Information Security Management

INFORMATION SECURITY MANAGEMENT
Name:
Course Code:
Date:
1. Discuss the Software as a Service (SaaS) model used in cloud computing.
Software as a Service (SaaS) is a software distribution system which allows users to access the software over the internet with a web browser. The vendors of the software host and maintain the servers, databases and the code that makes up the application. In most cases, users subscribe to access the software and do data manipulation online. the application’s source code is the same to all customers and each customer has a portal where he/she can access the site according to the service level agreement. Data can be stored offline, online or both on the online servers and offline servers. Example of a software as a service is Adobe Creative Cloud. Adobe Creative cloud is a subscription plan that offers Adobe's creative products such as Photoshop and Premiere Pro.
2. How might an attacker misuse a QR code?
QR code can be compromised by QRLJacking. QRLJacking or Quick Response Code Login Jacking is a social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts CITATION OWA \l 1033 (OWASP, n.d.).
CITATION OWA \l 1033 (OWASP, n.d.) describes how QRLJacking works behind the scenes:
The attacker initializes a client side QR session and clones the Login QR Code into a phishing page.
The attacker then sends the phishing page to the victim.
If convinced, the victim scans the QR Code with a specific targeted Mobile App.
The mobile app sends the secret token to the target service to complete the authentication process.
As a result, attacker, who initializes a client side QR session, gains control over the victim’s account.
Then the...