Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IS Security and Risk Management: Vulnerabilities, Mitigation Strategies and Impact of Human Factors

Verified

Added on 2023/06/09

AI Summary

This report discusses the vulnerabilities and security challenges related to web mail and web server, proposes two approaches to improve the availability of email servers, and explores the impact of human factors and organizational issues on IS-related security. It also suggests tools to tackle ransomware and the use of audit log reports for monitoring and analyzing web and email server problems.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management
SBM4304
Semester 2, 2018
Assignment 3
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
IS SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................2
Working Mechanism of Ransom ware............................................................................................2
Tools to tackle Ransom ware...........................................................................................................2
Vulnerability of router and switches................................................................................................3
Reliability and availability of the web service................................................................................3
Ways to ensure confidentiality and integrity of the staff email.......................................................4
Discussion and prioritize the threats and the possible types of malware and security issues related
to web mail and webserver..............................................................................................................5
Proposal of two approaches to improve the availability of email servers.......................................6
Impact of human factors and organizational issues on IS-related security.....................................7
Use of logs records in monitoring and analysing the web server and email server problems.........8
Use of audit log reports....................................................................................................................8
Network security devices to control security and mitigate threats..................................................9
Conclusion and Recommendations................................................................................................10
Reference.......................................................................................................................................11

2
IS SECURITY AND RISK MANAGEMENT
Introduction
The foremost determination of this report is to focus on the risk management strategies
Opensky Communications located in Perth, West Australia. This report aims to guide the readers
about platforms which are used by the cyber criminals for spreading their malicious programs.
Vulnerabilities and security challenges related to web mail and web server are discussed with
great importance in this paper. This report also proposes two approaches of the ICT company, by
which redundancy and fault tolerance can be minimized in an organisation. The risk management
recommendation of an employee and the effectiveness of the audit log reports are the most
essential objective of this report.
This ICT organisation provides different types of services such as software development,
game development, application development and server management which makes them very
much prone to different types of cyber securities and this report will be helping to understand the
probable risks involved with the services provided by this organisation and also help its workers
to know about the risk mitigation steps.
Working Mechanism of Ransom ware
The phishing emails are used as a medium by the cyber criminals to spread ransom ware.
The attachments of those emails contain the malicious program (Scaife et al., 2016). The other
method by which this virus is spreads is by visiting infected websites and downloading contents
of that website. This deadly malicious software program blocks access to a computer system
unless a huge amount is paid as bit coins to the cyber criminals (Kolodenker et al., 2017). The
files of an infected system are encrypted by the virus and it makes them inaccessible.

3
IS SECURITY AND RISK MANAGEMENT
Tools to tackle Ransom ware
The three types of tools which can be used by Opensky Communications developed by the
big anti-virus corporations which can help a user to tackle with ransom ware are as followings:
1. Malware bytes anti-ransom ware
2. Trend Micro Lock Screen Ransom ware Tool
3. Avast anti-ransom ware tools
Vulnerability of router and switches
There are different security threats and vulnerabilities associated with the network routers
and switches in Opensky Communications such as unauthorised access, session hijacking,
masquerading, eavesdropping, routing protocol attacks, session replay attacks and IP
fragmentation attack for DoS (Zhou et al., 2018).
The mid-range switches and routers are most vulnerable to destruction and abuse as they
are mostly targeted by the hackers so that they gain access to a single network or an entire
network so that they can spread their harmful soft wares (Mattos & Duarte, 2016). IP spoofing is
one of the methods by which false IP packets are inserted into the networks after session is
established. The rerouting attacks help in manipulating the router updates and give control to any
unauthorized access.
Reliability and availability of the web service.
The reliability and availability of the web service by Opensky Communications are
defined by the set of attributes that are considered in the different phases of production such as
the designing, developmental phase, manufacturing phase and maintenance (Chen et al., 2016).
The ICT organisation defined reliability as the capability of a computer system to perform

