IS Security and Risk Management Assignment PDF

Added on - 31 May 2021

  • 10


  • 3410


  • 10


  • 0


Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 3 of 10 pages
IS SECURITY AND RISK MANAGEMENT1IS Security and Risk ManagementNameDate
IS SECURITY AND RISK MANAGEMENT2IntroductionWith the rising use of information systems for its immense benefits to businesses and otherorganizations, security issues have become of a greater concern. This is because there are malicioususers always seeking to exploit vulnerabilities in information systems for a variety of reasons. Thispaper discusses various aspects and concepts with regard to information security for anorganization, David Jones (David Jones Pty Ltd), an Australian upmarket departmental store basedin Sydney, Australia that has been a cyber attack victim(McCauley, 2015).Q1 Common malwares and Threats Against David JonesFor an organization like David Jones, the common malware that affects its operations rangefrom the usual viruses to highly sophisticated worms and Trojans purposely built and targeted at theorganization. The malware include viruses, worms, Trojans, and Ransomware. Other forms ofthreats include Denial and Distributed Denial of Service Attacks, human (and machine) error,Phishing, hacking, internal deliberate breaches and information misuse such as data and informationtheft, social media, and Spam(Stamp, 2013). Computer viruses are malicious software that uponexecution, replicates within an information system, modifying computer programs with its owncode. Worms are standalone malicious software that also replicate themselves in an IS and spreadto infect computers within this system(Nadkarni, 2016). Trojans are malicious software that lookperfectly normal and so mislead users and even security systems and wreak havoc. Ransomware is aform of malicious software that gains entry into an IS and hijacks files such that they are notaccessible or usable until a ransom is paid.Denial of service refers to a cyber attack where an attacker renders information systemresources of the victim unavailable or tool slow by flooding their network with data and datarequests, overwhelming their networks. Human (and machine) error pertains to unintended actionsor inaction that leave IS exposed or vulnerable to attacks, such as failing to log out from a remoteaccess, unintentionally opening and installing files with viruses(Soomro, Shah, & Ahmed, 2016).Phishing is also a risk to David Jones; a malicious user seeks to gain access to restricted informationby posing as a legitimate and trustworthy entity. Internal breaches is one of the most significantthreats the firm faces; a disgruntled employee or one that lacks integrity can deliberately steal andsell of data or leave loopholes for external attackers to exploit, for financial gain (or sometimes justout of malice). Spam is when undesired mails are sent to a system , usually also carrying malicioussoftware. For social media, users gain information about a company and use it maliciouslyQ 2 Network devices and their vulnerabilitiesThe three David Jones network devices susceptible to attacks and abuse include the Wi-Finetworks (wireless access points), routers, and network switches. Wireless access points and Wi-Fi
IS SECURITY AND RISK MANAGEMENT3networks are part of th David Jones networks, where, for instance, customers can access while usingtheir services in store for the period they are at the outlet(Hern, 2017). Wireless access points use acommon security standard WPA or WPA 2; however, the WPA 2, despite itself being a securityfeature that encrypts information, is vulnerable to attacks through key Re-installation attack (Krack)against the WPA 2 protocol’s four way handshake; a procedure executed when a client needs to joina Wi-Fi network and is used for confirming that both the access point and the client have the correctcredentials. As this happens, a four way handshake is initiated to generate a security key that willencrypt all traffic through the connection(Vanhoef, 2017). An attacker then tricks a user intoreinstalling a key already in use by replaying cryptographic handshake messages that have beenhijacked; when the user attempts to reinstall the key, the attacker resets associated parameters suchas the transmit and receive packet numbers, gaining access to the network and can then perform avariety of malicious actions.Routers are vulnerable to attacks because they are used for forwarding data packets betweennetworks of computers by directing traffic. By receiving and forwarding data packets, routers canbe exploited through their firmware, lack of a strong password management system for the routers,or by the authentication system being bypassed (this is a common router bug). This means that ahacker can send seemingly genuine data packets into a network through th router and then gainaccess to David Jones network resources, including fiber connection routers. The result is thathackers can gain access to sensitive information, or hijack data in transit through the routers such asaccessing its user databases of staling credit card and other personal information. The main problemwith routers with regards to cyber security is firmware and security measures taken, such asencrypting the router passwords and changing them regularly (Butenko, Pasiliao, & Shylo, 2014).Switches are a vulnerable attack point for David Jones because there are many access channels inswitches: switches are designed using protocols such as telnet or SNMP only for inheritance andconvenient management purposes. These access channels do not have any security features butremain as they are; they are not replaced by more secure protocols such as SSH and SNMP v3based access channels. These channels can be exploited maliciously, for instance, to discloseinformation. The switches have inherent limitations in processing capabilities for control andmanagement planes as these run on the CPU meaning switches have limited processing capabilitiesand because channels between network elements and terminals have a wide bandwidth, theseexposes them to denial of service attacks. IP networks are also relatively open; these further poseproblems and vulnerabilities for switches to be hacked and breached. The complexity of IPnetworks poses a management challenge, especially with regard to security policies: this means theswitches remain a security vulnerability (Butenko, Pasiliao, & Shylo, 2014).
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document