Secure Application Delivery with Zero Bugs

Verified

Added on  2019/09/24

|10
|4334
|299
Report
AI Summary
The assignment content discusses the importance of incident management policies and codes of professional practice for IT professionals. The first part highlights four incident management policies to minimize incidents in an organization's system, including hardening servers and tools, proper supply chain management, secure credentials, and granular user access. The second part presents four codes of professional practice for IT professionals, emphasizing the need to report adverse consequences, act competently, behave appropriately, and inform others of the consequences of not following advice. Additionally, it mentions the New Zealand codes of ethics, which include eight core values that reflect responsibility towards ethics and secured data management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
qwertyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwertyuiopas
dfghjklzxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmqwerty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmrty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
Networking
Assignment

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
L01:
Task 1- 4 components of information security risk management as per the case study are:
a. As we saw that the internal employee shared the critical information about the company
and the company did not come to know until the information was shared and given to
cyber-criminal. This might have been avoided in the case if there had been a monitoring
system to keenly monitor the activities performed by the employees. This could have
been avoided if proper training related to cyber security was given to them and ensured
that each employee adhered to the policies.
b. It was also seen that mistakenly payment was delivered to the wrong supplier who was
actually masquerading as a supplier but in reality was a cyber-criminal. This could have
been avoided of there would have been a quarantine tool integrated in the system. That
will automatically put the e-mails that look phishing in the spam folder so that a person
can be more careful while doing any activity on it.
c. There was also no mention about firewall and IPS that is intrusion prevention system
which does not let the intruder or the cyber-criminal to peep in to the network and do the
non-sense and unethical jobs.
d. It was also observed employees were not well aware of all the policies related to cyber
security. People did not know that data is the most important entity of the organization
and should be kept secured at any cost. It is mandatory for all to know the criticality of
the data and should be responsible enough to protect this in spite of compromising for
money.
Blakley, B., McDermott, E., & Geer, D. (2001, September). Information security is information risk
management. In Proceedings of the 2001 workshop on New security paradigms (pp. 97-104).
ACM.
Task 2: Evaluation of the compliance components:
As per the case study it has no mention about the following devices and settings that are quite
mandatory to be compliant in the cyber security:
Firewall – It is a device that is used to secure the network. It works as a filter between the inner
and the outer network environment. It filters the data in terms of IP addresses and the type of
data being transferred. Firewall rules are added in the system in which it is specified which IP
addresses are allowed to enter the infrastructure and rest of the data packets are dropped.
IPS – An Intrusion Prevention System (IPS) is a network security/threat prevention technology
that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability
exploits usually come in the form of malicious inputs to a target application or service that
attackers use to interrupt and gain control of an application or machine.
Document Page
Quarantine – Mailboxes are quarantined when they affect the availability of the
mailbox database. Typically, a software fix from Microsoft is required before releasing
a mailbox from quarantine.
Security Monitoring – there should be a monitoring tool to keenly supervise the activities of the
people and the system to avoid any outage.
Logger – this is the device that records all the activities getting performed on the system so that
these can be reviewed in future. This way, proper action can be taken against the intruder or the
cyber security criminal and the upcoming outage can be avoided.
Sefika, M., Sane, A., & Campbell, R. H. (1996, May). Monitoring compliance of a software system with its
high-level design models. In Proceedings of the 18th international conference on Software
engineering (pp. 387-396). IEEE Computer Society.
Task 3 : a. three information security risk management controls:
1. Use the quarantine tool to send the phishing mails to the spam folder.
2. Use a proper monitoring tool to keenly observe all the activities that are being performed
to avoid any creep.
3. Train every employee properly to make them aware of the issues caused by security
breaches.
Spears, J. L., & Barki, H. (2010). User participation in information systems security risk
management. MIS quarterly, 503-522.
b. six controls that must have been analyzed before setting up the information system for
te Mata Estate company:
1. Using https instead of http while browsing the sites which restricts the intrusion of the
criminals on the network links and further prevents the data to be exposed and conquered
by them. It works on the port n0. 443 and http works on 80.
2. Using internal mail system by using SMTP so that it is nit hosted on the public zone and
hence it is ensured that data is being transferred internally. It is very easy to configure
the mail server and uses linux as the platform on which this application is deployed.
3. Using open SSL - this is secured socket layer that uses certificate for authentication and
puts the minimum risk of data leakage. Actually the risk is nil in this case and uses
encryption as well. The encryption could be asymmetric or symmetric. Asymmetric is
public key encryption and private key is symmetric key encryption.
