IS Security and Risk Management
Added on 2022-11-26
15 Pages3457 Words329 Views
Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management
Name of the Student
Name of the University
Author’s Note:
IS Security and Risk Management
Name of the Student
Name of the University
Author’s Note:
1
IS SECURITY AND RISK MANAGEMENT
Table of Contents
Task 1.........................................................................................................................................2
Introduction................................................................................................................................2
Threat against network routers/ switches...................................................................................2
Network security devices...........................................................................................................4
Availability of the web service..................................................................................................5
Impact of employee on Information Security............................................................................6
Risk management recommendation to reduce the risk of employee..........................................8
Windows Server 2016 auditing tool...........................................................................................8
Task 2.......................................................................................................................................10
Summary..................................................................................................................................11
References................................................................................................................................12
IS SECURITY AND RISK MANAGEMENT
Table of Contents
Task 1.........................................................................................................................................2
Introduction................................................................................................................................2
Threat against network routers/ switches...................................................................................2
Network security devices...........................................................................................................4
Availability of the web service..................................................................................................5
Impact of employee on Information Security............................................................................6
Risk management recommendation to reduce the risk of employee..........................................8
Windows Server 2016 auditing tool...........................................................................................8
Task 2.......................................................................................................................................10
Summary..................................................................................................................................11
References................................................................................................................................12
2
IS SECURITY AND RISK MANAGEMENT
Task 1
Introduction
The notable determination of the paper is to focus on the Information System security,
risk threats and management of Telstra which is the biggest telecommunication industry in
Australia. The risk management strategy which is adopted by this organization will be
evaluated in this report. This paper will be also discussing the audit plans and the business
process along with the impact of the human factors on security and risk management. The
vulnerability of the network devices will be presented in the paper in an organized manner.
The paper will be looking forward to proposing two categories of network security devices
which will be very much helpful to mitigate the threats associated with web and email servers
(Chang, Liu and Lin 2015). The availability of the web service using windows server 2016
can also be understood from the paper. Risk management recommendations to reduce the
risks coming from employees working on this telecommunication organization will also be
discussed in the paper. Illustration of the auditing tools of the Windows server can be used to
deal with the threats coming from the web server and email server will be presented in the
concluding unit of the paper.
Threat against network routers/ switches
The two types of threats associated with the network routers which are used in the
business environment of Telstra Corporation are discussed as follows:
Eavesdropping: It can be defined as the type of security threat where social engineer
intercepts private communication. Sensitive and private data in the form of text, images, fax
transmission and video files which are accessed using the Information System are generally
compromised due to this security vulnerability of the routers. IP based calls are used by social
IS SECURITY AND RISK MANAGEMENT
Task 1
Introduction
The notable determination of the paper is to focus on the Information System security,
risk threats and management of Telstra which is the biggest telecommunication industry in
Australia. The risk management strategy which is adopted by this organization will be
evaluated in this report. This paper will be also discussing the audit plans and the business
process along with the impact of the human factors on security and risk management. The
vulnerability of the network devices will be presented in the paper in an organized manner.
The paper will be looking forward to proposing two categories of network security devices
which will be very much helpful to mitigate the threats associated with web and email servers
(Chang, Liu and Lin 2015). The availability of the web service using windows server 2016
can also be understood from the paper. Risk management recommendations to reduce the
risks coming from employees working on this telecommunication organization will also be
discussed in the paper. Illustration of the auditing tools of the Windows server can be used to
deal with the threats coming from the web server and email server will be presented in the
concluding unit of the paper.
Threat against network routers/ switches
The two types of threats associated with the network routers which are used in the
business environment of Telstra Corporation are discussed as follows:
Eavesdropping: It can be defined as the type of security threat where social engineer
intercepts private communication. Sensitive and private data in the form of text, images, fax
transmission and video files which are accessed using the Information System are generally
compromised due to this security vulnerability of the routers. IP based calls are used by social
3
IS SECURITY AND RISK MANAGEMENT
engineers to conduct this security attack. Infections such as Trojan horse can play a huge role
in this network layer attack.
Telstra Corporation has more than 160 subsidiary organizations associated with them
(Bertino and Islam 2017). There are millions of third parties working for this organization all
over Asia and Australia. Thus, the networking devices which are used in this organization are
highly exposed to these security threats. This security attack can have an undesirable impact
on the progress of this telecommunication organization as the data which are circulated
among the subsidiary organizations as well as the third parties may fall in the hands of the
social engineers. This confidential information can be sold to the market competitors of
Telstra by the social engineers. Thus, it can be said that the loopholes of the routers used
Telstra can lead to security vulnerabilities like eavesdropping which can have a huge negative
impact on the business reputation of this telecommunication organization.
Masquerading: It can be defined as the type of security attack where the social
engineer uses fake identity to gain unauthorized access to all the information of a computer
system using legitimate access identification. This security vulnerability is mainly due to the
security flaws of the networking switches (Chang, Liu and Lin 2015). Stolen passwords and
login credentials are used by the social engineers during this security attacks. During this
security breach, all levels of authorization of network are compromised. Vulnerable
authentication can be a significant reason behind this threat
Both the internal as well as the external stakeholders of Telstra who access the
Information System have their unique employee identification number which is used to log in
the organization portal of Telstra. Any kinds of security breaches using the login credentials
can have a huge impact on the business growth of this organization. All the confidential data
which are sent from one region to another can be edited or deleted by the social engineers
IS SECURITY AND RISK MANAGEMENT
engineers to conduct this security attack. Infections such as Trojan horse can play a huge role
in this network layer attack.
Telstra Corporation has more than 160 subsidiary organizations associated with them
(Bertino and Islam 2017). There are millions of third parties working for this organization all
over Asia and Australia. Thus, the networking devices which are used in this organization are
highly exposed to these security threats. This security attack can have an undesirable impact
on the progress of this telecommunication organization as the data which are circulated
among the subsidiary organizations as well as the third parties may fall in the hands of the
social engineers. This confidential information can be sold to the market competitors of
Telstra by the social engineers. Thus, it can be said that the loopholes of the routers used
Telstra can lead to security vulnerabilities like eavesdropping which can have a huge negative
impact on the business reputation of this telecommunication organization.
Masquerading: It can be defined as the type of security attack where the social
engineer uses fake identity to gain unauthorized access to all the information of a computer
system using legitimate access identification. This security vulnerability is mainly due to the
security flaws of the networking switches (Chang, Liu and Lin 2015). Stolen passwords and
login credentials are used by the social engineers during this security attacks. During this
security breach, all levels of authorization of network are compromised. Vulnerable
authentication can be a significant reason behind this threat
Both the internal as well as the external stakeholders of Telstra who access the
Information System have their unique employee identification number which is used to log in
the organization portal of Telstra. Any kinds of security breaches using the login credentials
can have a huge impact on the business growth of this organization. All the confidential data
which are sent from one region to another can be edited or deleted by the social engineers
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Analysis of IS Security and Risk Management in Telstralg...
|15
|3667
|42
IS Security and Risk Management: Telstra Corporation Ltdlg...
|17
|3798
|88
Security and Risk Managementlg...
|13
|2895
|1
IS security and Risk Managementlg...
|16
|4607
|284
IT Security and Risk Managementlg...
|13
|3017
|254
Security and Risk Management in Banking Industrylg...
|12
|2320
|54