This article is based on the art of attack prevention and it aims at illustrating how security attack scenarios can be used to check the effectiveness of a system in preventing a system attack. Through the use of a system known as eSAP, the authors have made a report on how scenarios of possible attacks were selected and tested giving recommendations based on their results. The article comes in handy especially at a time where the issue on information system security is quite vital for companies to maintain.
This paper analyzes the article by Haralambos, Paolo and Gordon’s article as to determine its appropriateness, usefulness and validity of the study. Throughout the study, examples and comparisons will be used to evaluate the work. Further justifications will be given for all arguments put forth. Evaluation The writer starts of the paper quite well by explaining what the paper will cover in the introduction. This gives the reader an overview of what to expect because he or she already has an idea of what the article is about (Memering’, 2008).
The manner in which the introduction is done is also enticing such that the reader is encouraged to read on. Further, the authors introduce the article by referring to another article from which the current one stems from. This actually encourages the reader to desire to read the previous article. For those that cannot access it however, this is a disadvantage to them. Accordingly, it would have been wise for the writers to start with a brief history of the previously completed work so that the reader does can effectively understand where they started.
Failure to do this is therefore a flaw in the paper and could impact on the desire of the reader to look at the paper. The authors make use of a real life example in the article to explain how the use of scenarios can be used to analyze the information systems design. eSAP (electronic Single Assessment Process) is assessed to using possible security attacks to establish whether its three main security features which include integrity, availability and privacy can be achieved in case of an attack (Haralambos, Paolo and Gordon, 2007).
Attacks such as interruption, interception and modification were used to check eSAP. The use of an example not only makes the article more interesting to read but also enhances the understandability or the reader so that he or she can grasp exactly what the writers intend to say (Memering’, 2008). Besides this, the authors make use of a diagram for illustration. According to Memering, 2007), this is an effective way of making the readers to get the idea that the author is trying to pass across at a glance.
For example, when a procedure is described in steps, the reader can actually follow these steps to and understand the described process better than when only the text was available. The article by Haralambos, Paolo and Gordon is quite useful in attack prevention. In the current times, many companies have been faced with threats of system attacks hence the need to avoid them. An example is a recent attack on Kaspersky, a major anti-virus vendor which occurred on the customer support site in February 2009 (O’Donnell, 2009).
Since this paper addresses the possible ways in which systems meant to handle such cases can be tested, it is of significant importance. This paper could form a useful background for information system analysts to gauge the ability of different systems to effectively address the desired security concerns. Another reason why this article is very useful is that for every factor tested, there is a recommendation given to reduce the likelihood of the occurrence of that action in real life. For example, after testing the validity of passwords and the ability of the system to keep off intruders, the authors suggest the use of one-time passwords.
Such kind of advice could be used by technicians to further enhance system security and thereby protect it from attack. This study is quite relevant in the study of information system security because it is quite unique in its own way. While other studies concentrate on showing the likely situations that are may face the security system, this paper suggests ways of testing them as well. Liu and Yu (2007) are some of the authors who came closest to doing this kind of research by analyzing the possible intentions of attackers which are also contained in this paper.
They however left the research at that and did not proceed to test the scenarios. According to Liu and Yu (2007), once the attackers’ intentions are identified, the countermeasures to prevent attack can then be identified. They however fail to show the criteria that would be used to prevent attacks. Through the use of the eSAP scenario, Haralambos, Paolo and Gordon bring out the concept so well and even give suggestions on how to handle attacks. It is a good way of testing the effectiveness of a system in handling various security attacks which the management can utilize to establish which system to use in attack prevention.
This is in line with what Liu and Yu (2009) suggest. According to them, a system can only be useful if it performs the job it is designed for. As an example, there is no way a system can allow every employee in a department to have a password and expect that this to be a secure way of protecting their system from attackers. This is a well researched article and it would be right to say that it is valid both in terms of facts and expressions made by the authors. Before the authors could perform the test, a set of scenarios are selected which are then put through a scenario validation procedure.
This is done using software inspections so that the data validity is assured. The authors also make use of numerous sources to as backup for the study which makes the information contained valid to a large extent. Conclusion A paper that succeeds in putting across the desired message is said to be appropriate. If it is of benefit, then it is useful to the leaders. Should the paper give facts that can be evidenced then we can afford to say that it is valid. The article by Haralambos, Paolo and Gordon leaves the reader with a lot of knowledge to grasp.
It is well researched using various books and the results can be said to be valid as they made use of a real life situation to test the system. The authors make the article simpler to understand through the use of examples and a diagram. The recommendations given in the paper could also prove useful to future managers and system technicians in designing strategies of attack prevention.
References Liu, L. , Yu, E. , Mylopoulos, J. , (2007). Analyzing Security Requirements as Relationships Among Strategic Actors, Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS’02), Raleigh-North Carolina. Memering, D. (2008). The writer’s work: guide to effective composition. New York: Prentice-Hall. Mouratidis, H. , Giorgini, P. & Manson, G. (2007). Using Security Attack Scenarios to Analyse Security During Information Systems Design. Retrieved on July 20, 2009 from http://homepages. uel. ac. uk/H. Mouratidis/Paper91_CR. pdf O’Donnell, A. (2009). Kaspersky suffers attack on support site, no apparent data breach. Retrieved on July 20, 2009 from http://blogs. zdnet. com/security/? p=2511
Courtney from Study Moose
Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/3TYhaX