Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IS Security and Risk Management

Verified

Added on 2023/06/07

AI Summary

This report discusses the security challenges faced by organizations in relation to information systems. It covers multiple areas, including ransomware malware, network threats, and ways to ensure information security. The report also explores the impact of human factors and organizational issues on IS-related security and risk management. Additionally, it provides insights into improving the availability of email servers and highlights the importance of log records. Finally, the report suggests five network security devices to consider for your organization.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: INFORMATION SYSTEMS AND SECURITY
IS Security and Risk Management
<Name>
<University>

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

INFORMATION SYSTEMS AND SECURITY 2
Introduction
The advancement in technology has seen tremendous growth in the different organizations.
Information systems are some of the leading systems that have been integrated into different
operations of the organizations to help the business managed and gain a competitive
advantage over its competitors. All this technological advancement has brought with it more
challenges in relation to the security required by the system. Intruders and hackers have also
managed to gain knowledge on how to interfere with these systems for their own malicious
needs hence affecting the operations of the organization. To avoid all this from happening,
different organizations have come up with different approaches to secure their systems. In
this report, we will address some of the security challenges faced by different organization
that affect the operation of the information systems (Stair, & Reynolds, 2017). We will cover
multiple areas and discuss some of the main attacks that fac the system specifically the
ransomware malwares, the network threats that the company or the organization hardware
face, different ways to ensure information security in the organization, and other information
threats the company faces.
Risk Management
Ransomware
This is a type of a malware that prevents users from accessing their systems or personal files
and demand ransom in order for one to access tis information. This is one of the most
common attacks that most companies face, this is due to the fact that most of the information
systems relay on sharing information from one end to the other. The basic operations
involved in an information system are inclusive of sharing and retrieving data (Feng, Wang,
& Li, 2014). With the nature of operations carried out by the IS it becomes possible for the
malware to attack different sections of the system and hold the information at ransom. This

INFORMATION SYSTEMS AND SECURITY 3
means that the information is intact in the system but the legal user of the system cannot
access the information. Attackers in most of these cases are after something apart from the
information. In most cases they are usually after money from the owner of the information or
from the organization. There have been few incidences where the attackers have been after
the access to other information that the owner may be with holding (O'Gorman, &
McDonald, 2012). The nature of this attack cripples the operations of an organization in case
it is to occur since the access to information in the company is normally crippled hence the
company’s operations cannot proceed. It is also important for one to understand the different
ways that one gets the malware. In most cases the malware is got through phishing emails
which contain malicious attachments that run in the computer without your knowledge and
develops into a ransomware. The other mean of getting this malware is via the drive by
downloads over the internet, this is also one of the most common modes of getting the
malware into the network (Savage, Coogan, & Lau, 2015). Due to the access to the internet
some of this malicious software tend to install in the computer automatically if the systems
security is not well installed hence causing the harm. It is important to address the fact that
one antivirus system of the organization cannot detect the malware till hen its too late.
The good thing with this particular malware is the fact that one is in a position to remove the
malware from the system. The process behind this involves first the elimination of the
attacker. there are different types of ransomwares such as the fake antivirus, or a bogus clean
up tool this sort of malwares can be easily removed from the computer via the uninstallation
process.one of the main ways to eliminate a ransom attack is via constant backing up of
information (Andronio, Zanero, & Maggi,2015, November). This ensures that the
organization information is backed up in a different secure storage away from the running
system in the company. Hence once an attack is detected, the company has the backed-up
information of all the works in the company. With this, the system can be formatted and all

INFORMATION SYSTEMS AND SECURITY 4
the information can then be restored in the computer. In the process the malware by the
attacker is formatted and the system is then left safe (O'Gorman, & McDonald, 2012). This is
one of the best approaches but requires the need of the constant back up of the information.
The next approach is the filtering of the EXEs in emails. Since the use of malicious
executable files over the emails are the next approach used by most of the attackers to install
and run the malicious malware, this approach operates by filtering any email that has an
executable file and the sender of the email is not recognized (Kim, & Solomon, 2016). This
ensures that the system in the organization does not invite any external attack since all these
are filtered by the set parameters in the emailing platform of the company.
The third approach is the use of the systems pre-installed features such as showing the hidden
file. This requires the understanding of the crypto lockers’ files extension. Most of these
malwares have an extension of.PDF.EXE and normally rely on the windows behaviours of
hiding known file extensions but the minute this is changed one is able to identify the
malware and then it becomes easy to delete the file hence killing the malware and
disconnecting the attack (Lowry, Dinev, & Willison, 2017). This is one of the most effective
approaches to the case but also requires a lot of effort trying to find the file.
Threats against network routers and switches
These are some of the most important devices in the networking of the organization. The play
a vital role in the connection of the different devices and the flow of data package from one
station to the other. But it is evident to recognize the different risks that are associated with
their use. The routers and the switches are prone to physical damage. This is one of the
biggest concerns for most of the organization. These devices being physically accessible by
users, they normally end up getting physically impacted by either dropping among other
challenges. The minute these physical threats occur then the functionality of the routers is

