Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IS Security and Risk Management

Verified

Added on 2023/06/12

AI Summary

This report analyzes the main threats and risks associated with the organization's information security standards and how the organization overcomes them. It also focuses on common network vulnerabilities and how the organization can use different network settings and devices to ensure proper network security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1IS SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction....................................................................................................................2
Common malwares.........................................................................................................2
Network Types...............................................................................................................3
Exchange servers............................................................................................................4
Security issues related to web mail and webserver........................................................5
Redundancy and fault tolerance.....................................................................................6
Impact of human factors.................................................................................................7
Log.................................................................................................................................7
Audit log reports............................................................................................................8
Five type of the network security devises......................................................................8
Recommendations..........................................................................................................9
Conclusion......................................................................................................................9
References....................................................................................................................10

2IS SECURITY AND RISK MANAGEMENT
Introduction
The TechnologyOne is one of the most advanced and the well-known organisation in
the Australia which is providing software and the Information security support to the staffs
and the customers. The information system of the organisation is used extensively in its
business and internal operations infrastructure. The information system of the organization
includes database server where various secure information and data like employee data,
customer data and personal information, business strategies, analytics reports and others. The
data is used by the organisation for the purpose of the analysis and hence trying providing
better experience to the stakeholders.
This report is used to analyze the main threats and the risks that are associated with
the organisation information security standards and how the organisation over comes the
same. Further, the report also focuses on common network vulnerabilities and how the
organisation can use different network settings and devices to ensure proper network security.
Information about the redundancy and fault tolerance, and approaches that the organisation
can use for elimination the error from the system of the organisation. Information about the
network security devices that can help the organisation in managing and migrating any of the
risk is discussed in the paper further. Additionally, various types of the threats and the types
of the malware that can affect the normal working of the organisation are also discussed in
the report.
Common malwares
Malware is a type of malicious software that is hostile for the computer system, which
includes the computer viruses, Trojan horses, ransom wares, spywares and others. Malware is
the sort form or the umbrella term f-or the malicious software. Malwares have the ability to
infect an entire information system and cause serious damage to the data and files contained

3IS SECURITY AND RISK MANAGEMENT
inside the server. Malware are the types of the programs that is designed in such a way that it
can block the users of a system or a server from accessing the system or copy files from the
system without the approval from thee users or inject some malicious files that may harm the
system (Saeed, Selamat and Abuagoub 2013). Some of the common types of the malwares
that can harm any of the systems in the organisation are
 Adware- This are the types of the malware that when any system provide
different kind of adds continuously and hence irritate the user. The examples
of adware consist of pop-up ads on the websites as well as advertisements
displayed by software. In addition, software as well as applications offer free
versions that come bundled with adware like 7search, A.Kaytri and Aartemis
Search.
 Bot- This is a kind of program that is designed for the purpose of entering any
system any system for injecting something other. Conficker is one of the
tricky things to predict. It is a threat that seems, surface, advanced, and ends
up mounting an overwhelming attack.
 Ransom ware- This blocks the servers of and asks for money in exchange of
unblocking the systems. NotPetya is one of the examples of ransom ware that
started as a fake Ukranian tax software update and infect several computers.
 Spyware- The programs steals information from the system of the servers and
pass it to hackers(Kim and Kim 2015). CoolWebSearch is one of the spyware
that may hijack web searches, home page as well as internet explorer setting.
Network Types
A network is defined as a system that is commonly used to connect various computers
and peripheral devices using the internet services. The connections are not only from the
computers but also from the printers, or the fax machines among the others (Ahmed and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4IS SECURITY AND RISK MANAGEMENT
Kanhere 2013). Some of the very common network devises that are used by the organisation
for the purpose of the daily work are
 Hub- The hub is the central point of the network to which all other systems of
organization are connected (Thakur 2015). The purpose of the hub is to
control the data types known as the frames. When a hub receives a frame it
amplifies it and forwards it to the destination port.
 Switch- A MAC Bridge which is commonly known as the switch helps in the
connection of the network devises (Tan Li and Dong 2016). Multiple cables
are connected to the switch that controls the entry and exit of data as per user
requirements.
 Router- A router is a device that acts like an amplifier. It receives data packets
from a single connection and forwards it to the devices connected. One of the
common example of this is the WI-FI router, the device collects the data from
the LAN cables and forwards it as Wi-Fi signals to the devises that are
connected.
Windows Server 2012 and reliability of web services
Windows Servers are the most powerful versions of desktop OS & are designed to
handle corporate networking, Internet Hosting, Databases, and Enterprise-Scale Messaging
more efficiently. Windows Server 2012 is the latest version of Windows Server, formerly
codenamed as Windows Server 8. Windows Server improvise overall upgrades in cloud
computing & Cloud Storage Infrastructure. In addition to this, it should be noted that the
widows server 2012 is a dedicated server and also the server performs various services such
as hosting the web the services. Dedicated Server is a server hosting service exclusively
owned by a single owner. Window Dedicated Server is the server operating system owned
and released by Microsoft, the original owners of Windows operating system. Window

