Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IS Security and Risk Management

Verified

Added on 2022/11/26

AI Summary

The paper focuses on Information System security, risk threats and management of Telstra, the biggest telecommunication industry in Australia. It discusses network security devices, availability of web service, impact of employees on information security, risk management recommendations, and Windows Server 2016 auditing tool.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
IS SECURITY AND RISK MANAGEMENT
Table of Contents
Task 1.........................................................................................................................................2
Introduction................................................................................................................................2
Threat against network routers/ switches...................................................................................2
Network security devices...........................................................................................................4
Availability of the web service..................................................................................................5
Impact of employee on Information Security............................................................................6
Risk management recommendation to reduce the risk of employee..........................................8
Windows Server 2016 auditing tool...........................................................................................8
Task 2.......................................................................................................................................10
Summary..................................................................................................................................11
References................................................................................................................................12

2
IS SECURITY AND RISK MANAGEMENT
Task 1
Introduction
The notable determination of the paper is to focus on the Information System security,
risk threats and management of Telstra which is the biggest telecommunication industry in
Australia. The risk management strategy which is adopted by this organization will be
evaluated in this report. This paper will be also discussing the audit plans and the business
process along with the impact of the human factors on security and risk management. The
vulnerability of the network devices will be presented in the paper in an organized manner.
The paper will be looking forward to proposing two categories of network security devices
which will be very much helpful to mitigate the threats associated with web and email servers
(Chang, Liu and Lin 2015). The availability of the web service using windows server 2016
can also be understood from the paper. Risk management recommendations to reduce the
risks coming from employees working on this telecommunication organization will also be
discussed in the paper. Illustration of the auditing tools of the Windows server can be used to
deal with the threats coming from the web server and email server will be presented in the
concluding unit of the paper.
Threat against network routers/ switches
The two types of threats associated with the network routers which are used in the
business environment of Telstra Corporation are discussed as follows:
Eavesdropping: It can be defined as the type of security threat where social engineer
intercepts private communication. Sensitive and private data in the form of text, images, fax
transmission and video files which are accessed using the Information System are generally
compromised due to this security vulnerability of the routers. IP based calls are used by social

3
IS SECURITY AND RISK MANAGEMENT
engineers to conduct this security attack. Infections such as Trojan horse can play a huge role
in this network layer attack.
Telstra Corporation has more than 160 subsidiary organizations associated with them
(Bertino and Islam 2017). There are millions of third parties working for this organization all
over Asia and Australia. Thus, the networking devices which are used in this organization are
highly exposed to these security threats. This security attack can have an undesirable impact
on the progress of this telecommunication organization as the data which are circulated
among the subsidiary organizations as well as the third parties may fall in the hands of the
social engineers. This confidential information can be sold to the market competitors of
Telstra by the social engineers. Thus, it can be said that the loopholes of the routers used
Telstra can lead to security vulnerabilities like eavesdropping which can have a huge negative
impact on the business reputation of this telecommunication organization.
Masquerading: It can be defined as the type of security attack where the social
engineer uses fake identity to gain unauthorized access to all the information of a computer
system using legitimate access identification. This security vulnerability is mainly due to the
security flaws of the networking switches (Chang, Liu and Lin 2015). Stolen passwords and
login credentials are used by the social engineers during this security attacks. During this
security breach, all levels of authorization of network are compromised. Vulnerable
authentication can be a significant reason behind this threat
Both the internal as well as the external stakeholders of Telstra who access the
Information System have their unique employee identification number which is used to log in
the organization portal of Telstra. Any kinds of security breaches using the login credentials
can have a huge impact on the business growth of this organization. All the confidential data
which are sent from one region to another can be edited or deleted by the social engineers

