Introduction
Data security is an important topic in the modern world due to the emergence of attacks. Many individuals have used opportunities to commit wrongdoings of various natures. For instance, some have defrauded companies they work in to enrich themselves. Since experts have ways to detect activities in emails and other areas of the IT infrastructure, the majority of them have been caught and arrested. This paper explains vulnerability and how one can improve security issues.
Definition of Wrongdoing
Wrongdoing refers to an act that is illegal, unethical, and socially unacceptable. When it comes to emails, this can be seen when someone invades another’s account and accesses files without permission or emails sent with malice. In case of such emails, one can seek the court’s help through an order to access emails for use as evidence. External information, such as how to get deleted emails, would be needed. The method I would use in this situation would be checking for backup copies of client inboxes. The method might work since the email corpus is provided and cannot be deleted.
Patterns in Data and Security Vulnerability
The pattern I am looking to find in the data is that certain functions are only reserved for a particular address. When two people plan to conduct a crime such as fraud in a company, they tend to do so through electronic means. Other people are trying to contact them through email. This condition will force them to group certain emails in a particular manner to separate them from the rest. For example, archiving emails is one way people achieve this. The functionality enables them to hide sensitive data that can incriminate them from others (Zhou et al., 2019). For security issues, I will check for apps and see if there are any vulnerabilities.
When checking for security issues, I will look for examples of new security vulnerabilities, such as weak passwords, missing data encryption, and lack of authorization (Zhou et al., 2019). A weak password is something short and easy that someone can guess. Missing authorization is a problem since it allows anyone to access data resources meant for a single user only. Lack of encryption denies confidentiality and integrity since anyone can access and modify sensitive information.
Using the method get_app_files, I will find which of the apps exhibits vulnerability. The applications that do not support data encryption will be described as vulnerable. Additionally, those who do not seek permission to access a user account have a vulnerability issue. Lastly, applications that do not seek permission or verification for specific functions in the system are vulnerable. These are the main features explaining applications or systems with a security problem since they allow unauthorized and unauthenticated access to personal data. Moreover, one can read and modify the information sent to a person due to a lack of data encryption.
I will find which aspects of the apps correlate with security issues. For instance, as mentioned earlier, some traits or features identify an app or system as vulnerable. Apart from authorization and encryption, it is important to check for elements such as logging and application security testing. If there is a security breach in an application, logging can aid in identifying who has access to the data and how. App log files offer a time-stamped record of accessed aspects and the party responsible.
To find this pattern, I will identify the individuals suspected of any wrongdoing. The next step will be to use automation_info to check for information provided by the log files of automated tasks. Examples of such data include time stamps and specific users. These files offer an audit trail and can be utilized to monitor activities within the system infrastructure. They also help identify policy violations, find fraudulent or uncommon actions, and detect security cases (Zhou et al., 2019). Since logs possess details of what has occurred and what is happening, a security team can utilize them to notice and respond to signs of compromise and examine and evaluate the source of the attack.
I will need external information such as the number of people with authorized access and their preferred time of exercising their privileges. This information is related to the subject matter as it enables one to understand when a particular activity might happen or who is responsible. Such data has been used before to minimize risk and add value to the clients (Owoh & Singh, 2020).
The process can be enhanced with data analytics tools, which can turn every piece of information into a pre-structured presentation or form that is understandable to clients and auditors. I will use methods to find external information include reading the log files and interviewing the ICT manager. The log files contain time stamps of when individuals access the system or apps and the unique addresses of those responsible. Utilizing visual elements such as graphs, maps, and charts would make it easier to understand data contained in the log files.
Data analysis is responsible for the information that I will need. When the system’s use is analyzed, it includes the user activities, number of users, duration of use per person, files accessed, and time of day most accessed (Owoh & Singh, 2020). With this information, it is easy for someone to draw a graph, chart, or map that can help define the data more. Understanding the information represented allows the auditor to gain background insights about the system they are auditing.
Security of the Mobile App Ecosystem
My findings are expected to show that some apps are vulnerable to security attacks. To improve the security in the mobile app ecosystem, I would consider high-level authentication and encrypt all data. A security breach happens due to inadequate high-level authentication. Mobile app developers need to ensure that only strong alphanumeric passwords are approved.
Moreover, it is preferable to inform users that they should often alter their passwords. Biometric authentication with the usage of retinas or fingerprints can be employed to better the security of sensitive applications. In addition, I would ensure that the data transmitted between the server and the app is encrypted, as this guarantees that even if an attacker captures it, they cannot use it.
I would not ban any particular application since it is not a helpful feature from a security perspective. An IT manager can’t notice malware in an application before Google does. Blocklisting is only helpful for managing devices and the way people utilize them. It steers users toward accepted processes and applications and away from apps not meeting mobility strategic objectives. An example is a videoconferencing tool, where most businesses have chosen a specific technology and actively discourage users from engaging in an end-run around corporate policies.
I would recommend against having enterprise-specific apps in some environments since they may not work as needed in those surroundings. The amount of collateral damage would be tremendous since some users will fail to access services from certain businesses. Additionally, it would mean the buyers will have to spend more purchasing phones with a particular app since the demand in the market has increased. Runtime environments are vital for compiled and interpreted software, which rely on runtime engines to offer functionality and resources. This enables delicate dependencies within the computer that an administrator must comprehend and protect.
The same action negatively affects developers since the majority of them are developing applications meant for all platforms and environments. A hybrid app allows for the utilization of programming languages used often by web developers who can reuse their knowledge. This enables easier resource finding to create such an application. Reusing the code of a web application is when code written once can be deployed across every mobile platform. Disallowing such apps means that web developers must learn to code in other languages they may not understand.
There are several challenges that someone might face when trying to implement this. For instance, not all users have the same purchasing power. When a particular application is restricted to only the app store, some areas will be disadvantaged financially, and thus, it would be hard for them to access it (Balapour et al., 2020). This will force the companies to reduce the price of the devices, which means experiencing a loss. Most businesses cannot take such a step as they all pursue profits. Another challenge is that software developers mainly aim to develop applications that can function on every platform. Therefore, they would likely be against this move as they are negatively affected.
The challenge that is purely practical about me and my group’s ability to execute on technical elements concerns advising buyers to shift to specific devices to get services from particular apps. Convincing developers to modify their apps to run on certain environments is difficult (Balapour et al., 2020). Apart from that, one requires marketing skills that will help convince buyers about the value of using their preferred apps from other platforms.
Conclusion and Recommendation
The challenge about apps that might not meet my interest criteria is being platform-specific. For instance, some companies hire developers to create an enterprise-specific app to allow their clients to access their services remotely (Balapour et al., 2020). The reason for choosing this is that not everyone receives services from a particular business. It would be inappropriate to convince individuals to change their devices since some applications are only allowed on specific platforms. Therefore, it is recommended that sensitization be conducted to ensure that people understand the specific applications that are disallowed. This would reduce the unnecessary anxiety that may result from that situation.
References
Balapour, A., Nikkhah, H. R., & Sabherwal, R. (2020). Mobile application security: Role of perceived privacy as the predictor of security perceptions. International Journal of Information Management, 52, 5-8. Web.
Owoh, N. P., & Singh, M. M. (2020). Security analysis of mobile crowd sensing applications. Applied Computing and Informatics,18(1), 2-21. Web.
Zhou, L., Bao, J., Watzlaf, V., & Parmanto, B. (2019). Barriers to and facilitators of the use of mobile health apps from a security perspective: mixed-methods study. JMIR mHealth and uHealth, 7(4), 7-20. Web.