Assignment: Mitigation Strategy (Phase 2 Of Final Project) (1250 Words/5 Pages) Instructions
Review the phase 1 document attached on the organization: O
Assignment: Mitigation Strategy (Phase 2 Of Final Project) (1250 Words/5 Pages) Instructions
Review the phase 1 document attached on the organization: Oracle Corporation
Phase 2 of Final Project: Provide a comprehensive mitigation strategy based on the threat analysis done as part of phase 1 (find the phase 1 document in attachments)
Conduct Internet research for formats that are used for developing and categorizing a security mitigation strategy on organization: oracle corporation.
Include a short executive summary for this assignment, which you will revise later for use in the final paper.
The mitigation strategy should be approximately 5 pages in length, in APA format, and double-spaced for the narrative.
You may use tables or other graphic representations; however, these additions to the paper should not be included in the page count.
The paper should include references to any material used in preparing the paper. You should use online resources to develop your plans; just make sure to cite these sources. All written work should be your own and unique. 2
Businesses face many threats in their daily operations that, if not addressed well, can reduce the whole identity to nothing. These threats tend to be critical in an organization’s information systems infrastructure as well as their data organizations. The concept of threat analysis essentially entails companies’ approach of identifying the relevance of these threats and the implications thereof with eventual strategic approaches to address the same (Pritchard et al., 2017). It is a continuous process that any given company cherishes in preserving their sustenance to keep revisiting, especially in the current world characterized by enormous dynamism. For instance, Oracle Corporation has found the concept an essential undertaking whereby they have been deploying it as an instrumental approach towards their success. They regularly evaluate all their potentially vulnerable assets to ensure any possible threat is addressed as a strategic approach to prevent security threats.
The concept of threat analysis essentially refers to an approach of evaluating which elements of the system are vulnerable to risks and how to prevent them from such chances of happenings. In Oracle Corporation, this kind of information is essential in realizing and identifying strategic locations in the system’s infrastructure to determine the appropriate approaches to be taken. Oracle Corporation essentially appreciates the concept of threat analysis in their process of identifying their vulnerable assets as well as pinpointing and assessing possible risks. Some of the assets that the company subjects to this phenomenon include: user hardware, servers, specialized devices, software, network devices, and data (Ceccarelli et al., 2018). At Oracle Corporation, threat analysis is done annually with a parallel aspect of its review due to dynamism in their environment. In this presentation, I will conduct a threat analysis that is instrumental in identifying the risks and vulnerabilities in Oracle’s system’s infrastructure and its data organization.
It majorly involves the workstations and the personal computers that are relevant in the Oracle Corporation fraternity. Some of the prominent threats that these components face include theft, corruption, physical damage, unauthorized access, amongst others. Oracle Corporation puts an incredible deal of concern into its hardware. The possible vulnerabilities that threaten their user hardware may risk the company by attracting incidences such as unfavorable penalties, compromised data, and lost reputation (Shakya et al., 2017). Some of the vulnerabilities are addressed by Oracle are due to the use of outdated legacy provisions and software that run for extremely long times under no review. Power faults are one of the serious threats to the user hardware; cases of power fluctuations have been proved to be critical causes of loss of vital data in Oracle Corporation. Other potential factors that attract hardware threats include the age of the facilities, incompatibilities, and the influence of static electricity.
Servers act as one of the core pillars of Oracle Corporation since they accommodate all the company’s critical information. The company greatly accord this field much attention to address any possibility that may pose a potential threat to the same. This is because any element of compromise on the servers may render the company vulnerable to an unauthorized attack by other parties. One aspect that attracts such incidences is the prevalence of inattentive administrators; for instance, when the administrators fail to patch their systems, they place their servers at great risk of insecurity (Khan, n.d). Another concept that attracts cases of vulnerabilities to a company’s server and is of great significance at Oracle Corporation is the type of network embraced; inherently insecure networks significantly attract threats and vulnerabilities to a company’s server, which may ultimately lead to adverse effects.
The relevance of specialized devices in Oracle Corporation’s operations has consequently attracted the need to uphold sensitivity as their security implications are concerned. They are essentially regarded as one of the assets of threat that can contribute to significant threats to the company. Due to their portability and flexibility, they are presumed to be potentially critical in transmitting agents of insecurity such as malware; this may eventually lead to adverse threats and vulnerabilities to the company’s data and systems (Singh, 2021).
