is PGP. The primary goal is to critically evaluate the capabilities of PGP to provide high security |
References |
The entire project plan along with the configuration management plan will be taken into account for the entire test plan |
Test Items |
The version of the software, features, high potential to give security all will be tested |
Features |
The digital signature that is being used by PGP with a combination of public and hashing key encryption will be tested and examined in this entire testing process |
Approach |
The approach that has been taken into account while testing the software is its capabilities to provide authentication, integrity and non-repudiation. |
Pass/Fail Criteria |
Through the test plan it has been reached that the entire software and its potential capabilities have been succeeded to reach its variables (Sagheb, 2014). |
Environment |
The suitable environment will be sought while conducting the software testing within the software premises. |
Schedule |
From 10 am and after checking the test case the entire test review will take approximately 2 or 3days. |
Staffing |
Skilled staff will be recruited within the business context who will be assigned in different roles. Hence during the implementation of the software it will be necessary to give effective training facilities to the staff in order to make them efficient. |
Risks |
Several risk factors may take place such as loss of money and lack of infrastructure. |
Responsibilities |
The software developers will take the responsibility. Hence the managerial department will provide the necessary information and support. |
Assumptions |
The software PGP will reach its milestones to provide high security |
Approvals |
After the test plan the manager of the company will approve it. |
Outcome of the Test Plan
While elaborating the outcome of the test plan it can be stated that the test plan must be sufficiently precise to address its approach. Hence it has been reached that with the proper implication of PGP encryption software, ABS firm would be able to reduce its uncertainties that have taken place due to TrueCrypt (Redmond, 2014).
Conclusion
It can be concluded that considering the various issues and security flaws that have taken place in the company ABS the consultant of Imperial Cyber has been a pointer. Hence based on the issues the most effective open source prod that is capable of both symmetric and asymmetric has been recommended and implemented by passing through the test plan.
References
Desouza, K., Awazu, Y., & Baloh, P. (2017). Managing Knowledge in Global Software Development Efforts: Issues and Practices. IEEE Software, 23(5), 30-37. https://doi.org/10.1109/ms.2006.135
Lawrie, T., & Gacek, C. (2016). Issues of dependability in open source software development. ACM SIGSOFT Software Engineering Notes, 27(3), 34. https://doi.org/10.1145/638574.638584
Levesque, M. (2017). Fundamental issues with open source software development. First Monday, 9(4). https://doi.org/10.5210/fm.v9i4.1137
Redmond-pyle, D. (2014). Software development methods and tools: some trends and issues. Software Engineering Journal, 11(2), 99. https://doi.org/10.1049/sej.1996.0013
Sagheb-Tehrani, M. (2014). Expert systems development. ACM SIGSOFT Software Engineering Notes, 30(2), 1. https://doi.org/10.1145/1050849.1050864