Information Security Report: Threats, Policies, and Vulnerabilities
VerifiedAdded on 2022/11/24
|10
|2601
|1
Report
AI Summary
This report, prepared by a student for the ISY3006 Information Security course, provides a comprehensive analysis of information security practices. The report focuses on developing a strategic security policy tailored for Southern Cross University. It includes an in-depth stakeholder analysis, identifying key entities such as governing bodies, administration, faculties, and students. The core of the report outlines crucial security policies designed to protect confidential information, manage potential risks, and ensure the integrity of the information system. Furthermore, the report delves into potential threats and vulnerabilities within the university's network, including malware risks, weak password implementations, application backdoors, and the dangers of accessing untrusted websites. The report concludes with a summary of the findings, emphasizing the importance of robust security measures to maintain operational integrity and protect the university's assets.
Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note
Information Security
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION SECURITY
Table of Contents
Introduction:...................................................................................................................2
Background of Southern Cross University:...................................................................2
Current Stakeholder of Southern Cross University:.......................................................2
Nature of the Business:..................................................................................................2
Strategic Security Policy for the Southern Cross University:........................................3
Policies for Security of Information:..........................................................................3
Potential Threat and Vulnerability within University’s Network:.............................5
Conclusion:....................................................................................................................6
References:.....................................................................................................................7
Table of Contents
Introduction:...................................................................................................................2
Background of Southern Cross University:...................................................................2
Current Stakeholder of Southern Cross University:.......................................................2
Nature of the Business:..................................................................................................2
Strategic Security Policy for the Southern Cross University:........................................3
Policies for Security of Information:..........................................................................3
Potential Threat and Vulnerability within University’s Network:.............................5
Conclusion:....................................................................................................................6
References:.....................................................................................................................7
2INFORMATION SECURITY
Introduction:
Security of the organizations is very much important to ensure proper flow of the
business processes of them. In this aspect the information security of the organizations is very
much important which helps to ensure that the organization is currently secured from various
of external thefts. It has been assessed that most of the organizations are having a proper
security policies so that they can protect themselves (Peltier 2016). Thus this policies must be
developed in a proper way for the appropriate development of the security of the
organization.
In this document security policies will be developed for the Southern Cross
University. It has been assessed that for development of the security policies it is very much
important for identification of the stakeholders of the organization. Thus stakeholder analysis
will be also done in this report. Potential threat and vulnerabilities that are present within the
network of the organization will be also discussed in this context.
Background of Southern Cross University:
Southern Cross University or the SCU is public university of Australia with having
campuses across Coffs Harbour, Lismore and New South Wales. Also, at the southern end
this university is having campuses on Queensland and Gold Coast. Currently this university is
governed by a particular Council. The CEO or the Chief Executive Officer of the University
reports to the Council. All the affairs of the university is currently managed by this Council.
Currently various type of academic programs are offered by the Southern Cross University.
Current Stakeholder of Southern Cross University:
Considering the Southern Cross University they are currently having several of
stakeholder. The main stakeholder of the Southern Cross University are the governing
entities, administration department, faculties, students, education material providers, direct
competitors (other universities) and Australian Department of Education and Training. The
above identified stakeholders are very much important for the Southern Cross University so
that they can manage their daily operations within the university.
Nature of the Business:
From the above discussions it has been assessed that the Southern Cross University is
a public university of Australia. As this university is a public university, that means, most of
Introduction:
Security of the organizations is very much important to ensure proper flow of the
business processes of them. In this aspect the information security of the organizations is very
much important which helps to ensure that the organization is currently secured from various
of external thefts. It has been assessed that most of the organizations are having a proper
security policies so that they can protect themselves (Peltier 2016). Thus this policies must be
developed in a proper way for the appropriate development of the security of the
organization.
In this document security policies will be developed for the Southern Cross
University. It has been assessed that for development of the security policies it is very much
important for identification of the stakeholders of the organization. Thus stakeholder analysis
will be also done in this report. Potential threat and vulnerabilities that are present within the
network of the organization will be also discussed in this context.
Background of Southern Cross University:
Southern Cross University or the SCU is public university of Australia with having
campuses across Coffs Harbour, Lismore and New South Wales. Also, at the southern end
this university is having campuses on Queensland and Gold Coast. Currently this university is
governed by a particular Council. The CEO or the Chief Executive Officer of the University
reports to the Council. All the affairs of the university is currently managed by this Council.