5IS SECURITY AND RISK MANAGEMENT
Dedicated server supports Microsoft web development tools as no other server can support.
Web development tools like Front page or Visual Interdev. are supported only by a Window
server. Window dedicated server supports Microsoft share point services that is very
important for sharing communication and information. Share point is an information sharing
platform developed by Microsoft that can only be run on a Window dedicated server with a
Window operating system. Hence the web services provided by the Windows Server 2012 are
very reliable and the availability of the web services are also provided by these servers.
Hence, the organizations should keep in mind that the servers are maintained properly and the
services are updated regularly. This would keep up with the reliability and the availability of
the servers. The organizations should also ensure that the data of the servers are backed up
regularly and also data restore policies are well defined and the staffs should be well aware of
the policies that would keep up with the reliability of the servers.
Exchange servers
The Microsoft exchange server is a software that is developed by the Microsoft for the
purpose of exchanging mails, and calendaring servers. The servers requires the original
Microsoft platforms for running the software (Elfassy2013 ). The exchange servers are the
proprietary protocols commonly known as theMessaging Application Programming Interface
or the MAPI. Although the servers also supports the Post office Protocol or POP, Internet
Messaging Access Protocol or the IMAP and also the SMTP protocols. Some of the security
measures that the organisations can take in order to ensure proper confidentiality and the
integrity for the staff emails are:
 The accounts that are used in the exchange servers must have the minimum
number of the permissions granted to perform the given sets of the task.

6IS SECURITY AND RISK MANAGEMENT
 The servers must only be started when required(Snehi and Dhir 2013).
 The administration permissionsmust be set according to the scope of the
changes and the objects that are needed to be modified.
 The servers encrypts all other messaging paths and must not be encrypted.
 Integrity of the staff email services: For marinating the integrity of the mail
services provided to the staffs of the organization, the organization should
maintain an efficient password policy so that the staffs do not create an easy
password. Also it should be noted the organization should involve security
measures so that the staffs can-not access the profile of other staffs so that the
data integrity and the privacy of the staffs are maintained.
Security issues related to web mail and webserver
The webservers and the web mails have strong security checks yet there sometimes
are some of the major problems that comes up with the servers. Some of the major problems
that the webmail and the server faces are provided below and the threats are prioritized
according to their impact:
 Threats to the data leaks- There may be cases where the data are leaked to
outside the organisation and this data may be used against the organisation.
It is to be made sure by the employees of the organisation no vital
information about the servers and the organisations are to share.
 Spam mails: Spam mails are some of the major reasons for the purpose of
the inserting malicious files in the systems and for obtaining personal
information’s, the employees of the organisation are advised not to
respond to any of the spam mails even open it.
 DOS threats: Denial of service is one of the major threat to many of the
system in recent times (Koh, and Im 2014). In this system if there is a dos

