Professional Documents
Culture Documents
I. Audit: Describe The Purpose of This Risk Assesment
I. Audit: Describe The Purpose of This Risk Assesment
I. AUDIT
Goals
- Identify and recognize the risk and lessen the vulnerabilities to ensure the security of the user.
- Understand the mechanism and the impact.
- To prove that twitter may become a dominant way for business to communicate with their customers and also users to communicate with other user.
- Also to prove that twitter is one of those trusted and secured social media platforms.
Objectives
- Enrich privacy and data protection services.
- Discover and Recommend controls that can be used to prevent the risk.
- Protect confidentiality, integrity and availability of information that the user has.
- Review confidential tweets and suspend dummy accounts.
LIST ALL PARTICIPANTS INCLUDING ROLE IN THE RISK ASSESSMENT (e.g. system owner, system custodian etc.)
Twitter users
- Users has important role, since they are the beneficiaries and the one who says that there is a problem being experience in twitter.
Page 1 of 6
System Administrators
- The are the operators and one who knows and responsible of what is happening and what is the real problem in twitter.
The CEOs
- The people who knows more about the twitter since some of them are also the co-founder of twitter.
Twitter developer
- The person who have the most knowledge about what is twitter and how it works.
Internet Connection
- Twitter use internet connection in order for the user to open the account and start using it.
Hootsuite Software
-Best way to manage social media networks like twitter.
MySQL
- Twitter uses it heavily for primary storage of tweets and Users, and maintains a custom fork that they recently open-source.
FlockDB
- This twitter’s in-house graph database, which they use to store social graph information.
DESCRIBE HOW USERS ACCESS THE SYSTEM AND THEIR INTENDED USE THE SYSTEM
Users can have access to twitter if they create their own account, follow other people whether it is a politician, celebrities or just an ordinary people, different
pages and groups so that users can see other’s tweet or updates.
They tend to use it to communicate and allow people to share their thoughts with a big audience at a faster pace.
Page 2 of 6
Users fault
- Primary source of threats in twitters are the users itself. Based on my research, Social media platform, for security professionals, it would be more than just
a networking tools. Your tweets can be used against you, it can also be an additional source of valuable information on topics from vulnerability, exploits and
malware to threat actors and anomalous cyber activities.
Twitter suspends everybody’s account whether they are hacked, sports and Hollywood celebrities or Media Company because of lacks of proper humanoid
process to review suspended accounts, Lacks a real scalable platform.
Twitter bug
– It leaked iOS users’ location and data to partner.
Administrators Fault
- Twitter lacks human support and it says that the CEO of twitter lacks leadership, strategic vision and proper knowledge in order to fix twitter’s security
problems.
Phishing
– A deceitful process by which an attempt is made to acquire sensitive information such as username and password.
Bots in twitter
– accounts created by software programs pretending to be human. It said that these bots tweeted 1.4M times during the run up to the last presidential
election in Russia.
Hardware Fault / Software Fault / Human Error / Intentional Outside Error / Intentional Insider Others:
EXISTING CONTROLS
Always check the URL of the Twitter Login Page.
- There are a lot of fake login pages like a twitter login page, it runs malicious scripts which can copy your twitter username and password and send it to an
email address.
Page 3 of 6
Avoid Web based Twitter apps which ask for your password.
- You don’t have to save your twitter account credentials in any third party site’s databse.
RISK RATING
A. Consequence
B. Likelihood
C. Risk Rating
RECOMMENDED CONTROLS
Page 4 of 6
RECOMMENDATIONS
- Use social media properly. There’s no safe on cyberspace. People make mistakes, but errors with social media can lead to terrible consequences.
- Strengthen the security of accounts,
- Lessen the inappropriate tweets to avoid suspension of accounts.
- Limit the information about yourself in your account to prevent identity theft.
- Don’t post important data to prevent data breaching.
SUMMARY
+ Consequences rated high because the risk identified could affect the software and also the software, if not prevented, it will cause damage. The user might
continue receiving spam messages, continue letting someone access your account secretly, spreading unlawful and inappropriate tweets and imitating
someone’s identity, will exist if the risk or threats is not taken care of. Not that totally free from risk, but at least lessen the vulnerabilities.
+ Likelihood rated very likely, because twitter is one of the big social media platform and millions of people are using it, in that millions of people, some of it
the intentions are not just to be entertain but to get rid of someone’s account and identity.
+ Risk rated high because the threats occur in twitter it is not safe and will give big problem to the software and also the user. Confidentiality, Integrity and
Availability are affected and must proactive in order for the user to use twitter well.
After assessing the risk identified the hazard/threats and vulnerability, measuring existing controls and recommended controls are very important to minimize
or eliminate the effect of those hazards. It is also highly recommended what strategy to be used to prevent the hazards and know what must be prioritize.
What further
What are the Who might be harmed What are you already Action by Action by Done
action is
hazards/risk? and how? doing? whom? When? [mm/dd/yyyy
necessary?
Defamatory Tweets Person who tweet Checking the Think before you Action by the When posting. 4/24/2020
defamatory tweets and tweets/message before click. Double check user
the people involve on the posting it. Think about the the By the admin-
post. possible outcome of your delete improper
tweet. tweets
Page 5 of 6
Identity Theft The twitter user, because Limit information to be Make it private. The users When giving info 4/24/2020
through Phishing everyone could imitate save. Use URL of twitter Check URL about you or
someone’s identity, and it because there is fake log in saving on your
can be used to do a crime page. account.
and you will be the
suspect.
Data security If account are hacked, you Secure accounts and set all Change password By the user When creating an 4/24/2020
data is not safe anymore, to Private and it must be Admin- must account and
it can be loss and can also strong. secure managing it.
be used against you. someone’s Once a month.
account to avoid
loss of account.
Page 6 of 6