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
IS SECURITY AND RISK MANAGEMENT
during this security attack. Telstra uses Microsoft Windows server in their working
environment, the IP Masquerade can be used by the social engineers to capitalize on the
loopholes of the networking switches. Thus, it can be determined that the use of the network
switch can have a huge negative impact on the net profitability of this global
telecommunication organization.
Network security devices
Telstra faces huge threat coming from the web and the email servers, these security
risks can be controlled and mitigated with different types of tools such as the Web
Application Firewalls and lateral movement detection tool. These tools can act as a network
security solution for Telstra against all the security vulnerabilities they face in a network.
Detailed descriptions of two network security devices are discussed below.
Web Application Firewalls (WAF): It is defined as the type of firewall which can
monitor the external stakeholders of Telstra. All the networking activities can be tracked and
loopholes can be identified using this network security device (Chen, Ramamurthy and Wen
2015). Different categories of the network vulnerabilities such as the DDoS attack, SQL
injection attack can be identified using WAF. This software-based application is increasingly
used in most of the business organizations as it helps them to secure their private network
from the security vulnerabilities.
The email servers and the cloud servers used by the Telstra Corporation can also be
monitored using the WAF. Changes and updates on the private network of Telstra can be
notified to the network administrators using the Web Application Firewalls (Connolly, Lang
and Tygar 2015). Thus, it can be said that the networking performance of Telstra can be
significantly enhanced using WAF.

5
IS SECURITY AND RISK MANAGEMENT
Lateral movement detection tool: It can be defined as the type of tool which can be
very much useful to monitor both the incoming as well as the outgoing traffic in global
organizations. All the malicious connections of the web servers and the email servers are
detected using this tool. Being one of the most important traffic monitoring tools it can be
said that machine learning algorithm which is the main backend functionality of the Lateral
movement detection tool. False alarms are the means of notifying the detection of security
vulnerability for this tool. It can be said that this tool can be very much important to detect
any sort of illegal jumping activities in the emails servers of business organizations.
Telstra has numerous routers connected with Information System which can be one of
the reasons behind all the security vulnerabilities faced by this organization, the lateral
movement detection tool can play a huge role in identifying the security vulnerabilities or
adversaries moving around the networking environment of Telstra (Dorri et al. 2017). Both
the external as well as the external stakeholders of this major telecommunication organization
can be significantly benefitted using the Lateral movement detection tool. The spreading of
the infections and security vulnerabilities can be restricted by the IT risk and security
management team of Telstra Corporation using the lateral movement detection tool.
Availability of the web service
Microsoft Windows Server 2016 which can be defined as a type of server operating system
is used in the working environment of Telstra. There are lots of in-built security measures Generic
Routing Encapsulation tunnels (GRE Tunnels) which are already incorporated in the business
environment of Telstra (Guan and Hsu 2018). It can also be said that this corporation has stringent
IT security policies which are maintained by each of the stakeholders of this telecommunication
organization. There are lots of Windows Server Containers which are there in Microsoft Windows
Server 2016. There are very negligible compatibility issues between the Microsoft Windows Server
2016 and other components such as the Web Service.

6
IS SECURITY AND RISK MANAGEMENT
Web service can be defined as the type of software which is very much helpful to encode
each of the communications so that the Confidentiality, Integrity and the Availability of the data are
maintained. Sending an XML message to the Microsoft Windows Server 2016 and authenticating it
with an XML response can be very much important to encode all the communications between each
of the stakeholders of this organization.
Windows Server Documentation can play a huge role to improve the availability of web
service. If the web server is always available to the right audience then the chances of the security
threats minimize. Monitoring web service availability is a must for every global commercial
organization. Issues such as downtime can be purposefully addressed using the Web Service
Availability. The networking security cost can be also minimized using Web Service Availability.
Server Administrators of Telstra can also improve the web service as they can add or manage
the Microsoft Windows Server 2016 using the manage option. The web server components can also
be secured using the Web Service Availability. Both the basic authentication as well as the Windows
authentication can be enhanced using the Web Service Availability. At the same time, it can also be
said that the Web Service Availability can play a significant role in the meta-base compatibility as
well as the management compatibility of the Microsoft Windows Server 2016.
Impact of employee on Information Security
There are different categories of network security risk faced by Telstra. Both the
employees of this organization as well as the social engineers can have an undesirable
negative impact on the productivity of this organization (Kirlappos, Parkin and Sasse 2015).
This section of the paper will be discussing the impact of an employee regarding the
information security of Telstra.
Data leaking from the employees can be one of the prime reasons behind the security
threats in Telstra. As a result of the data leakage all the confidential and sensitive information
can be used by the market rivals of Telstra such as Vodafone (McIlwraith 2016). The

