The paper focuses on Information System security, risk threats and management of Telstra, the biggest telecommunication industry in Australia. It discusses network security devices, availability of web service, impact of employees on information security, risk management recommendations, and Windows Server 2016 auditing tool.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head:IS SECURITY AND RISK MANAGEMENT IS Security and Risk Management Name of the Student Name of the University Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 IS SECURITY AND RISK MANAGEMENT Table of Contents Task 1.........................................................................................................................................2 Introduction................................................................................................................................2 Threat against network routers/ switches...................................................................................2 Network security devices...........................................................................................................4 Availability of the web service..................................................................................................5 Impact of employee on Information Security............................................................................6 Risk management recommendation to reduce the risk of employee..........................................8 Windows Server 2016 auditing tool...........................................................................................8 Task 2.......................................................................................................................................10 Summary..................................................................................................................................11 References................................................................................................................................12
2 IS SECURITY AND RISK MANAGEMENT Task 1 Introduction The notable determination of the paper is to focus on the Information System security, risk threats and management of Telstra which is the biggest telecommunication industry in Australia. The risk management strategy which is adopted by this organization will be evaluated in this report. This paper will be also discussing the audit plans and the business process along with the impact of the human factors on security and risk management. The vulnerability of the network devices will be presented in the paper in an organized manner. The paper will be looking forward to proposing two categories of network security devices which will be very much helpful to mitigate the threats associated with web and email servers (Chang, Liu and Lin 2015). The availability of the web service using windows server 2016 can also be understood from the paper. Risk management recommendations to reduce the risks coming from employees working on this telecommunication organization will also be discussed in the paper. Illustration of the auditing tools of the Windows server can be used to deal with the threats coming from the web server and email server will be presented in the concluding unit of the paper. Threat against network routers/ switches The two types of threats associated with the network routers which are used in the business environment of Telstra Corporation are discussed as follows: Eavesdropping:It can be defined as the type of security threat where social engineer intercepts private communication. Sensitive and private data in the form of text, images, fax transmission and video files which are accessed using the Information System are generally compromised due to this security vulnerability of the routers. IP based calls are used by social
3 IS SECURITY AND RISK MANAGEMENT engineers to conduct this security attack. Infections such as Trojan horse can play a huge role in this network layer attack. TelstraCorporationhasmore than160 subsidiaryorganizationsassociatedwith them (Bertino and Islam 2017). There are millions of third parties working for this organization all over Asia and Australia. Thus, the networking devices which are used in this organization are highly exposed to these security threats. This security attack can have an undesirable impact on the progress of this telecommunication organization as the data which are circulated among the subsidiary organizations as well as the third parties may fall in the hands of the social engineers. This confidential information can be sold to the market competitors of Telstra by the social engineers. Thus, it can be said that the loopholes of the routers used Telstra can lead to security vulnerabilities like eavesdropping which can have a huge negative impact on the business reputation of this telecommunication organization. Masquerading:It can be defined as the type of security attack where the social engineer uses fake identity to gain unauthorized access to all the information of a computer system using legitimate access identification. This security vulnerability is mainly due to the security flaws of the networking switches (Chang, Liu and Lin 2015). Stolen passwords and login credentials are used by the social engineers during this security attacks. During this securitybreach,alllevelsofauthorizationofnetworkarecompromised.Vulnerable authentication can be a significant reason behind this threat Both the internal as well as the external stakeholders of Telstra who access the Information System have their unique employee identification number which is used to log in the organization portal of Telstra. Any kinds of security breaches using the login credentials can have a huge impact on the business growth of this organization. All the confidential data which are sent from one region to another can be edited or deleted by the social engineers
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 IS SECURITY AND RISK MANAGEMENT duringthissecurityattack.TelstrausesMicrosoftWindowsserverintheirworking environment, the IP Masquerade can be used by the social engineers to capitalize on the loopholes of the networking switches. Thus, it can be determined that the use of the network switchcanhaveahugenegativeimpactonthenetprofitabilityofthisglobal telecommunication organization. Network security devices Telstra faces huge threat coming from the web and the email servers, these security risks can be controlled and mitigated with different types of tools such as the Web Application Firewalls and lateral movement detection tool. These tools can act as a network security solution for Telstra against all the security vulnerabilities they face in a network. Detailed descriptions of two network security devices are discussed below. Web Application Firewalls (WAF): It is defined as the type of firewall which can monitor the external stakeholders of Telstra. All the networking activities can be tracked and loopholes can be identified using this network security device (Chen, Ramamurthy and Wen 2015). Different categories of the network vulnerabilities such as the DDoS attack, SQL injection attack can be identified using WAF. This software-based application is increasingly used in most of the business organizations as it helps them to secure their private network from the security vulnerabilities. The email servers and the cloud servers used by the Telstra Corporation can also be monitored using the WAF. Changes and updates on the private network of Telstra can be notified to the network administrators using the Web Application Firewalls (Connolly, Lang and Tygar 2015). Thus, it can be said that the networking performance of Telstra can be significantly enhanced using WAF.