Currently various type of academic programs are offered by the Southern Cross University.
Current Stakeholder of Southern Cross University:
Considering the Southern Cross University they are currently having several of
stakeholder. The main stakeholder of the Southern Cross University are the governing
entities, administration department, faculties, students, education material providers, direct
competitors (other universities) and Australian Department of Education and Training. The
above identified stakeholders are very much important for the Southern Cross University so
that they can manage their daily operations within the university.
Nature of the Business:
From the above discussions it has been assessed that the Southern Cross University is
a public university of Australia. As this university is a public university, that means, most of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION SECURITY
the public funds for the university comes from the government. The other funds to the
Southern Cross University comes from the students of the university.
Strategic Security Policy for the Southern Cross University:
It has been analysed that the Southern Cross University is a public university of
Australia and currently having various of operations within the campuses. Based on the
activities of the university various of policies need to be developed in this context. The main
aim of this security policy is ensuring all the confidential information within the university is
perfectly secured (Coppolino et al. 2017). Also, the information system of the Southern Cross
University need to be protected very tightly through this polices. Thus through this security
policy, the below mentioned aspects of the Southern Cross University will be fulfilled, which
are:
Protection of the confidential information from the unauthorised access.
Proper management of the potential risks.
Integrity of the Information System.
Terms of contracts and laws must be followed.
Considering the security of the Southern Cross University, the main security of the
university is depending on protection of the information assets of the university. In the
following section important policies for the Southern Cross University is discussed.
Policies for Security of Information:
Any information belongs to the university will be provided only to the users who are
having legitimate need for accessing those data.
Integrity of all the information of the university should be maintained.
The users who are granted for using the information assets of the university are
responsible for handling those data appropriately as per the classification of the data.
All the information of the policy will be protected using relevant legislation.
Any type of unauthorised access to the university data shall not be entertained and
strict actions will be taken against that (Abomhara 2015).
Approval from the network authority must be taken before connecting any type of
digital device to the network of the university.
For temporary internet usage in the university campus the user must use only the free
open network Wi-Fi services.
the public funds for the university comes from the government. The other funds to the
Southern Cross University comes from the students of the university.
Strategic Security Policy for the Southern Cross University:
It has been analysed that the Southern Cross University is a public university of
Australia and currently having various of operations within the campuses. Based on the
activities of the university various of policies need to be developed in this context. The main
aim of this security policy is ensuring all the confidential information within the university is
perfectly secured (Coppolino et al. 2017). Also, the information system of the Southern Cross
University need to be protected very tightly through this polices. Thus through this security
policy, the below mentioned aspects of the Southern Cross University will be fulfilled, which
are:
Protection of the confidential information from the unauthorised access.
Proper management of the potential risks.
Integrity of the Information System.
Terms of contracts and laws must be followed.
Considering the security of the Southern Cross University, the main security of the
university is depending on protection of the information assets of the university. In the
following section important policies for the Southern Cross University is discussed.
Policies for Security of Information:
Any information belongs to the university will be provided only to the users who are
having legitimate need for accessing those data.
Integrity of all the information of the university should be maintained.
The users who are granted for using the information assets of the university are
responsible for handling those data appropriately as per the classification of the data.
All the information of the policy will be protected using relevant legislation.
Any type of unauthorised access to the university data shall not be entertained and
strict actions will be taken against that (Abomhara 2015).
Approval from the network authority must be taken before connecting any type of
digital device to the network of the university.
For temporary internet usage in the university campus the user must use only the free
open network Wi-Fi services.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SECURITY
Users must register themselves in the network of university campus before any type
of network usage.
The software of the network related devices and security related devices must be
always updated (Biscop 2016).
Crucial digital information regarding the university must be always in an encrypted
form. Decryption of those information will be only done in case of any requirement of
university.
All the personal data of the students must be protected by the university. This data of
the students must not be leaked to any third party organization.
Every computer system within the organization must be protected from any type of
external security breaches and security thefts.
All the network within the university must be protected using some appropriate
firewall system.
Any type of network related requests of the users must be reviewed by the network
administrators and will be grated as per the genericity of the request.