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
IS SECURITY AND RISK MANAGEMENT
organization can face both financial difficulty and reputation loss due to the internal security
issues coming from the employees of this organization.
Human error can be responsible for different categories of security issues such as the
Ransomware. Malicious actions from the employee of this organization is the other
significant aspect of the internal security threat which might have a huge impact on the
business reputation of this tele-communication organization. Security issues such as hardware
threat can result in the delay of service for the consumers of this organization (O'hern et al.
2019). Accidental loss of hardware by the employees of Telstra can be the other reason of
concern for the management team of this global telecommunication organization.
Carelessness of the employees may also result in numerous issues in this organization
such as the mismanagement of the available resources; as a result the organization might lose
useful human resources as well.
Figure 1: Risk coming from employee in different industry
(Source: Shinde and Awasthi, McAfee 2015 )

8
IS SECURITY AND RISK MANAGEMENT
Risk management recommendation to reduce the risk of employee
The risk management recommendations from the risks coming from the employee of
Telstra are discussed below.
Identifying all the probable sources of risk coming from the employee as they uses
Information system should be identified by the risk mitigating team of this organization.
Based on the investigation risk mitigation strategy must be adopted by this organization to
deal with each of the identified the risk (Sivaraman, et al. 2015). The risk mitigation strategy
should not be having any negative impact on the on the productivity of this organization.
Each of the employees must be aware of the impact of the security issues for which
they are contributing. New employees as well as the experienced employees must be going
through on-board or soft skill development trainings to deal with the most common security
issues coming from the employees itself. The risk coming from the employees of this
organization can also be managed if the organizational leaders make them understand the
business value of the organizational assets which can be compromised due to the security
issues coming from the employees. Participation in the IT risk management loop can also
beneficial to contain the risks coming from the employees of this organization.
Windows Server 2016 auditing tool
The email server and the web server issues can be purposefully solved using auditing
tool such as the device logs which is supported by Windows Server 2016. All the networking
activities of Telstra can be purposefully monitored using the device logs. Protection to the IT
network can be given if this auditing tool is successfully incorporated in the global tele-
communication organization (Soomro, Shah and Ahmed 2016). All the past and the present
networking activities of each of the stakeholders of this telecommunication business can be
resolved using this auditing tool. The security lapses of the corporation can also be identified

9
IS SECURITY AND RISK MANAGEMENT
using the device log. The specifications provided by Device log auditing tool are discussed as
follows:
o Identity of each of the users with time and date when they access the private network
can be determined in the first place using this tool (Tang and Zhang, 2016).
o Terminal identity is the other contribution of this auditing tool.
o Networks and files accessed by each of the users can also be accessed using this
auditing tool (Yadav et al. 2015).
o Changes to the system configurations of the Information Systems by the social
engineers can be detected in the first place using this auditing tool as well.
o System utilities can also be identified in the first place using this auditing tool.
o Exceptions of the network can be notified to the network administrators using this
auditing tool as well.
o This auditing tool is very much compatible with protective systems such as the
Intrusion Detection System (Yu et al. 2015). The threats of spamming activities as
well as data leakage can also be identified using this auditing tool.
Thus, it can be concluded that Telstra can use device logs as it can help them to
analysing different security issues of the web server as well as the email server difficulties.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
IS SECURITY AND RISK MANAGEMENT
Task 2
Figure 1: Screenshot before encryption
Figure 2: After Encryption

11
IS SECURITY AND RISK MANAGEMENT
Summary
The paper helps in identifying that data is one of the most important organizational
assets of Telstra which can be under threats during to risks coming from both inside and
outside the working environment. Risk mitigation strategies should be readily considered by
the risk management team of this organization deal with the future security threats in this
organization. The report helps in identifying two different security threats which arises due to
the security loop holes in the networking devices such as routers and switches. The tool
which can play a leading role to neutralize the threat coming from web and email servers
such as the lateral movement detection tool and Web Application Firewall can also be
determined from the paper. The techniques to improve the availability of the service as also
learned from the paper. Impact of the employee on the Information security of Telstra can
also be summarised from the paper. The importance of auditing tools such as the Device logs
can also be concluded from this paper. Thus the paper was useful to understand Information
System security, risks and threats from different perspectives.