5 IS SECURITY AND RISK MANAGEMENT Lateral movement detection tool:It can be defined as the type of tool which can be very much useful to monitor both the incoming as well as the outgoing traffic in global organizations. All the malicious connections of the web servers and the email servers are detected using this tool. Being one of the most important traffic monitoring tools it can be said that machine learning algorithm which is the main backend functionality of the Lateral movement detection tool. False alarms are the means of notifying the detection of security vulnerability for this tool. It can be said that this tool can be very much important to detect any sort of illegal jumping activities in the emails servers of business organizations. Telstra has numerous routers connected with Information System which can be one of the reasons behind all the security vulnerabilities faced by this organization, the lateral movement detection tool can play a huge role in identifying the security vulnerabilities or adversaries moving around the networking environment of Telstra (Dorriet al. 2017). Both the external as well as the external stakeholders of this major telecommunication organization can be significantly benefitted using the Lateral movement detection tool. The spreading of the infections and security vulnerabilities can be restricted by the IT risk and security management team of Telstra Corporation using the lateral movement detection tool. Availability of the web service Microsoft Windows Server 2016which can be defined as a type of server operating system is used in the working environment of Telstra. There are lots of in-built security measures Generic Routing Encapsulation tunnels (GRE Tunnels) which are already incorporated in the business environment of Telstra (Guan and Hsu 2018). It can also be said that this corporation has stringent IT security policies which are maintained by each of the stakeholders of this telecommunication organization. There are lots of Windows Server Containers which are there in Microsoft Windows Server 2016.There are very negligible compatibility issues between the Microsoft Windows Server 2016 and other components such as the Web Service.
6 IS SECURITY AND RISK MANAGEMENT Web servicecan be defined as the type of software which is very much helpful to encode each of the communications so that the Confidentiality, Integrity and the Availability of the data are maintained. Sending an XML message to the Microsoft Windows Server 2016 and authenticating it with an XML response can be very much important to encode all the communications between each of the stakeholders of this organization. Windows Server Documentation can play a huge role to improve the availability of web service. If the web server is always available to the right audience then the chances of the security threats minimize. Monitoring web service availability is a must for every global commercial organization. Issues such as downtime can be purposefully addressed using the Web Service Availability. The networking security cost can be also minimized using Web Service Availability. Server Administrators of Telstra can also improve the web service as they can add or manage the Microsoft Windows Server 2016 using the manage option. The web server components can also be secured using the Web Service Availability. Both the basic authentication as well as the Windows authentication can be enhanced using the Web Service Availability. At the same time, it can also be said that the Web Service Availability can play a significant role in the meta-base compatibility as well as the management compatibility of the Microsoft Windows Server 2016. Impact of employee on Information Security There are different categories of network security risk faced by Telstra. Both the employees of this organization as well as the social engineers can have an undesirable negative impact on the productivity of this organization (Kirlappos, Parkin and Sasse 2015). This section of the paper will be discussing the impact of an employee regarding the information security of Telstra. Data leaking from the employees can be one of the prime reasons behind the security threats in Telstra. As a result of the data leakage all the confidential and sensitive information can be used by the market rivals of Telstra such as Vodafone (McIlwraith 2016). The
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 IS SECURITY AND RISK MANAGEMENT organization can face both financial difficulty and reputation loss due to the internal security issues coming from the employees of this organization. Human error can be responsible for different categories of security issues such as the Ransomware.Maliciousactionsfromtheemployeeofthisorganizationistheother significant aspect of the internal security threat which might have a huge impact on the business reputation of this tele-communication organization. Security issues such as hardware threat can result in the delay of service for the consumers of this organization (O'hernet al. 2019). Accidental loss of hardware by the employees of Telstra can be the other reason of concern for the management team of this global telecommunication organization. Carelessness of the employees may also result in numerous issues in this organization such as the mismanagement of the available resources; as a result the organization might lose useful human resources as well. Figure 1: Risk coming from employee in different industry (Source:Shinde and Awasthi, McAfee 2015)
