Dealing with Information Security
Added on 2022-11-14
9 Pages2754 Words414 Views
Management 1
Dealing with Information Security
By (Name)
Name of the Course
Title of the Instructor
Institutional Affiliation
Dealing with Information Security
By (Name)
Name of the Course
Title of the Instructor
Institutional Affiliation
Management 2
Executive summary
Federation University (FedUni) is an Australian based public university that is affiliated to the
Regional University Network (RUN). Their information security policy applies to the university
students, staff members and the university community such as the Ballarat Technology Park. Members
of the park include the International Business Machine (IBM), the Global Innovation Centre, the
Country Fire Authority, Ambulance Victoria, etc. Based on the joint research and survey conducted by
the institution, there is a niche in their existing information security policy. The vulnerability would
result to significant social and financial damages as a result of breaching of the students and staff
privacy, theft of confidential administrative documents among others (Abduljabbar and Basendwh
2016). These threats and vulnerabilities will compromise the university’s credibility, reputation and
security capabilities. Strategies and recommendations have been presented to be made on various areas
of interest on the information security policy. These areas include data security, internet usage, student
security and staff security. The recommendations on data security present an urgent attention from the
university. 55% of the student population are vulnerable to threats under data security. This requires
urgent attention from the relevant authorities before irreversible damage is incurred.
Introduction
Federation University and its stakeholders greatly invest in its digital services and infrastructure. This
is quite evident from the institution’s website, free internet connectivity, online courses the university
offers and the Ballarat Technology Park. The International Business Machine (IBM) has plans to set up
a $10 million structure on the park. However, these advancements in technology present new loopholes
and vulnerabilities for the institution (Aljawarneh and Yassein 2016). The threats are presented by both
internal and external factors. A full proof information security plan and policy would therefore be able
to mitigate the existing threats and cater for any vulnerability that may surface in the future. The areas
of interest are data security, internet usage, student security and staff security (Birk et al. 2016). The
underscore goes to data security as it would result to a greater financial and social damage compared to
the other areas.
Executive summary
Federation University (FedUni) is an Australian based public university that is affiliated to the
Regional University Network (RUN). Their information security policy applies to the university
students, staff members and the university community such as the Ballarat Technology Park. Members
of the park include the International Business Machine (IBM), the Global Innovation Centre, the
Country Fire Authority, Ambulance Victoria, etc. Based on the joint research and survey conducted by
the institution, there is a niche in their existing information security policy. The vulnerability would
result to significant social and financial damages as a result of breaching of the students and staff
privacy, theft of confidential administrative documents among others (Abduljabbar and Basendwh
2016). These threats and vulnerabilities will compromise the university’s credibility, reputation and
security capabilities. Strategies and recommendations have been presented to be made on various areas
of interest on the information security policy. These areas include data security, internet usage, student
security and staff security. The recommendations on data security present an urgent attention from the
university. 55% of the student population are vulnerable to threats under data security. This requires
urgent attention from the relevant authorities before irreversible damage is incurred.
Introduction
Federation University and its stakeholders greatly invest in its digital services and infrastructure. This
is quite evident from the institution’s website, free internet connectivity, online courses the university
offers and the Ballarat Technology Park. The International Business Machine (IBM) has plans to set up
a $10 million structure on the park. However, these advancements in technology present new loopholes
and vulnerabilities for the institution (Aljawarneh and Yassein 2016). The threats are presented by both
internal and external factors. A full proof information security plan and policy would therefore be able
to mitigate the existing threats and cater for any vulnerability that may surface in the future. The areas
of interest are data security, internet usage, student security and staff security (Birk et al. 2016). The
underscore goes to data security as it would result to a greater financial and social damage compared to
the other areas.
Management 3
Data Security
Data security can be classified into two major areas namely; data confidentiality and communications
security. As a necessity, the Federation University has a website where both the students and staff are
supposed to login to their respective portals. They are supposed to give out their personal details such
as their emails and passwords which are meant to enhance the security of their information. These
portals contain the personal details of the users such as the user ID, address, emergency and personal
contacts. A hacker who is a threat agent may decide to carry out an attack through social engineering
techniques such an attack such as a phishing or pharming. In the case for phishing, the attacker will
disguise as an entrusted source. In such a case, the attacker will create a similar website from the
original institution’s website and host it on the internet. The host name and address of the fraudulent
website will be very similar to the original website. Majority of the students and staff members will not
be aware of the existence of this fraudulent website and they will just log in using their usernames and
passwords. This information will be collected by the attacker and used for malicious purposes. In the
case for pharming, once you click onto the correct website, it will automatically redirect you into the
fraudulent website (Ismail and Ali 2016).
Most of the times, the attackers are disgruntled students or staff members. This is because in order to
carry out such attacks one has to have substantial information about the institution. Penetration testing
on this particular area was carried out with the Centre for Informatics and Applied Optimisation (CIAO)
which is a research centre in the institution. The results were astonishing, over 55% of the students
logged into the fraudulent website. The university should formulate an awareness program to enlighten
the students on the existence of fraudulent websites. This could be through internal conferences or
seminars (Sommestad, Karlzén and Hallberg 2015).
This therefore created the need to amend the information security policy on data security. The policy
would be based on the assumption that the attacker is either the students or the staff members.
Development of a convincing fraudulent website would require the attacker to have access to an
Data Security
Data security can be classified into two major areas namely; data confidentiality and communications
security. As a necessity, the Federation University has a website where both the students and staff are
supposed to login to their respective portals. They are supposed to give out their personal details such
as their emails and passwords which are meant to enhance the security of their information. These
portals contain the personal details of the users such as the user ID, address, emergency and personal
contacts. A hacker who is a threat agent may decide to carry out an attack through social engineering
techniques such an attack such as a phishing or pharming. In the case for phishing, the attacker will
disguise as an entrusted source. In such a case, the attacker will create a similar website from the
original institution’s website and host it on the internet. The host name and address of the fraudulent
website will be very similar to the original website. Majority of the students and staff members will not
be aware of the existence of this fraudulent website and they will just log in using their usernames and
passwords. This information will be collected by the attacker and used for malicious purposes. In the
case for pharming, once you click onto the correct website, it will automatically redirect you into the
fraudulent website (Ismail and Ali 2016).
Most of the times, the attackers are disgruntled students or staff members. This is because in order to
carry out such attacks one has to have substantial information about the institution. Penetration testing
on this particular area was carried out with the Centre for Informatics and Applied Optimisation (CIAO)
which is a research centre in the institution. The results were astonishing, over 55% of the students
logged into the fraudulent website. The university should formulate an awareness program to enlighten
the students on the existence of fraudulent websites. This could be through internal conferences or
seminars (Sommestad, Karlzén and Hallberg 2015).
This therefore created the need to amend the information security policy on data security. The policy
would be based on the assumption that the attacker is either the students or the staff members.
Development of a convincing fraudulent website would require the attacker to have access to an
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network Security and Types of Security Threats and Attacks in Information Technologylg...
|8
|2577
|274
Identifying and Combating Emerging Threats in Information Systemslg...
|9
|1758
|300
Understanding the Cybercrimelg...
|9
|2297
|41
Security Threats in Maritime Industry and West Africa: Risks, Impacts, and Recommendationslg...
|12
|3176
|136
Sample Assignment on Cybercrime PDFlg...
|6
|1332
|63
Explanation of Meltdown and Spectre Vulnerabilitieslg...
|11
|3042
|21