The administrator of the network can remove any type of connected device to the
network if any type of suspicious activity is detected.
The IP routing protocols of the within the network will be managed by the IT
department of the university (Hsu et al. 2015).
Access to the network of the university through any type of virtual private network is
not allowed, and disciplinary actions will be taken if found any.
Physical damage to any type of network asset of the university will not be entertained
and disciplinary actions will be taken in this type of situation and also, fines will be
imposed against the peoples who will be found guilty (Liang 2016).
All the software that are accesses using the network of the university, must be
genuine. University does not promote using of any type of pirated software.
The software which belongs to the university must only be used by the stakeholders of
the university. Any type of access to the 3rd party will not be provided (Kuusijärvi et
al. 2016).
Using of illegal software through the network of the university is prohibited strictly.
Software that are used in the university must be updated immediately whenever
update is available from the end of software developer.
Users must register themselves in the network of university campus before any type
of network usage.
The software of the network related devices and security related devices must be
always updated (Biscop 2016).
Crucial digital information regarding the university must be always in an encrypted
form. Decryption of those information will be only done in case of any requirement of
university.
All the personal data of the students must be protected by the university. This data of
the students must not be leaked to any third party organization.
Every computer system within the organization must be protected from any type of
external security breaches and security thefts.
All the network within the university must be protected using some appropriate
firewall system.
Any type of network related requests of the users must be reviewed by the network
administrators and will be grated as per the genericity of the request.
The administrator of the network can remove any type of connected device to the
network if any type of suspicious activity is detected.
The IP routing protocols of the within the network will be managed by the IT
department of the university (Hsu et al. 2015).
Access to the network of the university through any type of virtual private network is
not allowed, and disciplinary actions will be taken if found any.
Physical damage to any type of network asset of the university will not be entertained
and disciplinary actions will be taken in this type of situation and also, fines will be
imposed against the peoples who will be found guilty (Liang 2016).
All the software that are accesses using the network of the university, must be
genuine. University does not promote using of any type of pirated software.
The software which belongs to the university must only be used by the stakeholders of
the university. Any type of access to the 3rd party will not be provided (Kuusijärvi et
al. 2016).
Using of illegal software through the network of the university is prohibited strictly.
Software that are used in the university must be updated immediately whenever
update is available from the end of software developer.
5INFORMATION SECURITY
By utilising the above polices the organization will be able to manage the security of
the information and the network devices within the university.
Potential Threat and Vulnerability within University’s Network:
From the above discussion of security policies for the organization it has been
assessed that there can be several of thefts and vulnerability within the network of the
Southern Cross University. In the following section all of these threat and vulnerabilities will
be discussed.
Considering the network infrastructure of Southern Cross University there can be
various of potential risk and threats as this network is currently connected with the external
networks through the internet services. The main security issues which can occur in the
university are the:
Risk of Malware: The Southern Cross University handles a vast number of students every
year and due to this factor more and more devices are connecting to the network of the
university. Due to this factor potential risks of intrusion of malware within the network of the
university is increasing (Firoozjaei et al. 2017). As the number of connected device will be
increased the overall chances of occurring the malware increases. In most of cases it has been
seen that an average user is consisting two or more that two devices connected to the network
of the university. This increases chances of occurring the malware even more.
To mitigate this type of security issue the university must conduct a security scrutiny
of each of the devices connected to the network of the university in a specific time interval.
Qualified devices will be only allowed to connect to the university network.
Implementation of Weak Passwords: Implementation of the weak passwords both by the
students and the administrators of the network is one of the most common network
vulnerability in this case (Friedberg et al. 2015). Weak and common password can be easily
cracked and can be guessed by the attackers and due to this factor information resources
within the organization can be exposed. Thus this type of security vulnerability must be
mitigated properly.
This type of security vulnerability can be easily mitigated by implementation of
strong and complex passwords. This awareness must be created among the network admin
and the user of the network.
By utilising the above polices the organization will be able to manage the security of
the information and the network devices within the university.
Potential Threat and Vulnerability within University’s Network:
From the above discussion of security policies for the organization it has been
assessed that there can be several of thefts and vulnerability within the network of the
Southern Cross University. In the following section all of these threat and vulnerabilities will
be discussed.