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

INFORMATION SYSTEMS AND SECURITY 5
affected hence affecting the entire organizations network (O'Gorman, & McDonald, 2012).
The antennas of the router for instance in most of the developers have been identified as weak
and easily break in case of a fall of the router and the minute the antenna breaks the signals
strength being transmitted ends up being affected.
Information Systems Security
Reliability and Availability of the Web Service
First it is important to identify what a web service is and in relation to the computer
understanding, a web service can be describe as a standardized way of integrating web-based
applications by the use of different languages such as XML, WSDL, SOAP, WSDL and
UDDI open standards over an internet protocol backbone. There are different approaches that
can be used to increase the reliability and availability of the web servers but for the report. It
is important to addresses some of these approaches. The first best approach to ensure reliable
web service is through the implementation of a secure and reliable internet service provider
for the company. This is responsible for the provision of the connection between the
organization and the web services, in case this connection is weak or keeps getting
interrupted the reliability as well as the availability of the web services will keep on getting
interfered with. For the client or instance, trying to access these applications it will become
impossible and end up interfering with the performance of the system (Ifinedo, 2014). This
calls for the need of the company to conduct an intensive research on the best serve providers
that will support the company’s operations in a reliable and consistent manner that does not
end u failing and affecting these operations.
Confidentiality and Integrity of the Staff Email
This is one of the most important mode of communication currently in most of the
organizations that have embraced the integration of information systems in the company. It

INFORMATION SYSTEMS AND SECURITY 6
has also been identified as one of the platforms that is used for phishing by attackers on
unknowing system users hence the need for an analysis on how to protect these emailing
platforms of the company. One of the best approaches in relation to confidentiality and
integrity of the staff email is the use of strong and complex password during the creation of
the staff email. These passwords should meet different criteria that are predefined by the
company IT sector. This ensures that the company’s passwords are secure hence improving
on the confidentiality and integrity of these email. Also, the constant change of the passwords
is the other approach (Ifinedo, 2014). This change can be carried out after a few weeks and it
can be included in the company protocol as a requirement of the staff members. This ensures
that the company staff members keep updating their passwords hence make it impossible for
anyone to easily just hack in the company emailing platform. With this the security of access
the emailing platform is left on the hands of specifically the organizations staff members and
in return impacting the confidentiality and integrity of the staff email platform.
Threats and the Possible Types of Malware and Security Issues Related to Web Mail and
Webserver.
There are different types of malwares and security issues that are related to the web mail and
the webserver. In this section e will get to analyze some of these security threats as well as
the different malwares that affect both systems. First one of the biggest security threats for
the web mail is phishing. This is targeting the different users of the we mail by attempting to
retrieve information from the users and end up using this information for different malicious
purposes such as requesting for money after the information is retrieved from the mil servers.
On the other hand, the web servers have different types of malware and security threats that
can cripple an organizations system, a security attack such as the Denial of Service (DoS)
where attackers overload the webservers with irrelevant message request and end u blocking
the legal message request to the server from the system users for instance in a company. The

INFORMATION SYSTEMS AND SECURITY 7
eb server is occupied with irrelevant request that keep on looping. This causes the system to
crush due to the overload caused by the hacker as well as affect the services request by the
system users (O'Gorman, & McDonald, 2012). The attack affects the entire organization
network sine the more requests are made the more crowded the system becomes. As seen a
good example of a malware is the ransomware which holds ransom the services of a web
server. This means the webserver is unable to distribute the services it has to deliver to the
system and in return cripple the entire system.
Improve the Availability of Email Servers
There are different ways to improve one availability of the email server in an organization,
one of the min ways is use of an email server that is specifically dedicated for the use of
basically just managing the email activities. With a dedicated email server that is well
configured to process all the email activities, the availability of the email server will be
increased since the request received in the server are only programmed to meet these needs
and no other services are requested from the server (Spears, & Barki, 2010). This ensures all
the systems processing power is dedicated to a particular course hence making the process
more effective and most important available. Secondly the implementation of a filter
mechanism on the email server to ensure that the system does not have to overload on
irrelevant request from sources that are filtered (Schaefer et al., 2017). This makes the server
available for the right use and the right request in relation to the company’s services.
Impact of Human Factors and Organizational Issues on IS-related Security and Risk
Management
Human Factors and Organizational Issues play a huge role in ensuring the security of the
systems within an organization. This is due too the fact that they are directly associating with
the information system hence different practices by the user can either increase the risk to the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

