1. Introduction
The report reflects on the security management to prevent the unfair terms in the vehicle rental. The selected organization for this paper is “East Coast Car Rentals” operated in Australia. It is the car rental agency within the city of Melbourne. The thefts of the employee’s data, customer’s data, lack of authentication and data encryption running the vehicle rental company at threat and vulnerabilities. In order to prevent the threats, security measures are required to be taken like installation of the lightning to hiring prevent the thefts. The vehicle rental company is making initial investments to the security system so that they can achieve the security goals, and make a benefit for rapid return. The vehicle management is focused on the engagement of the stakeholders regarding the expectations plus promoted constant development in the vehicle presentation. The report discusses on development and documentation of the strategic security policy for the vehicle rental. There are also identification of possible threats and vulnerabilities to the network of the company. After identification of the threats, there is mitigation of the threats plus vulnerabilities in the vehicle rental company.
2. Develop and document strategic security policy for vehicle rental
The privacy policy of East Coast Car Rentals is that the company and its partners are committed to protect privacy of the information and data provided by the customers.
Personal information policy: Collection of the personal data and information is required to rent the vehicle. In the medium sized car rental company, the operator will ensure that they can protect the information of rental customer. There is security policy implemented for East Coast Car Rentals on hacking of the personal data that seems to make a daily headline (Symeonidis, Mustafa & Preneel 2016). In order to protect the data of the customers, cybersecurity is required to protect the reputation of the company.
Current situation of vehicle policy: As per the vehicle rental agreements, it requires the customers to acknowledge that vehicles are in good position, clean as well as safe conditions. The customers can see that the vehicle is clean and the customers are not aware about the mechanical conditions and safety of vehicles (Khan, Aalsalem & Khan 2018). The operators of East Coast Car Rentals is accountable for the maintenance of the vehicle and up-keep before it is being hired included ensuring that the vehicle is roadworthy.
Vendor security policy: The security policy should strict the data access and limited it to the vendors. It is set up a data protection agreement that debates whether the vendors can discussion the information and data restrictions should be in place. It is required to know if the vendors can proper security policy and cyber liability coverage in case there is cyberattack. The vendors are responsible to house the data of the company (Baker 2020). The vendors should not share the vehicle rental company’s data without their permission. The East Coast Car Rentals is required to design solution portfolio that can leverage their services in addition software to identify the vulnerabilities as well as manage the risks.
Education and training of employees: As part of the security policy, the employees are required to be educated about the online threats as well as ways to prevent and protect against the threats. Even the consequences for violation of the security policies would also be outlined in the security policy. The employees are required to provide training about the cyberattacks like ransomware. The viruses are to be transmitted through the links as well as attachments in the emails (Simpson & Foltz 2017). When the employee click on link, then the virus can infect the computer system of the company and encrypts the data of the company.
Sensitive data backup: As East Coast Car Rentals is using the rental software system, therefore the security policy is included processes to take backup of the sensitive data. The system should be verified as well as restored on monthly basis. The IT operator should require to look at the backups logs on regular basis as well as do assessment restores on everyday basis (Kopytowska & Grabowski 2017). The security plan is required to be updated on continual basis to keep the current cyber security procedures and guidelines in place.
3. Potential threats and vulnerabilities to the company’s network
The potential threats are event that cab impact on the valuable resources in negative way and the vulnerability is quality of the resources or the business network that can allow the threat to realize. The selected company, East Coast Car Rentals is a vehicle rental company focuses to do their business by their car rental system so that they can provide required car rental services to the Melbourne customers (Englehart 2016). Following are list of the threats and vulnerabilities to the network of the vehicle rental company:
Threat to theft of sensitive data: The data of the vehicle rental company is intrinsic value to the customers, and the sensitive data like customer’s data is used for identify the theft. The rental companies are collected information from their customers like driver license, contact details, social security data, passport details and insurance details. Credit card details of the customers may be sold on dark web after stolen it from the company’s data (Shafique, Khalid & Rehman 2018). The theft of the sensitive data are accumulated the content and customer’s information from different services through intrusion to equipment in addition communication sniffing.
Threat to computer network and applications: The data of the customers are found on the server, desktops, cloud, mobile devices, in addition email of the vehicle rental company. At the time of storing the personal details of the customers digitally, then the network and applications may be not protected.
Employer theft and data loss: The greatest threat in the vehicle rental business is internal like theft from the employees as well as data losses. It may be possible that the internal employees working in the company may walk away with the sensitive data of the company.
Unauthorized use: The vehicle rental functions are used by unauthorized individuals, like through the spoofing and attack to the vulnerability in the equipment. Examples of this vulnerability is attacker can unlock the vehicle by spoofing as driver as well as perform communication with the driver to unlock vehicle rental cars (Liou 2016).
Sniffing: The communication among in-vehicle equipment in the vehicle and communication between vehicle as well as peripheral system can sniff. The vulnerabilities included attacker can sniff the status information of the rental vehicle (like the current running speed, location details). The attacker can also get details of the services like navigation as well as traffic forecasted.
DoS attack: This threat occurred in the East Coast Car Rentals when the vehicle rental system goes down and the services are denied because of unauthorized and extreme connection requests. The DoS attack threat included the attacker to perform an excessive interaction with smart key to make request for unlocking the door as well as unlocking the normal vehicle blinks (Milošević et al. 2020).
Tampered messages: The tampered messages are to be directed by invader to source false transfer as well as presentation of the rental vehicle. The attacker can tamper tire pressure monitoring system messages, such that restraint suggested pointer of normal vehicle can blink.
Unauthorized relay: The communication plan is manipulated by attacker to hijack the legislative interactions and improper communication. The attacker can reply on smart key’s electric waves as well as unlock vehicle from the remote sites.