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
IS SECURITY AND RISK MANAGEMENT
consistently according to its specifications without ant technical errors whereas availability is
defined as the ratio of time a computer system is functional compared with the total time period
which are expected to function. These are the most essential parameters for Opensky
Communications to maintain their effectiveness and productivity (Rao & Selvamani, 2015). This
organisation can ensure reliability and availability of the web service by acknowledging all the
communicative messages between all its stakeholders, elimination of duplicate message is the
other technique to deal with the security issue, ordered delivery of messages is one of the most
important vital methods regarding the security of an organisation (Botta et al., 2016). The deliver
status awareness process used Opensky Communications also helps them to deal with the issues
related to the web service.
Ways to ensure confidentiality and integrity of the staff email
The security measures to ensure confidentiality and integrity of the staff email in Opensky
Communications are as followings:
Authentication: The identities of the sender and receiver have to be authenticated so that
unauthorized access can be prevented to a significant extent in Opensky Communications.
Integrity: It is one of the most essential criteria for the long term success of an
organisation which deals with both structured and unstructured data (Fetzer, 2016). This method
is usually followed so that the data which are transmitted from one stakeholder to another in
Opensky Communications does not get altered from the original content.
Confidentiality: The confidentiality is the other type of way which ensures security to
the transmitted data (Elmrabit, Yang & Yang, 2015). Opensky Communications use encryption

5
IS SECURITY AND RISK MANAGEMENT
and decryption to solve this issue. The private keys and public keys are involved in solving this
matter in this company.
Random array method: This is a second level encryption and encryption method which
is used in this company is made of the random number generation algorithm to ensure
confidentiality and availability of staff email (Hollister & Ferrier, 2015).
Digital signature: It is a type of method used in Opensky Communications as a security
purposes for sender authentication and no repudiation.
Discussion and prioritize the threats and the possible types of malware and
security issues related to web mail and webserver.
The threats associated to the webmail and webserver in Opensky Communications are as
followings:
Unauthorised access to data is the other most significant threat considering the use of
webserver.
Threat related to data leakage is other important vulnerability associated with Opensky
Communications are the use of web mails, as the messages are transmitted with the help of the
unprotected communication channels.
Spam mails: The threats coming from the spam mails are increasing every day from the
server security standpoint in Opensky Communications and are considered as one of the most
significant security issues related to webserver and web mails in this ICT company.
Threats coming from malware have an impact on both the users as well as the servers of
this ICT company, as integrity and privacy of the data comes under threat (Aljawarneh, 2017).

6
IS SECURITY AND RISK MANAGEMENT
The other types of security issues related to the web mail and web server in this ICT
organisation are the email contact loss and the intellectual property loss such as the loss of
information related to the growth of an organisation.
Proposal of two approaches to improve the availability of email servers
The two approaches to improve availability of email servers by Opensky
Communications are discussed in this unit of the report:
Monitor availability Synthetic testing
Server monitoring: The email server needs to
be checked frequently to find the probable
threats and vulnerabilities of the ICT company.
This approach helps in improving the
availability of the email servers by real time
examination of the servers.
Configuration change monitoring: Any
changes to a servers should be notifying the
server administrators of the company.
The maintenance team of the email servers are
notified with immediate time frames so that all
the probable issues detected in the synthetic
testing is minimized in this company.
Application performance monitoring: This is
practised to improve the existing security of
the email servers of Opensky Communications.
Circuit breakers patterns are used to deal with
the dependency failures of the email servers,
indirectly improving the availability of email
servers (Islam et al., 2016).
Table1: Techniques to improve availability of email servers
Created by the author