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7IS SECURITY AND RISK MANAGEMENT
attack system fails to recognise the admins and denies many of the
functions in the machine. If there is any case of the dos attack the IT
department must be immediately informed about the same in order to
remove the threat immediately.
 Threats of Malware: Malwares the programs that are made for the purpose
of the hacking a system. No foreign items are too inserted in the
organization system without permissions.
 Unauthorised access to the data: If someone outside the organisation gains
the access to the sources and the webmail server passwords, he may use
the data for the purpose of stealing the data from the servers. This might
result in huge loss to the organisation as by this technique, the foul player
may get the access to the data that may be misused further (Bakla, Çekiç
and Köksal 2013). This is to be ensured that the email ids and the
password safe and must change the password frequently.
 Server performance and stability: IF the servers in the organisation are
performing poorly and if any online notices any fault in the systems, must
inform the IT department at first (Sharma and Yadav 2015).
Redundancy and fault tolerance
Fault tolerance: It is the property of a system that enables it to function normally even
if some of the components of the system have failed. The faults can be categorised in three
different forms such as the Transient faults, intermittent faults, Permanent fault
(Technologies CSNT)s. In first two types of the faults, the systems work under extreme
pressure and with low quality and in the case of the permanent faults the fault is potential and
the system stops working.

8IS SECURITY AND RISK MANAGEMENT
Redundancy: This is one of the major faults in the server, the fault is that a single piece of
information is expressed many times (Mirafzal, 2014). This may happen due to many reason
like the system errors in reading, human faults and most importantly the malwares that
duplicated the data. The redundancy errors must be reduced for maintaining normal system
operations.
The approaches that may help in the process of the reducing the faults, redundancy and
increase the fault tolerance is the process of the fault avoidance and fault removal and the
Time redundancy.
Impact of human factors
Other than the system errors there are many human factors that leads to many of the error in
the information systems. Human may do errors which may in turn harm the machines and rise
to many other problems. The humans have designed the entire systems of the organisation,
but the same humans are sometimes the reasons for the error (Egwutuoha et al. 2013). On the
other hand in the process of the risk management, human factors plays an important role.
Some techniques that helps in the process of the risk management are the avoidance, this is

9IS SECURITY AND RISK MANAGEMENT
one of the best technique by which the risks can be managed and the humans plays an
important role in this techniques. Other than this one of the other major technique that is
useful is the loss prevention and the loss reduction (Norouzizadeh et al. 2016). IF there are
chances of any loss, then human can assume that the risk can happen and avoid the same. In
the process of the loss reduction, if any loss is induced the in the human factor can help lot in
the process of the loss prevention.
Log
In computer science the log files are the records that are kept by the operating system for
each and every event that is occurring in the systems. In case of the web servers and the
emails servers the log files can be very much useful in terms of the security monitoring. The
logs are recorded whenever any of the event takes place in the servers, if there is any false or
misuse of the servers from the same can be traced out from the logs of the servers (Dubrova
2013). This can be one of the major security factor as if any one tries to do something wrong
in the servers may be caught easily. Other than this, the log files are encrypted files and
cannot be accessed from the outside and only the system admins can see and trace the files.
Audit log reports.
The audit log reports displays the audit log events that are generated at the servers,
domains by the administrators. The audit reports are used for the for the purpose of the
making the system servers more accurate (Vicente 2013). The results of the audits are used
for the purpose of testing the systems.
Five type of the network security devises
Five major security devices that can be used by the organisation for eliminating risk
related to the web servers are;

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10IS SECURITY AND RISK MANAGEMENT
 SOPHOS firewall – The organisation can use this devise for setting up a virtual
firewall in the organisation. The firewall check for every incoming and outgoing
packets.
 Anti-virus systems- The antivirus systems are set off software’s that are designed for
the purpose of scanning and ejecting spams and other such malwares.
 Network access control-It permits the administrator to identify different users and
machines and find out if unauthorized personnel are trying to gain access to the
network. (Proctor and Van Zandt 2018)
 Wireless Security- Helps in the protection of the wireless systems that are installed in
the organisation.
 Application Security- Helps in the protection of the application from being infected
from other devices and the malwares, works somewhat same as the anti-viruses.
Recommendations:
The organisation can eradicate the Microsoft server 2007 and install the latest
Microsoft servers that have been introduced by the organisation. Also the organisation must
update the operating system of the machines. The organisation can use the help of the cloud
servers in order to get the maximum of the modern technology.
Conclusion:
Thus concluding the topic, it can be said that the organisation can use the help of the
modern generation for the purpose of updating the systems in order to give the best
information system assistance to the users. Adopting the modern technology this will also
help the organisation is attracting more and more customers. The organisation needs to set up
proper server settings so that any kind of the risk can be avoided by the systems. The