4. It is also advised to deploy certain devices in the infra to ensure security of the data.
These devices are mandatory to be integrated in the system and are named as firewall,
logger, intrusion prevention system and quarantining methods. Firewall works as a filter
between the inner and the outer network environment. It filters the data in terms of IP
addresses and the type of data being transferred. Firewall rules are added in the system in
which it is specified which IP addresses are allowed to enter the infrastructure and rest of
Document Page
the data packets are dropped. Logger records all the activities getting performed on the
system so that these can be reviewed in future. This way, proper action can be taken
against the intruder or the cyber security criminal and the upcoming outage can be
avoided.
Spears, J. L., & Barki, H. (2010). User participation in information systems security risk
management. MIS quarterly, 503-522.
L02:
Task 4: evaluation of ethical hacking that have helped the company to come out of the incident
of 2008:
After the ransom ware incident in 2008, it was very tough to recover the data from the cyber-
criminal. All thanks to the ethical hacker who was skilled enough to do so and recover the stolen
data without giving the money to the attacker. Networks, computers and other wireless devices:
all are tested for protection gaps. Any weak spots get reported for upgrading. Incidence response
is also evaluated (did anyone notice and react to the intrusions?). Previous breaches can be
analyzed like a modern day whodunit. There has been a great breach in data security and it was
very critical to recover the data. Ethical hacker with his immense skills in the field of
cryptography, devised an algorithm to get into the lines of ransom code and broke the code of
criminal and rescued the company’s data.
The hacker-for-hire can also do risk assessments, and work with each department to clog holes.
They can also recommend, and install, tools that defend against assaults. After the ransom ware
incident in 2008, it was very tough to recover the data from the cyber-criminal. All thanks to the
ethical hacker who was skilled enough to do so and recover the stolen data without giving the
money to the attacker. Employees should be well aware of all the policies related to network and
security. Companies and organizations should hire training experts who are pro in their field of
security and make the employees aware of what can be done to them if they compromise the data
which is too critical for the company.
Engebretson, P. (2013). The basics of hacking and penetration testing: ethical hacking and penetration
testing made easy. Elsevier.
Task 5: Measures to counter the effects of phishing:
First one is to provide proper training to all the employees to avoid such incidents. It ensures that
all the employees in the company are well aware of the laws and policies of the networking
security. Proper demonstrations must be provided to provide more clarity on the phishing mails
and how to avoid opening such mails. Past incidents should be highlighted that were caused due
to the phishing mails and must not be repeated in the coming future.
Employees should be well aware of all the policies related to network and security. Companies
and organizations should hire training experts who are pro in their field of security and make the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
employees aware of what can be done to them if they compromise the data which is too critical
for the company.
There is many phishing software are used by the companies to make their customized tool and
monitor the incoming mails. This will then check the kind of mail according to its past records
and separate the phishing mails from genuine mails. Mailboxes are quarantined when they affect
the availability of the mailbox database. Typically, a software fix from Microsoft is required
before releasing a mailbox from quarantine. It helps the user to distinguish between the genuine
mail and the spammed mail. This way, proper action can be taken against the intruder or the
cyber security criminal and the upcoming outage can be avoided. This helps the company to take
a proactive decision against cyber-crimes and alerts the users accessing mail boxes.
Baker, E. M., Tedesco, J. C., & Baker, W. H. (2008). Consumer privacy and trust online: an experimental
analysis of anti-phishing promotional effects. Journal of Website Promotion, 2(1-2), 89-113.
Task 6 : analysis of the network security at te mata estate to prevent security breaches:
As discussed above also, there was no mentioning about the firewall and IPS in the system which
is why such major incidents took place so frequently. It was also observed that employees were
not so well aware of the fact that data is the most important entity any company can have and no
one can afford to compromise its integrity. Employees should be well aware of all the policies
related to network and security. Companies and organizations should hire training experts who
are pro in their field of security and make the employees aware of what can be done to them if
they compromise the data which is too critical for the company. Proper training will not only
hone their skills but also make raise a sense of responsibility in them. It ensures that all the
employees in the company are well aware of the laws and policies of the networking security.
Proper demonstrations must be provided to provide more clarity on the phishing mails and how
to avoid opening such mails. Past incidents should be highlighted that were caused due to the
phishing mails and must not be repeated in the coming future.
Also, it was found that there is no monitoring system which can keenly supervise and monitor
who is doing what. It is mandatory to have the monitoring tool to log each one’s activity and
analyze that no employee is harming the system. Logger records all the activities getting
performed on the system so that these can be reviewed in future. This way, proper action can be
taken against the intruder or the cyber security criminal and the upcoming outage can be avoided.
Stallings, W. (1995). Network and internetwork security: principles and practice (Vol. 1). Englewood Cliffs,
New Jersey: Prentice Hall.
Document Page
Task 7: three ways for secured way of communication:
1. Using https instead of http while browsing the sites which restricts the intrusion of the
criminals on the network links and further prevents the data to be exposed and conquered
by them. It works on the port n0. 443 and http works on 80.