Considering the network infrastructure of Southern Cross University there can be
various of potential risk and threats as this network is currently connected with the external
networks through the internet services. The main security issues which can occur in the
university are the:
Risk of Malware: The Southern Cross University handles a vast number of students every
year and due to this factor more and more devices are connecting to the network of the
university. Due to this factor potential risks of intrusion of malware within the network of the
university is increasing (Firoozjaei et al. 2017). As the number of connected device will be
increased the overall chances of occurring the malware increases. In most of cases it has been
seen that an average user is consisting two or more that two devices connected to the network
of the university. This increases chances of occurring the malware even more.
To mitigate this type of security issue the university must conduct a security scrutiny
of each of the devices connected to the network of the university in a specific time interval.
Qualified devices will be only allowed to connect to the university network.
Implementation of Weak Passwords: Implementation of the weak passwords both by the
students and the administrators of the network is one of the most common network
vulnerability in this case (Friedberg et al. 2015). Weak and common password can be easily
cracked and can be guessed by the attackers and due to this factor information resources
within the organization can be exposed. Thus this type of security vulnerability must be
mitigated properly.
This type of security vulnerability can be easily mitigated by implementation of
strong and complex passwords. This awareness must be created among the network admin
and the user of the network.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION SECURITY
Application Backdoor: Currently there are various of software and application which are
used by the Southern Cross University. In many cases there can be some backdoor in those
software due to which the attackers can gain access to important resources of the Southern
Cross University (Lal, Taleb and Dutta 2017). This is a massive security flaw which can
occur within the network of Southern Cross University.
This type of security related issues can be mitigated properly by timely patching the
software. Patches and updates are provided by the developers of the software. Thus Southern
Cross University need to update the software very actively whenever update is available from
the end of the software developer.
Access of non-trusted Websites: In many of the cases it has been seen that students are
accessing many non-trusted websites through the network of the university. As this type of
websites are non-trusted there can be security related issues with the website and the content
of it. This can lead to potential security related issues with the network of university, such as
intrusion of virus and Trojans in the entire network of the Southern Cross University. This
can lead to potential damage to the university assets and information (Shropshire, Warkentin
and Sharma 2015). Thus this type of security issues must be mitigated properly.
For proper mitigation of this type of issues, university must block access to this type
of potential websites by implementing a firewall system. By blocking the access of those
websites the users will be unable to access those, thus university will be saved form potential
virus attacks.
Conclusion:
From the above discussion it can be concluded that perfect security of the
organizations is very much important for achieving the normal executional processes of that
organization, including the universities also. Proper policies are need to be implemented so
that the organizations can be secured from various of potential external threats. This report
comprises some important security policies which are important for proper security of the
organizations. Policies has been developed specifically for the Southern Cross University but
this polices can also be followed by similar type of universities. Also, in this report
stakeholder of the Southern Cross University and nature of the organization has been
elaborated. Following that, brief policy for the Southern Cross University has been provided.
In the further discussion on this report, potential threats and vulnerabilities that can occur in
Application Backdoor: Currently there are various of software and application which are
used by the Southern Cross University. In many cases there can be some backdoor in those
software due to which the attackers can gain access to important resources of the Southern
Cross University (Lal, Taleb and Dutta 2017). This is a massive security flaw which can
occur within the network of Southern Cross University.
This type of security related issues can be mitigated properly by timely patching the
software. Patches and updates are provided by the developers of the software. Thus Southern
Cross University need to update the software very actively whenever update is available from
the end of the software developer.
Access of non-trusted Websites: In many of the cases it has been seen that students are
accessing many non-trusted websites through the network of the university. As this type of
websites are non-trusted there can be security related issues with the website and the content
of it. This can lead to potential security related issues with the network of university, such as
intrusion of virus and Trojans in the entire network of the Southern Cross University. This
can lead to potential damage to the university assets and information (Shropshire, Warkentin
and Sharma 2015). Thus this type of security issues must be mitigated properly.
For proper mitigation of this type of issues, university must block access to this type
of potential websites by implementing a firewall system. By blocking the access of those
websites the users will be unable to access those, thus university will be saved form potential
virus attacks.