Network devices and their implications are other primary concepts that manifest threats and vulnerabilities in Oracle’s systems. The company invests greatly in ensuring that its information security is intact; the devices relevant in its network are often checked to ensure that they are safe and free from harmful malware such as computer viruses. Computer viruses are known to manifest extremely harmful effects since they can disable the company’s security settings and steal or even corrupt data from the company’s systems, adversely affecting the company (Almaiah et al., 2021). Furthermore, the viruses are known to be so notorious for erasing critical information from the systems. Oracle Corporation considers every unvetted device in their network as a potential threat that can risk the data organization of the company. Other common threats implicated by network devices include trojan horses, spyware and adware, and computer worm, among others.
Software implications are another concept that is very critical in Oracle’s perspective of upholding the security of her system infrastructure and data organization. In this phenomenon, the concept of malicious programs comes into play once again. Besides software being a core component in the relevance of Oracle’s information systems, it is also a vulnerable target for an attack of the same systems (Tuma et al., 2018). The company invests a lot in ensuring the active software is reviewed occasionally and protected from malicious programs to avoid critical threats such as corruption of their services or data. The concept of software problems and software conflicts are regarded to be more dangerous than the impact of viruses; they account for extensive damage of data and programs in computers. These implications attract much attention in Oracle Corporation since they implicate adverse threats to their information systems and data organization at large.
Data is another component that manifests critical security implications at Oracle Corporation. Some of the threats relevant to this phenomenon involve unallowed access to critical information, unauthorized disclosure of the same, and stealing of information which may reduce a company into nothing within a short period. The company considers this as one of the sensitive components as their sustenance is concerned besides the relevance of previously visited concepts that a threat to the company’s data security, such as malware and malicious programs, other very critical aspects that the company keeps on addressing to prevent their occurrence include hacking, cloud computing, cracking and data leakage (Ugochukwu-Ibe et al., n.d). For instance, data proves to be a target of threat by individuals who illegally access companies’ networks and systems by deploying the provisions of the advanced technology. Oracle Corporation ensures that comprehensive security measures that can not be bypassed are in place to their systems after realizing the vulnerability of this concept.
Threat analysis is a critical and essential undertaking to companies and organizations, especially those that handle and provide essential commodities vulnerable to threats and risks. For instance, Oracle Corporation, which implicates a comprehensive information systems infrastructure, proves to be a good example of this concept. Threat analysis helps such companies identify and address the implications that pose threats to the well-being of the company’s systems and data organization. The key assets of Oracle Corporation that are vulnerable to threats include; its data, software, network devices, servers, and user hardware. On the other hand, the possible eventual threats that are relevant in Oracle’s Corporation system involves unauthorized access to services, data, software, or hardware; unallowed disclosure of data; denial of service; physical damage; theft of services, data, hardware, or software; viruses, worms, and trojan horses.
Almaiah, M. A., Al-Zahrani, A., Almomani, O., & Alhwaitat, A. K. (2021). Classification of cyber security threats on mobile devices and applications. In Artificial Intelligence and Blockchain for Future Cybersecurity Applications (pp. 107-123). Springer, Cham.
Ceccarelli, A., Zoppi, T., Vasenev, A., Mori, M., Ionita, D., Montoya, L., & Bondavalli, A. (2018). Threat analysis in systems-of-systems: an emergence-oriented approach. ACM Transactions on Cyber-Physical Systems, 3(2), 1-24.
Khan, A. Critical Review on Threat Model of Various NoSQL Databases.
Pritchard, S. W., Hancke, G. P., & Abu-Mahfouz, A. M. (2017, July). Security in software-defined wireless sensor networks: Threats, challenges and potential solutions. In 2017 IEEE 15th International Conference on Industrial Informatics (INDIN) (pp. 168-173). IEEE.
Shakya, B., Tehranipoor, M. M., Bhunia, S., & Forte, D. (2017). Introduction to hardware obfuscation: Motivation, methods, and evaluation. In Hardware Protection through Obfuscation (pp. 3-32). Springer, Cham.
Singh, S. (2021, June). Surprising Privacy Threats from Innocuous Sensors. In Proceedings of the 1st Workshop on Security and Privacy for Mobile AI (pp. 19-24).
Tuma, K., Calikli, G., & Scandariato, R. (2018). Threat analysis of software systems: A systematic literature review. Journal of Systems and Software, 144, 275-294.
Ugochukwu-Ibe, I. M., & Onyemachi, C. P. Data Security: Threats, Challenges and Protection. Journal of Universal Development Initiative (JUDI) ISSN (print), 2141, 6974.