This project focuses on assessing the security risks associated with Instagram, a social networking platform used by millions worldwide. The report covers the security strategies, policies, and risk mitigation plans Instagram employs to safeguard its users' data and ensure the platform remains secure.
- Introduction
- Purpose
- Objectives
- Strategies
- Security Policies
- Information Classification
- Asset Classification
- Risk Assessment
- IT Security Plan
- Implementation Plan
- Training and Security Awareness
- Security Configuration
- Lessons Learned
Instagram is a widely used social networking service that allows users to share photos and videos. Due to its vast infrastructure and global user base, it faces various security threats that require advanced risk management strategies.
This project aims to conduct a risk assessment of Instagram, identifying potential vulnerabilities and threats while evaluating the platform's security controls and policies.
- Analyze Instagram's security measures.
- Classify its assets and information based on confidentiality and impact levels.
- Develop strategies to mitigate vulnerabilities and risks.
Instagram has employed numerous strategies to ensure its platform is secure. These include providing bug-free software for both iOS and Android, offering high-definition media sharing, and maintaining business-friendly features.
Instagram implements strict security policies, including two-factor authentication, email verification, and account monitoring for suspicious activities. The platform also encourages users to report potential threats.
Information on Instagram is categorized based on its sensitivity, with confidential data like user security activities and credit card details being prioritized for protection.
Key assets, such as user data and authentication databases, are protected through firewalls, encryption, and regular backups. Intrusion detection systems and biometric scans further strengthen security.
We analyzed several potential risks, such as SQL Injection attacks, DDoS attacks, system overheating, and physical security breaches. For each risk, we identified the vulnerability, asset, impact, and likelihood to calculate the overall risk level.
The IT Security Plan includes regular system logging, frequent backups, access control enforcement, monthly risk assessments, employee training, and regular security patches.
We outlined the specific implementation steps to mitigate risks such as SQL Injection attacks, DDoS attacks, and phishing emails.
A comprehensive training plan includes campaigns, posters, awareness presentations, leaflets, newsletters, meetings, and quizzes to keep employees informed of security threats and best practices.
Regular security updates, vulnerability checks, and system re-assessments are conducted to ensure Instagram's infrastructure remains secure.
This project emphasized the importance of continuous risk management, especially for growing platforms like Instagram. Keeping up with emerging threats and updating security policies accordingly is essential to protect both users and the company.
- Ameen Murtaza Siddiqui
- Khalifa Khaled Almansoori