The report discusses the significant rise in risks and threats to technology due to innovation and the increase in online transactions, highlighting the prevalence of hacking, malware, and various e-commerce threats. Traditional security measures and emerging technologies, such as runtime application self-protection, are emphasized as important defenses against these threats. Key issues include database vulnerabilities, excessive permissions, and the need for robust security protocols to prevent data breaches and fraudulent activities.

1. Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has
affected the aspects of technology in different ways.
Improvement of software and operating systems gives hackers a
reason to strive and develop more complex forms of
overweighing security measures on those applications.
Traditional application security best practices and secure coding
are often recommended in protecting different applications
against runtime attacks.
Runtime application self-protection is an emerging application
in the protection of software applications, data, and databases.
The increase in attacks has triggered the development of
security technology that is linked or build into an application
runtime environment. Besides, database deployment is

2. safeguarded by run time application self-protection that can
control the execution of applications, detecting, and preventing
real-time attacks. The threats and risks associated with
operating systems, networks, and software systems are
significant concerns to users.
The internet has changed how people do their businesses. With
the growth of e-commerce and other online transactions, there
has been a subsequent increase in internet risk threats that are
commonly occasioned by hacking and malware attacks. There
are different types of e-commerce threats and might be
accidental, deliberately done by perpetrators, or occur due to
human error. The most prevalent threats are money theft,
unprotected services, credit card fraud, hacking, data misuse,
and phishing attacks. Heats associated with online transactions
can be prevented or reduced by keeping the credit cards safe.
Consumers/customers should be advised to avoid carrying their
credit cards in their wallets since they increase the chances of
misplacement. Each buyer should be cautious when using their
you’re their online credit information.
The advancement in technology has seen an increase in online
transactions. The practice of doing business transactions via the
internet is called e-commerce. Their growth has subsequently
lead to the rise in internet risk threats that are commonly
occasioned by hacking and malware attacks. E-commerce is the
activity of conducting transactions via the internet. Internet
transactions can be drawn on various technologies, including
internet marketing, electronic data exchanges, automated data
collection systems, electronic fund transfer, and mobile
commerce.
Online transaction threats occur by using the internet for unfair
means with the aim of fraud, security breach, and stealing. The
use of electronic payment systems has a substantial risk of
fraud. It uses the identity of a customer to authorize a payment
like security questions and passwords. If someone accesses a
customer's password, he will gain access to his accounts and
steal money or change everything and own the account. Hackers

3. can use stolen credit data to make online purchases.
Privacy issues are also common as the personal data for a
customer could be compromised and employed in unsolicited
marketing, identity theft, and spamming. System reliability is a
great issue in online transactions (Kure & Islam, 2019). There
are high chances of the internet service provider crashing. The
e-commerce plugin could also have bugs, and the online
payment system could she errors. The risk of payment conflict
is commonly experienced in online transactions. Technical
glitches and anomalies in electronic payment systems may result
in a conflict of payment.
E-cash is a paperless cash system that is commonly used in e-
commerce to transfer funds anonymously. It has several threats
related to it, including backdoor attacks, which give attackers
unwarranted access to a system by bypassing the set
authentication mechanisms. Denial of service attacks is a
common security attack where attackers take actions that bare
the right user from accessing the electronic device.
Networks security faces a lot of threats that compromise its
operations. A computer virus is a network security threat.
Computer viruses are parts of software that are designed with
the capacity to spread from one to another computer. These
viruses are often downloaded from a particular site or sent as
email attachments to infect a computer. Viruses corrupt and
steal data from a computer. Rogue computer software is another
threat. It is malicious software that can mislead computer users
to believe that a computer virus has been installed on their
computer. Adware and spyware are software that is designed to
tracks the data of one's browsing habits with their consent.
Data availability, integrity, and confidentiality are the primary
security threat in an operating system (Mhatre, Pegna &
Brdiczka 2018). Malicious and accidental destruction of data
files, modification of data files, unauthorized reading databases,
or data files are of concern on the security of the operating
system. Malicious software or malware hijacks an operating
system to perform some tasks for an attacker. Spyware, Trojans,

4. and viruses are the most predominant form of malware with
each operating to undermine the security controls of an
operating system. Hackers turn compromised computers to
zombies or bots and force them to join a network of other
systems to launch large scale attacks on organizations.
Software threats commonly associated with system software are
malicious pieces of applications and computer code that can
compromise or damage a computer and steal financial and
confidential information. Antivirus programs and other
comprehensive security software also aid in preventing the
impacts of software threats. Bluejacking is among the software
threats and is intended to share contact data to send unwanted
and anonymous messages to other users. Mobile devices and
their applications are also infected by viruses that spread
through the mobile network. The viruses are identical to other
computer viruses.
Database deployment in a distributed environment enables
heterogeneous or homogeneous computers to act as a computing
environment. Deployment is a great concern for databases, and
various challenges impede database deployment. There are both
internal and external risks and threats treated to database
deployment in a distributed environment. One of them is
excessive database privileges. Database users may abuse the
privileges in different ways, i.e., unused privilege abuse,
legitimate privileges, and extreme privilege abuse.
Excessive privileges in database deployment lead to
unnecessary risks. This can be curbed by deploying and
upholding strict accesses and privileges control policy (Visbal
2019). Company employees should not be given excessive
privileges. SQL injection is an attack that occurs when
malicious code is embedded in a web application and then
transferred to the backend database. The SQL injection enables
criminals to have unlimited access to any data that is stored in a
database. The NoSQL injection targets bug data databases while
the SQL injection targets the traditional databases.
Database backups exposure is a common risk in database

5. deployment in a distributed environment. It is always
recommendable to backup a proprietary database at a defined
time. The problem emerges since most of the database back up
files are often left unprotected from attack leading to several
security breaches that occur through database backup leaks.
Database vulnerabilities and misconfigurations. This happens as
most of the databases are left unprotected due to
misconfiguration. Professional IT specialists and hackers use
configuration parameters and default accounts to exploit
database misconfigurations and vulnerabilities to attack an
organization. Denial of service attack slows down as a database
server and can even hide it from all users. DoS attacks can cost
the victims considerable time and money. However, it doesn’t
disclose the content of a database.
Reference
Kure, H. I., & Islam, S. (2019). Assets focus risk management
framework for critical infrastructure, cybersecurity risk
management. IET Cyber-Physical Systems: Theory &
Applications, 4(4), 332-340.

6. Mhatre, H., Pegna, D. L., & Brdiczka, O. (2018). U.S. Patent
No. 10,050,985. Washington, DC: U.S. Patent and Trademark
Office.
Visbal, A. (2019). U.S. Patent Application No. 16/256,862.