Information System Security: Threats and Solutions for Google Company
Added on 2023-06-07
19 Pages4845 Words128 Views
Running Head: INFORMATION SYSTEM SECURITY 1
INFORMATION SYSTEM SECURITY
Student Name
Institution Affiliation
Facilitator
Course
Date
INFORMATION SYSTEM SECURITY
Student Name
Institution Affiliation
Facilitator
Course
Date
INFORMATION SYSTEM SECURITY 2
Table of Contents
1.0 Introduction................................................................................................................................4
2.0 The Working Mechanism of Ransomware (Google Company case)........................................4
2.1 Three Tools used to Tackle Ransomware Attack in Google Company.................................5
2.1.1 Kaspersky Anti-Ransomware Tool.................................................................................5
2.1.2 AVG’s Ransomware Decryption Tools..........................................................................5
2.1.3Trend Micro......................................................................................................................6
3.1 Denial-of-Service (DoS/DDoS) Attacks................................................................................6
3.2 Social Engineering.................................................................................................................7
3.3 Malwares................................................................................................................................7
4.0 Ensuring Availability and Reliability of Google Company Web Services...............................8
4.1 Protection of its server memory space...................................................................................8
4.2 Automated Deployment Services (ADS)...............................................................................9
4.3 Windows Management Instrumentation (WMI.....................................................................9
4.4 Troubleshooting features........................................................................................................9
5.0 Ensuring Confidentiality and Integrity for Google Company Staff Emails..............................9
6.0 Webserver Security Threats in Google Company...................................................................10
6.1 Denial-of-Service (DoS/DDoS) Attacks..............................................................................10
6.2 Web application attacks.......................................................................................................11
6.3 DNS infrastructure...............................................................................................................11
Table of Contents
1.0 Introduction................................................................................................................................4
2.0 The Working Mechanism of Ransomware (Google Company case)........................................4
2.1 Three Tools used to Tackle Ransomware Attack in Google Company.................................5
2.1.1 Kaspersky Anti-Ransomware Tool.................................................................................5
2.1.2 AVG’s Ransomware Decryption Tools..........................................................................5
2.1.3Trend Micro......................................................................................................................6
3.1 Denial-of-Service (DoS/DDoS) Attacks................................................................................6
3.2 Social Engineering.................................................................................................................7
3.3 Malwares................................................................................................................................7
4.0 Ensuring Availability and Reliability of Google Company Web Services...............................8
4.1 Protection of its server memory space...................................................................................8
4.2 Automated Deployment Services (ADS)...............................................................................9
4.3 Windows Management Instrumentation (WMI.....................................................................9
4.4 Troubleshooting features........................................................................................................9
5.0 Ensuring Confidentiality and Integrity for Google Company Staff Emails..............................9
6.0 Webserver Security Threats in Google Company...................................................................10
6.1 Denial-of-Service (DoS/DDoS) Attacks..............................................................................10
6.2 Web application attacks.......................................................................................................11
6.3 DNS infrastructure...............................................................................................................11
INFORMATION SYSTEM SECURITY 3
6.4 SSL-induced blind spots......................................................................................................12
7.0 Improving the Availability of Email Server in Google Company...........................................12
7.1 Scaling the Email Server at its Construction Phase.............................................................12
7.2 Implementing Risk Mitigation.............................................................................................13
8.0 Impacts of Employees on Google Company Information Security.........................................13
8.1 Risk Management to Reduce Employee Risks on Google Company Information Security14
8.1.1 Educating the employees...............................................................................................14
8.1.2 Making Cyber Security a Responsibility of Everyone in the Organization..................14
8.1.3 Teaching Effective Password Management to Employees...........................................14
9.0 Data Logs in Monitoring and Analyzing Google Company Servers.......................................15
10.0 Network Devices to Control Security Threats in Google Company.....................................15
10.1 Intrusion Detection and Prevention Tools.........................................................................15
10.2 Anti-malwares....................................................................................................................16
10.3 Mobile device management tools......................................................................................16