2. Using internal mail system by using SMTP so that it is nit hosted on the public zone and
hence it is ensured that data is being transferred internally. It is very easy to configure
the mail server and uses Linux as the platform on which this application is deployed.
3. Using open SSL - this is secured socket layer that uses certificate for authentication and
puts the minimum risk of data leakage. Actually the risk is nil in this case and uses
encryption as well. The encryption could be asymmetric or symmetric. Asymmetric is
public key encryption and private key is symmetric key encryption.
4. It is also advised to deploy certain devices in the infra to ensure security of the data.
These devices are mandatory to be integrated in the system and are named as firewall,
logger, intrusion prevention system and quarantining methods. Firewall works as a filter
between the inner and the outer network environment. It filters the data in terms of IP
addresses and the type of data being transferred. Firewall rules are added in the system in
which it is specified which IP addresses are allowed to enter the infrastructure and rest of
the data packets are dropped. Logger records all the activities getting performed on the
system so that these can be reviewed in future. This way, proper action can be taken
against the intruder or the cyber security criminal and the upcoming outage can be
avoided.
Parikh, P. P., Kanabar, M. G., & Sidhu, T. S. (2010, July). Opportunities and challenges of
wireless communication technologies for smart grid applications. In IEEE PES General
Meeting (pp. 1-7). IEEE.
L03:
Task 8: three components of information security operations:
There are certain components that need to be integrated in the infra to make it secure and
protected from the attacks of cyber-criminals.
Firewall – It is a device that is used to secure the network. It works as a filter between the inner
and the outer network environment. It filters the data in terms of IP addresses and the type of
data being transferred. Firewall rules are added in the system in which it is specified which IP
addresses are allowed to enter the infrastructure and rest of the data packets are dropped. Every
company has a network team that sets specific rules in the firewall to avoid the entry id
undesired data packets
IPS – An Intrusion Prevention System (IPS) is a network security/threat prevention technology
that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability
Document Page
exploits usually come in the form of malicious inputs to a target application or service that
attackers use to interrupt and gain control of an application or machine.
Quarantine – Mailboxes are quarantined when they affect the availability of the
mailbox database. Typically, a software fix from Microsoft is required before releasing
a mailbox from quarantine. It helps the user to distinguish between the genuine mail and the
spammed mail. This way, proper action can be taken against the intruder or the cyber security
criminal and the upcoming outage can be avoided. This helps the company to take a proactive
decision against cyber-crimes and alerts the users accessing mail boxes.
Logger – this is the device that records all the activities getting performed on the system so that
these can be reviewed in future. This way, proper action can be taken against the intruder or the
cyber security criminal and the upcoming outage can be avoided.
Spears, J. L., & Barki, H. (2010). User participation in information systems security risk
management. MIS quarterly, 503-522.
Task 9: critical analysis of vulnerability analysis and testing for implementing a secured system:
When there is vulnerability analysis, it unfolds the upcoming threats in the system and alerts the
engineers to act wisely before any outage or any serious security attack hits the system.
Network-based scans are used to identify possible network security attacks. This type of scan
can also detect vulnerable systems on wired or wireless networks. Whenever any server is
procured and ready to send to the customer, we first perform its VA and then send the same
to the customer. All the IPs are scanned and looked for hidden threats in the system. A clean
VA report without any threats is a green flag to deliver the servers.
Host-based scans are used to locate and identify vulnerabilities in servers, workstations or
other network hosts. This type of scan usually examines ports and services that may also be
visible to network-based scans, but it offers greater visibility into the configuration settings
and patch history of scanned systems.
Wireless network scans of an organization's Wi-Fi networks usually focus on points of attack
in the wireless network infrastructure. In addition to identifying rogue access points, a
wireless network scan can also validate that a company's network is securely configured.
Application scans can be used to test websites in order to detect known software
vulnerabilities and erroneous configurations in network or web applications. A clean VA

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
report without any threats is a green flag to deliver the applications to the customer with no
bugs in it.
Huang, Y. W., Yu, F., Hang, C., Tsai, C. H., Lee, D. T., & Kuo, S. Y. (2004, May). Securing web
application code by static analysis and runtime protection. In Proceedings of the 13th international
conference on World Wide Web (pp. 40-52). ACM.
Task 10: four incident management policies:
Incident management is the core of any risk management process. Incident is the outage that is
not good for the organization. There must be some policies that should be adhered to minimize
the rate of incidents.
1. All the servers and tools in the system must be hardened properly to ensure they are
robust enough to fight against the attacks done by intruders or cyber security criminals.
All the information security components must be integrated properly in the system to
make it secure and robust.