12
IS SECURITY AND RISK MANAGEMENT
References
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Falkner, E.M. and Hiebl, M.R., 2015. Risk management in SMEs: a systematic review of
available evidence. The Journal of Risk Finance, 16(2), pp.122-144.
Baum, M., Dawes, P.J., Kinney, M., Raji, R., Swenson, D. and Wood, A., iControl Networks
Inc, 2017. Security network integrating security system and network devices. U.S. Patent
Application 15/588,206.
Bertino, E. and Islam, N., 2017. Botnets and internet of things security. Computer, (2), pp.76-
79.
Chang, S.E., Liu, A.Y. and Lin, S., 2015. Exploring privacy and trust for employee
monitoring. Industrial Management & Data Systems, 115(1), pp.88-106.
Chen, Y.A.N., Ramamurthy, K.R.A.M. and Wen, K.W., 2015. Impacts of comprehensive
information security programs on information security culture. Journal of Computer
Information Systems, 55(3), pp.11-19.
Connolly, L., Lang, M. and Tygar, J.D., 2015, May. Investigation of employee security
behaviour: A grounded theory approach. In IFIP International Information Security and
Privacy Conference (pp. 283-296). Springer, Cham.
Dorri, A., Kanhere, S.S., Jurdak, R. and Gauravaram, P., 2017, March. Blockchain for IoT
security and privacy: The case study of a smart home. In 2017 IEEE international conference
on pervasive computing and communications workshops (PerCom workshops) (pp. 618-623).
IEEE.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
IS SECURITY AND RISK MANAGEMENT
Guan, B. and Hsu, C., 2018. The Role of Abusive Supervision and Interactional Justice in
Employee Information Security Policy Noncompliance Intention.
Kirlappos, I., Parkin, S. and Sasse, M.A., 2015. Shadow security as a tool for the learning
organization. ACM SIGCAS Computers and Society, 45(1), pp.29-37.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
O'hern, W.A., Amoroso, E.G., Barry, M., Ramos, A., Solero, D., Sparrell, D.K. and Dilts, R.,
AT&T Intellectual Property I LP, 2019. Decoupling Hardware and Software Components of
Network Security Devices to Provide Security Software as a Service in a Distributed
Computing Environment. U.S. Patent Application 16/147,934.
Shinde, R. and Awasthi, H.M., McAfee LLC, 2015. Method and system for enhanced
wireless network security. U.S. Patent 9,148,422.
Sivaraman, V., Gharakheili, H.H., Vishwanath, A., Boreli, R. and Mehani, O., 2015, October.
Network-level security and privacy control for smart-home IoT devices. In 2015 IEEE 11th
International conference on wireless and mobile computing, networking and communications
(WiMob) (pp. 163-167). IEEE.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Tang, M. and Zhang, T., 2016. The impacts of organizational culture on information security
culture: a case study. Information Technology and Management, 17(2), pp.179-186.

14
IS SECURITY AND RISK MANAGEMENT
Yadav, N., Mahamuni, A., Ozakil, A., Akyol, B.A., Feng, P., Enderwick, T.J., Joseph, A.,
Kumar, S. and Valliappan, S., Cisco Technology Inc, 2015. Integration of network admission
control functions in network access devices. U.S. Patent 9,071,611.
Yu, T., Sekar, V., Seshan, S., Agarwal, Y. and Xu, C., 2015, November. Handling a trillion
(unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things.
In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 5). ACM.

1 out of 15

+13062052269

info@desklib.com

IS Security and Risk Management

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Analysis of IS Security and Risk Management in Telstra

IS Security and Risk Management: Telstra Corporation Ltd

Security and Risk Management

IS security and Risk Management

IT Security and Risk Management

Security and Risk Management in Banking Industry