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
IS SECURITY AND RISK MANAGEMENT
Impact of human factors and organizational issues on IS-related security
The different types of human factor which impact the IS security and risk management of
Opensky Communications as discussed in the below figure.
Figure 1: Human Factors for Information Security Management System
Created by the author
The organizational issues in Opensky Communications have great impact on the growth
and development of the organisation due to the changes in resistance and resentment among the
employees. The security and privacy of the employees of Opensky Communications are at stake
due to the IS related issues unless the organisation identify the process by which the issues are
solved.
The risks associated due to the human factors and other organisations issues should be
solved with the help of effective planning (Argyris, 2017). Opensky Communications should be
having a team which will work dedicatedly for the minimizing these security issues which can
have a negative impact on the growth of the company. The risk mitigation strategies should be
Direct Factors
Error, Awareness, Skill, Experinece
Apathy, incentive
Ignorance and negligence, Stress
Indirect factors
Budget, culture communication
Security policy, enforcement
Management support

8
IS SECURITY AND RISK MANAGEMENT
implemented in such a way so that it do not have an impact for the employers of Opensky
Communications to accomplish their business goals.
Use of logs records in monitoring and analysing the web server and email
server problems
Log files are defined as the type of file which are used by the developers of the
computers as well as the administrators of Opensky Communications. The primary objective of
using log in this ICT Corporation is the analysis of the activity of the users of a computer system.
The log records of different types of operation systems such as Microsoft Windows and Linux
are used to deal with security issues in an organisation which deals with sensitive data. The loss
or breach of the data can hamper the reputation of the organisation the business market; it might
affect the sales and production of the organisation which is the main reason behind the
incorporation of the use of log records for security purpose (Zhong, Wayne & Liden, 2016). The
most common threats such SQL injection, Weak audit trial; privilege elevation, backup data
exposure and DoS can be effectively monitored in the web servers with the use of the log
records. Database activity monitoring is the efficient way to monitor the issues in the email
servers. It helps in monitoring the vulnerabilities associated with the network any upcoming
threats. All the details related to the probable risks can be identified and notified to the users so
that effective risk mitigation strategies are developed in the first place in Opensky
Communications .
Use of audit log reports
The extensive developments in the fields of science and technology helped in analysing a
business situation in a more efficient way. The application of the audit log reports in different

9
IS SECURITY AND RISK MANAGEMENT
organisations helped them to perform the auditing analysis of all the contents of their services.
All the essential details of any project can be effectively seen and managed by accessing the
audit log report based on that particular project. Each entity associated with the project can be
filtered and analysed separately using these reports (Drake, Goldman & Lusch, 2015). Any kinds
of misuse or alteration of data can be effectively noticed in the audit log reports, so it can be said
that the application of this log reports provides a huge security for all the stakeholders of an
organization such as the internal stakeholders such as the operational managers and project
managers as well as the external stakeholders such as the vendors, suppliers of the raw materials
and all the third party teams associated with the enterprise as they also deal with the contents of
the organisation both in the network as well as in the production houses. Compared with the
other risk mitigating steps, these audit logs can be kept as long as it is required according to the
requirement of the organisation.
The issues related to the emails and web servers can be significantly controlled using this
audit logs because of their unique sequential activities. Each record or entity can be separately
evaluated using the audit logs.
Network security devices to control security and mitigate threats
There are different type of network security devices used for controlling security and
mitigate threats associated with the web and email servers such as the intrusion detection system,
SSH keys used for authentication purpose of a server with the help of the private and public key,
Firewalls which is the inbuilt security systems in a computer system, it needs to be updated
frequently, Public key infrastructure used for validation and authentication of certificates and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
IS SECURITY AND RISK MANAGEMENT
encrypted communication, and penetrative devices which scans the network and identify the
potential security concerns (Lin et al., 2015).
Conclusion and Recommendations
From the above report, it can be concluded that there are different types of security issues
in IS industry. This report also helps in understanding different tools to tackle major cyber
security issues such as ransom ware. Threats coming from network routers and switches are also
discussed in this paper with greater importance. All the types of threats associated with the web
and email servers are focussed in this report along with the risk management’s recommendations.
This report also focuses on the impact of human factors and organisational factors on the IS
security. The application of the audit log report is discussed in details in this paper by which
most companies can start incorporating it for its exquisite specifications to control the security of
an organisation.
For better productivity every organisation should have a dedicated team which will be
working to develop effective strategies regarding the risks and vulnerabilities associated with the
network used by the organisation. It can be also said that the five network security devices and
the network security tools should be used by every organization who deal with vital data among
all of its stakeholders so that the integrity and confidentiality of the data maintained. It can be
also suggested that audit log report should be more extensively used by organisations for the
auditing analysis, effective operations and internal investigations.