8 IS SECURITY AND RISK MANAGEMENT Risk management recommendation to reduce the risk of employee The risk management recommendations from the risks coming from the employee of Telstra are discussed below. Identifying all the probable sources of risk coming from the employee as they uses Information system should be identified by the risk mitigating team of this organization. Based on the investigation risk mitigation strategy must be adopted by this organization to deal with each of the identified the risk (Sivaraman,et al.2015). The risk mitigation strategy should not be having any negative impact on the on the productivity of this organization. Each of the employees must be aware of the impact of the security issues for which they are contributing. New employees as well as the experienced employees must be going through on-board or soft skill development trainings to deal with the most common security issues coming from the employees itself. The risk coming from the employees of this organization can also be managed if the organizational leaders make them understand the business value of the organizational assets which can be compromised due to the security issues coming from the employees. Participation in the IT risk management loop can also beneficial to contain the risks coming from the employees of this organization. Windows Server 2016 auditing tool The email server and the web server issues can be purposefully solved using auditing tool such as the device logs which is supported by Windows Server 2016. All the networking activities of Telstra can be purposefully monitored using the device logs. Protection to the IT network can be given if this auditing tool is successfully incorporated in the global tele- communication organization (Soomro, Shah and Ahmed 2016). All the past and the present networking activities of each of the stakeholders of this telecommunication business can be resolved using this auditing tool. The security lapses of the corporation can also be identified
9 IS SECURITY AND RISK MANAGEMENT using the device log. The specifications provided by Device log auditing tool are discussed as follows: oIdentity of each of the users with time and date when they access the private network can be determined in the first place using this tool (Tang and Zhang, 2016). oTerminal identity is the other contribution of this auditing tool. oNetworks and files accessed by each of the users can also be accessed using this auditing tool (Yadavet al. 2015). oChanges to the system configurations of the Information Systems by the social engineers can be detected in the first place using this auditing tool as well. oSystem utilities can also be identified in the first place using this auditing tool. oExceptions of the network can be notified to the network administrators using this auditing tool as well. oThis auditing tool is very much compatible with protective systems such as the Intrusion Detection System (Yuet al.2015). The threats of spamming activities as well as data leakage can also be identified using this auditing tool. Thus, it can be concluded that Telstra can use device logs as it can help them to analysing different security issues of the web server as well as the email server difficulties.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10 IS SECURITY AND RISK MANAGEMENT Task 2 Figure 1: Screenshot before encryption Figure 2: After Encryption
11 IS SECURITY AND RISK MANAGEMENT Summary The paper helps in identifying that data is one of the most important organizational assets of Telstra which can be under threats during to risks coming from both inside and outside the working environment. Risk mitigation strategies should be readily considered by the risk management team of this organization deal with the future security threats in this organization. The report helps in identifying two different security threats which arises due to the security loop holes in the networking devices such as routers and switches. The tool which can play a leading role to neutralize the threat coming from web and email servers such as the lateral movement detection tool and Web Application Firewall can also be determined from the paper. The techniques to improve the availability of the service as also learned from the paper. Impact of the employee on the Information security of Telstra can also be summarised from the paper. The importance of auditing tools such as the Device logs can also be concluded from this paper. Thus the paper was useful to understand Information System security, risks and threats from different perspectives.
