Ask a question from expert

Ask now

IS Security and Risk Management Assignment PDF

10 Pages3410 Words84 Views
   

Added on  2021-05-31

IS Security and Risk Management Assignment PDF

   Added on 2021-05-31

BookmarkShareRelated Documents
IS SECURITY AND RISK MANAGEMENT 1IS Security and Risk ManagementName Date
IS Security and Risk Management Assignment PDF_1
IS SECURITY AND RISK MANAGEMENT 2IntroductionWith the rising use of information systems for its immense benefits to businesses and other organizations, security issues have become of a greater concern. This is because there are malicious users always seeking to exploit vulnerabilities in information systems for a variety of reasons. This paper discusses various aspects and concepts with regard to information security for an organization, David Jones (David Jones Pty Ltd), an Australian upmarket departmental store based in Sydney, Australia that has been a cyber attack victim (McCauley, 2015). Q1 Common malwares and Threats Against David JonesFor an organization like David Jones, the common malware that affects its operations range from the usual viruses to highly sophisticated worms and Trojans purposely built and targeted at theorganization. The malware include viruses, worms, Trojans, and Ransomware. Other forms of threats include Denial and Distributed Denial of Service Attacks, human (and machine) error, Phishing, hacking, internal deliberate breaches and information misuse such as data and informationtheft, social media, and Spam (Stamp, 2013). Computer viruses are malicious software that upon execution, replicates within an information system, modifying computer programs with its own code. Worms are standalone malicious software that also replicate themselves in an IS and spread to infect computers within this system (Nadkarni, 2016). Trojans are malicious software that look perfectly normal and so mislead users and even security systems and wreak havoc. Ransomware is aform of malicious software that gains entry into an IS and hijacks files such that they are not accessible or usable until a ransom is paid. Denial of service refers to a cyber attack where an attacker renders information system resources of the victim unavailable or tool slow by flooding their network with data and data requests, overwhelming their networks. Human (and machine) error pertains to unintended actions or inaction that leave IS exposed or vulnerable to attacks, such as failing to log out from a remote access, unintentionally opening and installing files with viruses (Soomro, Shah, & Ahmed, 2016). Phishing is also a risk to David Jones; a malicious user seeks to gain access to restricted informationby posing as a legitimate and trustworthy entity. Internal breaches is one of the most significant threats the firm faces; a disgruntled employee or one that lacks integrity can deliberately steal and sell of data or leave loopholes for external attackers to exploit, for financial gain (or sometimes just out of malice). Spam is when undesired mails are sent to a system , usually also carrying malicious software. For social media, users gain information about a company and use it maliciouslyQ 2 Network devices and their vulnerabilitiesThe three David Jones network devices susceptible to attacks and abuse include the Wi-Fi networks (wireless access points), routers, and network switches. Wireless access points and Wi-Fi
IS Security and Risk Management Assignment PDF_2
IS SECURITY AND RISK MANAGEMENT 3networks are part of th David Jones networks, where, for instance, customers can access while usingtheir services in store for the period they are at the outlet (Hern, 2017). Wireless access points use a common security standard WPA or WPA 2; however, the WPA 2, despite itself being a security feature that encrypts information, is vulnerable to attacks through key Re-installation attack (Krack)against the WPA 2 protocol’s four way handshake; a procedure executed when a client needs to join a Wi-Fi network and is used for confirming that both the access point and the client have the correctcredentials. As this happens, a four way handshake is initiated to generate a security key that will encrypt all traffic through the connection (Vanhoef, 2017) . An attacker then tricks a user into reinstalling a key already in use by replaying cryptographic handshake messages that have been hijacked; when the user attempts to reinstall the key, the attacker resets associated parameters such as the transmit and receive packet numbers, gaining access to the network and can then perform a variety of malicious actions. Routers are vulnerable to attacks because they are used for forwarding data packets between networks of computers by directing traffic. By receiving and forwarding data packets, routers can be exploited through their firmware, lack of a strong password management system for the routers, or by the authentication system being bypassed (this is a common router bug). This means that a hacker can send seemingly genuine data packets into a network through th router and then gain access to David Jones network resources, including fiber connection routers. The result is that hackers can gain access to sensitive information, or hijack data in transit through the routers such asaccessing its user databases of staling credit card and other personal information. The main problemwith routers with regards to cyber security is firmware and security measures taken, such as encrypting the router passwords and changing them regularly (Butenko, Pasiliao, & Shylo, 2014). Switches are a vulnerable attack point for David Jones because there are many access channels in switches: switches are designed using protocols such as telnet or SNMP only for inheritance and convenient management purposes. These access channels do not have any security features but remain as they are; they are not replaced by more secure protocols such as SSH and SNMP v3 based access channels. These channels can be exploited maliciously, for instance, to disclose information. The switches have inherent limitations in processing capabilities for control and management planes as these run on the CPU meaning switches have limited processing capabilities and because channels between network elements and terminals have a wide bandwidth, these exposes them to denial of service attacks. IP networks are also relatively open; these further pose problems and vulnerabilities for switches to be hacked and breached. The complexity of IP networks poses a management challenge, especially with regard to security policies: this means the switches remain a security vulnerability (Butenko, Pasiliao, & Shylo, 2014).
IS Security and Risk Management Assignment PDF_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Malware Analysis Assignment PDF
|29
|6377
|378

(PDF) Study of Botnets and their threats to Internet Security
|8
|1126
|478

Networking: Malicious Attacks, Social Engineering, Information Security Risks, Network Auditing, and Risk Assessment Management
|10
|3587
|73

Report on Recent and Current Trends in Malware
|13
|2836
|266

Network Security and Types of Security Threats and Attacks in Information Technology
|8
|2577
|274

Assignment on Risks and Risk Management
|11
|781
|13