11IS SECURITY AND RISK MANAGEMENT
organisation also needs propernetwork updated devices for the purpose of advancing the
security of in the organisation.

12IS SECURITY AND RISK MANAGEMENT
References
Ahmed, S. and Kanhere, S.S., 2013. HUBCODE: hub‐based forwarding using network
coding in delay tolerant networks. Wireless Communications and Mobile Computing, 13(9),
pp.828-846.
Bakla, A., Çekiç, A. and Köksal, O., 2013. Web-based surveys in educational
research. International Journal of Academic Research, 5(1), pp.5-13.
Dubrova, E., 2013. Fault-tolerant design (pp. 55-65). Berlin: Springer.
Egwutuoha, I.P., Levy, D., Selic, B. and Chen, S., 2013. A survey of fault tolerance
mechanisms and checkpoint/restart implementations for high performance computing
systems. The Journal of Supercomputing, 65(3), pp.1302-1326.
Elfassy, D., 2013. Mastering Microsoft Exchange Server 2013. John Wiley & Sons.
Kim, D. and Kim, S., 2015. Design of quantification model for ransom ware prevent. World
Journal of Engineering and Technology, 3(03), p.203.
Koh, E.B., Oh, J. and Im, C., 2014. A study on security threats and dynamic access control
technology for BYOD, smart-work environment. In Proceedings of the International
MultiConference of Engineers and Computer Scientists (Vol. 2, pp. 1-6).
Mirafzal, B., 2014. Survey of fault-tolerance techniques for three-phase voltage source
inverters. IEEE Transactions on Industrial Electronics, 61(10), pp.5192-5202.
Mistry, R. and Misner, S., 2014. Introducing Microsoft SQL Server 2014. Microsoft Press.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13IS SECURITY AND RISK MANAGEMENT
NorouzizadehDezfouli, F., Dehghantanha, A., Eterovic-Soric, B. and Choo, K.K.R., 2016.
Investigating Social Networking applications on smartphones detecting Facebook, Twitter,
LinkedIn and Google+ artefacts on Android and iOS platforms. Australian journal of forensic
sciences, 48(4), pp.469-488.
Proctor, R.W. and Van Zandt, T., 2018. Human factors in simple and complex systems. CRC
press.
Saeed, I.A., Selamat, A. and Abuagoub, A.M., 2013. A survey on malware and malware
detection systems. International Journal of Computer Applications, 67(16).
Sharma, A.K. and Yadav, R., 2015, April. Spam mails filtering using different classifiers
with feature selection and reduction technique. In Communication Systems and Network
Technologies (CSNT), 2015 Fifth International Conference on (pp. 1089-1093). IEEE.
Snehi, J. and Dhir, R., 2013. Web client and web server approaches to prevent xss
attacks. International Journal of Computers & Technology, 4(2b1), pp.345-352.
Tan, S., Li, X. and Dong, Q., 2016. TrustR: An integrated router security framework for
protecting computer networks. IEEE Communications Letters, 20(2), pp.376-379.
Thakur, A., 2015. Open source firewall implementation: replacing traditional firewall with
open source.
Vicente, K.J., 2013. The human factor: Revolutionizing the way people live with technology.
Routledge.

1 out of 14

+13062052269

info@desklib.com

IS Security and Risk Management

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IS Security and Risk Management: Vulnerabilities, Mitigation Strategies and Impact of Human Factors

Information System Security and Risk Management

Securing Enterprise Infrastructure

Security Guidelines Assignment

Malware and Threads Detection, Security and Risk Management (Atlassian)

IS Security and Risk Management: Doc