12 IS SECURITY AND RISK MANAGEMENT References McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge. Falkner, E.M. and Hiebl, M.R., 2015. Risk management in SMEs: a systematic review of available evidence. The Journal of Risk Finance, 16(2), pp.122-144. Baum, M., Dawes, P.J., Kinney, M., Raji, R., Swenson, D. and Wood, A., iControl Networks Inc, 2017.Security network integrating security system and network devices. U.S. Patent Application 15/588,206. Bertino, E. and Islam, N., 2017. Botnets and internet of things security.Computer, (2), pp.76- 79. Chang, S.E., Liu, A.Y. and Lin, S., 2015. Exploring privacy and trust for employee monitoring.Industrial Management & Data Systems,115(1), pp.88-106. Chen, Y.A.N., Ramamurthy, K.R.A.M. and Wen, K.W., 2015. Impacts of comprehensive informationsecurityprogramsoninformationsecurityculture.JournalofComputer Information Systems,55(3), pp.11-19. Connolly, L., Lang, M. and Tygar, J.D., 2015, May. Investigation of employee security behaviour: A grounded theory approach. InIFIP International Information Security and Privacy Conference(pp. 283-296). Springer, Cham. Dorri, A., Kanhere, S.S., Jurdak, R. and Gauravaram, P., 2017, March. Blockchain for IoT security and privacy: The case study of a smart home. In2017 IEEE international conference on pervasive computing and communications workshops (PerCom workshops)(pp. 618-623). IEEE.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13 IS SECURITY AND RISK MANAGEMENT Guan, B. and Hsu, C., 2018. The Role of Abusive Supervision and Interactional Justice in Employee Information Security Policy Noncompliance Intention. Kirlappos, I., Parkin, S. and Sasse, M.A., 2015. Shadow security as a tool for the learning organization.ACM SIGCAS Computers and Society,45(1), pp.29-37. McIlwraith, A., 2016.Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge. O'hern, W.A., Amoroso, E.G., Barry, M., Ramos, A., Solero, D., Sparrell, D.K. and Dilts, R., AT&T Intellectual Property I LP, 2019.Decoupling Hardware and Software Components of Network Security Devices to Provide Security Software as a Service in a Distributed Computing Environment. U.S. Patent Application 16/147,934. Shinde, R. and Awasthi, H.M., McAfee LLC, 2015.Method and system for enhanced wireless network security. U.S. Patent 9,148,422. Sivaraman, V., Gharakheili, H.H., Vishwanath, A., Boreli, R. and Mehani, O., 2015, October. Network-level security and privacy control for smart-home IoT devices. In2015 IEEE 11th International conference on wireless and mobile computing, networking and communications (WiMob)(pp. 163-167). IEEE. Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs moreholisticapproach:Aliteraturereview.InternationalJournalofInformation Management,36(2), pp.215-225. Tang, M. and Zhang, T., 2016. The impacts of organizational culture on information security culture: a case study.Information Technology and Management,17(2), pp.179-186.
14 IS SECURITY AND RISK MANAGEMENT Yadav, N., Mahamuni, A., Ozakil, A., Akyol, B.A., Feng, P., Enderwick, T.J., Joseph, A., Kumar, S. and Valliappan, S., Cisco Technology Inc, 2015.Integration of network admission control functions in network access devices. U.S. Patent 9,071,611. Yu, T., Sekar, V., Seshan, S., Agarwal, Y. and Xu, C., 2015, November. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. InProceedings of the 14th ACM Workshop on Hot Topics in Networks(p. 5). ACM.