Conclusion:
From the above discussion it can be concluded that perfect security of the
organizations is very much important for achieving the normal executional processes of that
organization, including the universities also. Proper policies are need to be implemented so
that the organizations can be secured from various of potential external threats. This report
comprises some important security policies which are important for proper security of the
organizations. Policies has been developed specifically for the Southern Cross University but
this polices can also be followed by similar type of universities. Also, in this report
stakeholder of the Southern Cross University and nature of the organization has been
elaborated. Following that, brief policy for the Southern Cross University has been provided.
In the further discussion on this report, potential threats and vulnerabilities that can occur in
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SECURITY
the network of the Southern Cross University has been discussed and with that proper
mitigation techniques of those threats and vulnerability has been also presented.
the network of the Southern Cross University has been discussed and with that proper
mitigation techniques of those threats and vulnerability has been also presented.
8INFORMATION SECURITY
References:
Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats,
intruders and attacks. Journal of Cyber Security and Mobility, 4(1), pp.65-88.
Biscop, S., 2016. The European security strategy: a global agenda for positive power.
Routledge.
Coppolino, L., D’Antonio, S., Mazzeo, G. and Romano, L., 2017. Cloud security: Emerging
threats and current solutions. Computers & Electrical Engineering, 59, pp.126-140.
Firoozjaei, M.D., Jeong, J.P., Ko, H. and Kim, H., 2017. Security challenges with network
functions virtualization. Future Generation Computer Systems, 67, pp.315-324.
Friedberg, I., Skopik, F., Settanni, G. and Fiedler, R., 2015. Combating advanced persistent
threats: From network event correlation to incident detection. Computers & Security, 48,
pp.35-57.
Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), pp.282-300.
Kuusijärvi, J., Savola, R., Savolainen, P. and Evesti, A., 2016, December. Mitigating IoT
security threats with a trusted Network element. In 2016 11th International Conference for
Internet Technology and Secured Transactions (ICITST) (pp. 260-265). IEEE.
Lal, S., Taleb, T. and Dutta, A., 2017. NFV: Security threats and best practices. IEEE
Communications Magazine, 55(8), pp.211-217.
Liang, C.S., 2016. Europe for the Europeans: the foreign and security policy of the populist
radical right. In Europe for the Europeans (pp. 19-50). Routledge.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
References:
Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats,
intruders and attacks. Journal of Cyber Security and Mobility, 4(1), pp.65-88.
Biscop, S., 2016. The European security strategy: a global agenda for positive power.
Routledge.
Coppolino, L., D’Antonio, S., Mazzeo, G. and Romano, L., 2017. Cloud security: Emerging
threats and current solutions. Computers & Electrical Engineering, 59, pp.126-140.
Firoozjaei, M.D., Jeong, J.P., Ko, H. and Kim, H., 2017. Security challenges with network
functions virtualization. Future Generation Computer Systems, 67, pp.315-324.
Friedberg, I., Skopik, F., Settanni, G. and Fiedler, R., 2015. Combating advanced persistent
threats: From network event correlation to incident detection. Computers & Security, 48,
pp.35-57.
Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), pp.282-300.
Kuusijärvi, J., Savola, R., Savolainen, P. and Evesti, A., 2016, December. Mitigating IoT
security threats with a trusted Network element. In 2016 11th International Conference for
Internet Technology and Secured Transactions (ICITST) (pp. 260-265). IEEE.
Lal, S., Taleb, T. and Dutta, A., 2017. NFV: Security threats and best practices. IEEE
Communications Magazine, 55(8), pp.211-217.
Liang, C.S., 2016. Europe for the Europeans: the foreign and security policy of the populist
radical right. In Europe for the Europeans (pp. 19-50). Routledge.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION SECURITY
Shropshire, J., Warkentin, M. and Sharma, S., 2015. Personality, attitudes, and intentions:
Predicting initial adoption of information security behavior. Computers & Security, 49,
pp.177-191.
Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V. and Imran, M., 2016. Security in software-
defined networking: Threats and countermeasures. Mobile Networks and Applications, 21(5),
pp.764-776.
Shropshire, J., Warkentin, M. and Sharma, S., 2015. Personality, attitudes, and intentions:
Predicting initial adoption of information security behavior. Computers & Security, 49,
pp.177-191.
Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V. and Imran, M., 2016. Security in software-
defined networking: Threats and countermeasures. Mobile Networks and Applications, 21(5),
pp.764-776.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.