11
IS SECURITY AND RISK MANAGEMENT
Reference
Aljawarneh, S. A. (2017). Emerging Challenges, Security Issues, and Technologies in Online
Banking Systems. In Online Banking Security Measures and Data Protection (pp. 90-112). IGI
Global.
Argyris, C. (2017). Integrating the Individual and the Organization. Routledge.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and
internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Cavusoglu, H., Cavusoglu, H., Son, J. Y., & Benbasat, I. (2015). Institutional pressures in
security management: Direct and indirect influences on organizational investment in
information security control resources. Information & Management, 52(4), 385-400.
Chen, F., Dou, R., Li, M., & Wu, H. (2016). A flexible QoS-aware Web service composition
method by multi-objective optimization in cloud manufacturing. Computers & Industrial
Engineering, 99, 423-431.
Drake, K. D., Goldman, N. C., & Lusch, S. J. (2015). Do income tax-related deficiencies in
publicly disclosed PCAOB Part II reports influence audit client financial reporting of
income tax accounts?. The Accounting Review, 91(5), 1411-1439.
Elmrabit, N., Yang, S. H., & Yang, L. (2015, September). Insider threats in information security
categories and approaches. In Automation and Computing (ICAC), 2015 21st
International Conference on (pp. 1-6). IEEE.
Fetzer, C. (2016). Building critical applications using microservices. IEEE Security & Privacy,
(6), 86-89.

12
IS SECURITY AND RISK MANAGEMENT
Hollister, A., & Ferrier, P. (2015). EA-ISP-007-Information Handling Policy. policy, 17, 02.
Islam, A., Birtwhistle, D., Saha, T. K., & Diverall, B. (2016). Two-part synthetic test procedures
for the testing of medium-voltage load break switches. IEEE Transactions on Power
Delivery, 31(4), 1645-1654.
Kolodenker, E., Koch, W., Stringhini, G., & Egele, M. (2017, April). PayBreak: defense against
cryptographic ransomware. In Proceedings of the 2017 ACM on Asia Conference on
Computer and Communications Security (pp. 599-611). ACM.
Lin, W. C., Ke, S. W., & Tsai, C. F. (2015). CANN: An intrusion detection system based on
combining cluster centers and nearest neighbors. Knowledge-based systems, 78, 13-21.
Mattos, D. M. F., & Duarte, O. C. M. B. (2016). AuthFlow: authentication and access control
mechanism for software defined networking. Annals of Telecommunications, 71(11-12),
607-615.
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud
computing. Procedia Computer Science, 48, 204-209.
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it):
stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS),
2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
Zhong, L., Wayne, S. J., & Liden, R. C. (2016). Job engagement, perceived organizational
support, high‐performance human resource practices, and cultural value orientations: A
cross‐level investigation. Journal of Organizational Behavior, 37(6), 823-844.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
IS SECURITY AND RISK MANAGEMENT
Zhou, Y., Chen, K., Zhang, J., Leng, J., & Tang, Y. (2018). Exploiting the vulnerability of flow
table overflow in software-defined network: Attack model, evaluation, and
defense. Security and Communication Networks, 2018.

1 out of 14

+13062052269

info@desklib.com

IS Security and Risk Management: Vulnerabilities, Mitigation Strategies and Impact of Human Factors

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Information System Security and Risk Management

Security of Information System and Risk Management in MetaSoft System

IS Security & Risk Management: Threats, Mitigation Techniques and Improvements

IS security and Risk Management

Cyber-Security in Shipping Industry: Ransomware and Malware

IT Security and Risk Management: Threats, Malware, and Solutions