10.4 Network access control tools.............................................................................................16
10.5 Next-generation firewalls...................................................................................................16
11.0 Conclusion.............................................................................................................................16
6.4 SSL-induced blind spots......................................................................................................12
7.0 Improving the Availability of Email Server in Google Company...........................................12
7.1 Scaling the Email Server at its Construction Phase.............................................................12
7.2 Implementing Risk Mitigation.............................................................................................13
8.0 Impacts of Employees on Google Company Information Security.........................................13
8.1 Risk Management to Reduce Employee Risks on Google Company Information Security14
8.1.1 Educating the employees...............................................................................................14
8.1.2 Making Cyber Security a Responsibility of Everyone in the Organization..................14
8.1.3 Teaching Effective Password Management to Employees...........................................14
9.0 Data Logs in Monitoring and Analyzing Google Company Servers.......................................15
10.0 Network Devices to Control Security Threats in Google Company.....................................15
10.1 Intrusion Detection and Prevention Tools.........................................................................15
10.2 Anti-malwares....................................................................................................................16
10.3 Mobile device management tools......................................................................................16
10.4 Network access control tools.............................................................................................16
10.5 Next-generation firewalls...................................................................................................16
11.0 Conclusion.............................................................................................................................16
INFORMATION SYSTEM SECURITY 4
1.0 Introduction
With the current trends in technology, organizations have found themselves in the
receiving ends of the risks which have emerged as a result of these trends. These risks are
specifically due to many threats and risks associated with information systems. As a matter
of fact, cases of security breaches have been increasing year in year out. This is an indication
that any organization is at risk of information security breach in this era. It is therefore
importance for all the organizations to be aware of some of the potential risks to their
information security and ways to mitigate such threats or reduce their impacts if they happen
to hit the organization. In this paper, activities related to security audits, BCP planning,
Controls, risk analysis and control, and appropriate tools as well as techniques of containing
organization information tools have been discussed with Google Company as the case study.
Among the above list, ransomware, a common network information system malware
is the first in line to be discussed.
2.0 The Working Mechanism of Ransomware (Google Company case)
In its basic definition, Ransomware has been defined as malicious software threatens a
computer operation once inside the computer by preventing the access to personal data in the
computer. Under such situations, the attacker can freely demand for a ransom from the person who
has been affected in order to bring things back to normal and which is not always truthful (Andrei,
CEBERE & ACHIM, 2018). Based on the chosen organization, Google Company, Ransomware can
gain access to a personal computer in various ways and the common one is through Phishing spam, an
attachment that can appear to the victim as an email and masquerading as a trustworthy file. They
trick the owner to download them but once downloaded and opened, they then take over full control
1.0 Introduction
With the current trends in technology, organizations have found themselves in the
receiving ends of the risks which have emerged as a result of these trends. These risks are
specifically due to many threats and risks associated with information systems. As a matter
of fact, cases of security breaches have been increasing year in year out. This is an indication
that any organization is at risk of information security breach in this era. It is therefore
importance for all the organizations to be aware of some of the potential risks to their
information security and ways to mitigate such threats or reduce their impacts if they happen
to hit the organization. In this paper, activities related to security audits, BCP planning,
Controls, risk analysis and control, and appropriate tools as well as techniques of containing
organization information tools have been discussed with Google Company as the case study.
Among the above list, ransomware, a common network information system malware
is the first in line to be discussed.
2.0 The Working Mechanism of Ransomware (Google Company case)
In its basic definition, Ransomware has been defined as malicious software threatens a
computer operation once inside the computer by preventing the access to personal data in the
computer. Under such situations, the attacker can freely demand for a ransom from the person who
has been affected in order to bring things back to normal and which is not always truthful (Andrei,
CEBERE & ACHIM, 2018). Based on the chosen organization, Google Company, Ransomware can
gain access to a personal computer in various ways and the common one is through Phishing spam, an
attachment that can appear to the victim as an email and masquerading as a trustworthy file. They
trick the owner to download them but once downloaded and opened, they then take over full control
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security threats Assignment PDFlg...
|17
|5254
|133
Ransomware & Malwarelg...
|5
|581
|276
Extortion Hack: Types, Effects and Prevention Methodslg...
|9
|1842
|92
Methods to Address Cybersecurity Issues in JL Organizationlg...
|13
|2416
|109
University Semester.lg...
|9
|2072
|54
Information Systems Security: IT Security Fundamentals, Vulnerabilities, and IBM Security Architecturelg...
|5
|747
|57