Loss of the logs: The vehicle rental operation account may be removed as well as transformed by invader to make an infection as possible. The attacker cab alter the logs for destroying of attacks.
4. Mitigation of the threats and vulnerabilities
After identification of the threats and vulnerabilities in the East Coast Car Rentals, the security measures are taken against those threats in the vehicle system as described below:
Security Socket Layer: The information of the customers are required to be protected and encrypted by means of Security Socket Layer (SSL). It is the standard security technology used to create the encrypted connection among the server as well as user. The purpose of this security technique is to ensure privacy, data integrity as well as authentication of the customer’s data. By means of this security technique, the organization would prevent omissions of the security functions (Khalid, Rehman & Shafique 2020). It performs threats as well as risk analysis against threat of the customer’s data stolen. In order to prevent the threats, SSL is used to establish an authentication as well as encrypted links among the network computers.
Update of computer infrastructure: In order to protect the computer network from the outside threats, the vehicle rental company is required to apply for latest updates from the computer manufacturer. They will opt for anti-virus as well as anti-malware software and those will be updated regularly. The firewall should require to set to prevent the intruders to access to the company’s network (Liou 2016). Even the computer infrastructure is required to be updated with the hard disks, memory equipment and others.
Limited software access: In order to prevent employee’s exposure to the data of the company, the vehicle rental company would set security access for the positions on the internal operations. The software programs can limit to the data access to the employees. The vehicle rental company can able to secure various menu items, log-in details as well as password, and those are only issued to authorized persons. The access system performs with authentication as well as authorization of the users plus entities by evaluation of the login credentials that included authentication elements and security tokens.
Encryption, authentication and access control: There should require to have contents encryption in addition communication frequency encryption. Former is defending of the information resources and final for averting the sniffing. Handling of the speed as well as data volume can differ focused on encryption process, so that the organization can select the correct requirements. Authentication is also recommended as security measures where the password and software processing like harsh values and integrated circuit chip is used. Management of the users can execute the authority functions as well as interactions (Jakimoski 2016). The vehicle rental company can protect the business functions from unexpected usage and unauthorized access arise in the functions.
Secure coding: The programming methods and techniques are to be used to prevent from the vulnerabilities faced by the company. It is included with banning usage of the functions that progress basis of safety holes as well as unclear cipher symbolizations. It is a security practice used to develop the computer software in such a way that can guard against the accidental outline of the security vulnerabilities (Padayachee 2016). Defects, and bugs and security flaws are required the causes of the exploited software vulnerabilities.
Provision of manuals: It should require to know about correct usage of the confidential data of the customers by the employees and they should respond to the issues through manuals. It is required to make sure that there is no security issues raised in the default settings.
5. Conclusion
It is concluded that in the vehicle rental services, the security threat is violation of the security, exists when there is entity, and actions or risk events that could cause harm to the business functions. The threats occur in the vehicle rental company are personal information policy, current situation of vehicle policy, vendor security policy, education and training of employees, and sensitive data backup. The company is required to mitigate the threats and vulnerabilities so that they can accumulate the car rental services to their customers. As the expectations and trust of the customers are main business factor, therefore the company secures their data and information through encryption and authentication methods. The other security prevention techniques are Security Socket Layer, limited access to personnel, provision of manuals, secured coding and update of the computer infrastructure. The security measures help the business to perform a security assessment so that the vehicle rental work is to be done efficiently. The techniques help the business to reduce risks of the falling of the victim of the data theft as well as data breaches.
References
Symeonidis, I, Mustafa, MA & Preneel, B 2016, Keyless car sharing system: A security and privacy analysis. In 2016 IEEE International Smart Cities Conference (ISC2) (pp. 1-7). IEEE.
Khan, WZ, Aalsalem, MY & Khan, MK 2018, Communal acts of IoT consumers: a potential threat to security and privacy. IEEE Transactions on Consumer Electronics, 65(1), pp.64-72.
Baker, DM 2020, Tourism and Terrorism: Terrorists’ Threats to Commercial Aviation Safety and Security. In Tourism, Terrorism and Security. Emerald Publishing Limited.
Simpson, WR & Foltz, KE 2017, Enterprise level security: insider threat counter-claims. In Proceedings of the World Congress on Engineering and Computer Science (Vol. 1).
Kopytowska, M & Grabowski, Ł 2017, European security under threat: Mediating the crisis and constructing the Other. In National Identity and Europe in Times of Crisis. Emerald Publishing Limited.
Englehart, NA 2016, Non-state armed groups as a threat to global security: what threat, whose security?. Journal of global security studies, 1(2), pp.171-183.
Shafique, M, Khalid, F & Rehman, S 2018, Intelligent security measures for smart cyber physical systems. In 2018 21st Euromicro Conference on Digital System Design (DSD) (pp. 280-287). IEEE.
Liou, JC 2016, Performance measures for evaluating the dynamic authentication techniques. International Journal of Cyber-Security and Digital Forensics, 5, pp.83-93.
Milošević, J, Teixeira, A, Tanaka, T, Johansson, KH & Sandberg, H 2020, Security measure allocation for industrial control systems: Exploiting systematic search techniques and submodularity. International Journal of Robust and Nonlinear Control, 30(11), pp.4278-4302.
Khalid, F, Rehman, S & Shafique, M 2020, Overview of security for smart cyber-physical systems. In Security of Cyber-Physical Systems (pp. 5-24). Springer, Cham.
Jakimoski, K 2016, Security techniques for data protection in cloud computing. International Journal of Grid and Distributed Computing, 9(1), pp.49-56.
Padayachee, K 2016, An assessment of opportunity-reducing techniques in information security: An insider threat perspective. Decision Support Systems, 92, pp.47-56.