2. There should be a proper supply chain management approach followed to avoid last
minute hustle and allow the smooth working of the system. This also avoids mess to a
great extent. A smooth process often leads to a smooth completion of the prject.
3. To avoid unauthorized access, credentials should always be shared with only limited
users to avoid security breach. Also, password should be kept strong and must be
changed at regular intervals. This will also make the system robust to a great extent.
4. Access to the users should be granular. That means, every user should be granted only
that much rights which is essential for them. Full rights should not be given to any user to
avoid system outage. Everyone should login with their own unique id so that it is easy to
track their logs and activities. If anyone tries to creep into the system, he or she will be
caught red handed after the analysis of logs are done.
Mahmassain, H. S., Haas, C., Zhou, S., & Peterman, J. (1999). Evaluation of incident detection
methodologies (No. FHWA/TX-00/1795-1). University of Texas at Austin. Center for
Transportation Research.
L05:
Task 11: four codes of Professional practice of IT Professionals:
When working in It or any field, there are some protocols that have to be followed in order to
maintain security in the system. These are outlined by the management and cannot afford to
compromise on any of the guidelines.
1. Report adverse consequences – it should always be kept in mind that any adverse incident
should be reported immediately without any delay to prevent any serious outage to occur.
This will ensure that no culprit is spared and every one learns a lesson of how important
data protection is.
Document Page
2. Act competently – be like a competent with the cyber criminals, if they think n, you think
n+1 so that you are always one step ahead of them and mitigate the issues.
3. Behave appropriately – it should always be kept in mind that any adverse incident should
be reported immediately without any delay to prevent any serious outage to occur. Your
behavior should always be proactive. if you find any one not following the code, report
immediately to prevent the loss of critical data. This will ensure that no culprit is spared
and every one learns a lesson of how important data protection is.
4. Inform others of consequences of not following advice – be very strict about the policies
and warn other employees what may happen if they do not follow the laws. This will
ensure that no culprit is spared and every one learns a lesson of how important data
protection is.
Gallagher, A. (2004). Dignity and respect for dignity-two key health professional values: implications for
nursing practice. Nursing ethics, 11(6), 587-599.
Task 12: New Zealand codes of ethics:
New Zealand has 8 core values that reflect its responsibility towards the awareness towards
ethics and secured data management:
5. Take reasonable steps to safeguard health and safety – it ensures that proper steps are
taken to protect the most important entity of the organization and that entity is data.
6. Have regard to effects on environment – one should know what to use and what not to use
to safeguard the environment.
7. Report adverse consequences – it should always be kept in mind that any adverse incident
should be reported immediately without any delay to prevent any serious outage to occur.
8. Act competently – be like a competent with the cyber criminals, if they think n, you think
n+1 so that you are always one step ahead of them and mitigate the issues.
9. Behave appropriately – it should always be kept in mind that any adverse incident should
be reported immediately without any delay to prevent any serious outage to occur. Your
behavior should always be proactive.
10. Inform others of consequences of not following advice – be very strict about the policies
and warn other employees what may happen if they do not follow the laws.
11. Maintain confidentiality – always treat the company data as the most important entity and
always protect it with every danger as you can.
12. Report breach of Code – if you find any one not following the code, report immediately to
prevent the loss of critical data. This will ensure that no culprit is spared and every one
learns a lesson of how important data protection is.
Organization, N. Z. N. (2010). Code of ethics. New Zealand Nurses Organization.
References:
Hirsch, R. L., Bezdek, R. M., & Wendling, R. M. (2005). Peaking of world oil production: impacts, mitigation, & risk
management (No. DOE/NETL-IR-2005-093; NETL-TPR-2319). National Energy Technology Laboratory (NETL), Pittsburgh,
PA, Morgantown, WV, and Albany, OR.
Document Page
Nishat Faisal, M., Banwet, D. K., & Shankar, R. (2006). Supply chain risk mitigation: modeling the enablers. Business
Process Management Journal, 12(4), 535-552.
Chen, Y., & Shu, J. (2011). Wireless sensor networks security issues as smart materials systems. In Applied Mechanics and
Materials (Vol. 63, pp. 497-501). Trans Tech Publications.
Sensarma, D., & Sarma, S. S. (2014). Gmdes: a graph based modified data encryption standard algorithm with enhanced
seurity. Int J Res Eng Technol, 3(3), 653-60.
Jiang, Q., Kumar, N., Ma, J., Shen, J., He, D., & Chilamkurti, N. (2017). A privacyaware twofactor authentication protocol
based on elliptic curve cryptography for wireless sensor networks. International Journal of Network Management, 27(3),
e1937.
Cheng, F., Ferring, P., & Meinel, C. (2003). Lock-Keeper technology: a new network security solution. Univ., Mathematik,
Informatik.
1 out of 10
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]