INFORMATION SYSTEMS AND SECURITY 8
system or minimize the risk. For instance, access of insecure websites by the use of the
organization’s system increases the chances of an attack to the system. As seen some of these
websites have the drive by software installations that are used by the attackers in most cases.
This shows the involvement of the users of the system in endangering the risk of attack. Also,
the users have a responsibility of ensuring secure passwords are set u for the company
systems so as to keep intruders out of the organizations information system but different users
do implement weak passwords which end up making it easy for intruders to by-pass these
passwords. This on the other hand also exposes the organization’s IS into more risk (Schaefer
et al., 2017). It is important for an organization to identify all this risk associated with the
human factors as well as the organization factors. After this realization, measures such as
educative measure to help the users understand the importance of complex passwords for
instance can help reduce the risk levels of the IS by an attacker. Also, the blocking of some of
these unsecure websites can control the access by the user to these websites were attackers y
get the chance to attack.
Log Records
These are some of the most important security measure for any organization with a functional
IS. They provide information of all the activities that have been happening in the system, the
different logins, processes and activities the different users were engaged in and the impact
they had on the system. This has been used as a security measure sine it helps in the mapping
out of an intruder in case such an incident arises (Haverstock, Estrada, & Estrada, 2012).
Most organizations also keep these records for accountability records to ensure each activity
carried out in the system can be accounted and linked to a particular use of the system. These
are also very important for the performance of the audit analysis since they provide a record
of all the activities that have been initiated and carried out within an organizations IS.

INFORMATION SYSTEMS AND SECURITY 9
Five network security devices to control security and mitigate threats related to the web and
email servers.
There are different devices that are used provide network security that can be used by any
company, some of these tools includes the anti-Malware devices which help in the detection
of any malware that may affect the organization web and email server. These helps detect an
attack before it becomes uncontrollable, second and the thirdly there are the intrusion
detection and intrusion prevention systems IDS and IPS tools respectively which help protect
the web servers and email servers from different security threats such as malwares, spywares,
viruses and even worms that may affect the serves (Ahmad, Maynard, & Shanks, 2015).
Thirdly the use of Network Access Control NAC, these devices hep enforce policies by
granting only security policy compliant device access in an organization. This means any
intruder with no knowledge of the company policies cannot access the system. Next
Generation firewall is another device that help in providing web and email server security.
Conclusion and Recommendation
The advancement of technology has brought with at major security risk as covered in the
report. Different measures are taken by the companies to try and fight these increasing levels
of security threats to any information system of the company. The attacks can come in from
different directions but with the right security systems, the information system is left
protected as seen above. One of the most significant recommendation from the information
attained, it is crucial for any business to have a well-established security system that is
responsible for the provision of security for the a since the damage that can be caused by ack
of this security can be catastrophic. The implementation of the identified devices for instance
boost the security of its information system.

INFORMATION SYSTEMS AND SECURITY 10
References
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems
and security incident responses. International Journal of Information
Management, 35(6), 717-723.
Andronio, N., Zanero, S., & Maggi, F. (2015, November). Heldroid: Dissecting and detecting
mobile ransomware. In International Workshop on Recent Advances in Intrusion
Detection (pp. 382-404). Springer, Cham.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation
analysis. Information sciences, 256, 57-73.
Haverstock, P., Estrada, M., & Estrada, J. (2012). U.S. Patent No. 6,434,607. Washington,
DC: U.S. Patent and Trademark Office.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1),
69-79.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones &
Bartlett Publishers.
Lowry, P. B., Dinev, T., & Willison, R. (2017). Why security and privacy research lies at the
centre of the information systems (IS) artefact: Proposing a bold research
agenda. European Journal of Information Systems, 26(6), 546-563.
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec
Corporation.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

INFORMATION SYSTEMS AND SECURITY 11
Savage, K., Coogan, P., & Lau, H. (2015). The evolution of ransomware. Symantec,
Mountain View.
Schaefer, R. F., Boche, H., Khisti, A., & Poor, H. V. (Eds.). (2017). Information Theoretic
Security and Privacy of Information Systems. Cambridge University Press.
Spears, J. L., & Barki, H. (2010). User participation in information systems security risk
management. MIS quarterly, 503-522.
Stair, R., & Reynolds, G. (2017). Fundamentals of information systems. Cengage Learning.

1 out of 11

+13062052269

info@desklib.com

IS Security and Risk Management

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Demonstration of a Cyber Security Threat: Ransomware

Ransomware: Impact, Variants, Working Mechanism, Threats, and Mitigation Tools

Assignment on Ransomware and Cyber Security

Ransomware Attacks: Threats, Targets, and Measures to Resolve

Cyber-Security in Shipping Industry: Ransomware and Malware

Disaster Recovery Plan - Ransomware