Secure Application Delivery with Zero Bugs


Added on  2019-09-24

10 Pages4334 Words299 Views
Secure Application Delivery with Zero Bugs_1

L01:Task 1- 4 components of information security risk management as per the case study are:a.As we saw that the internal employee shared the critical information about the company and the company did not come to know until the information was shared and given to cyber-criminal. This might have been avoided in the case if there had been a monitoring system to keenly monitor the activities performed by the employees. This could have been avoided if proper training related to cyber security was given to them and ensured that each employee adhered to the policies.b.It was also seen that mistakenly payment was delivered to the wrong supplier who was actually masquerading as a supplier but in reality was a cyber-criminal. This could have been avoided of there would have been a quarantine tool integrated in the system. That will automatically put the e-mails that look phishing in the spam folder so that a person can be more careful while doing any activity on it.c.There was also no mention about firewall and IPS that is intrusion prevention system which does not let the intruder or the cyber-criminal to peep in to the network and do the non-sense and unethical jobs. d.It was also observed employees were not well aware of all the policies related to cyber security. People did not know that data is the most important entity of the organization and should be kept secured at any cost. It is mandatory for all to know the criticality of the data and should be responsible enough to protect this in spite of compromising for money.Blakley, B., McDermott, E., & Geer, D. (2001, September). Information security is information risk management. InProceedings of the 2001 workshop on New security paradigms(pp. 97-104). ACM.Task 2: Evaluation of the compliance components:As per the case study it has no mention about the following devices and settings that are quite mandatory to be compliant in the cyber security:Firewall – It is a device that is used to secure the network. It works as a filter between the inner and the outer network environment. It filters the data in terms of IP addresses and the type of data being transferred. Firewall rules are added in the system in which it is specified which IP addresses are allowed to enter the infrastructure and rest of the data packets are dropped.IPS – AnIntrusion Prevention System(IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine.
Secure Application Delivery with Zero Bugs_2

Quarantine – Mailboxesarequarantinedwhen they affect the availability of the mailboxdatabase. Typically, a software fix from Microsoft is required before releasing amailboxfromquarantine.Security Monitoring – there should be a monitoring tool to keenly supervise the activities of the people and the system to avoid any outage.Logger – this is the device that records all the activities getting performed on the system so that these can be reviewed in future. This way, proper action can be taken against the intruder or the cyber security criminal and the upcoming outage can be avoided.Sefika, M., Sane, A., & Campbell, R. H. (1996, May). Monitoring compliance of a software system with its high-level design models. InProceedings of the 18th international conference on Software engineering(pp. 387-396). IEEE Computer Society.Task 3 : a. three information security risk management controls:1.Use the quarantine tool to send the phishing mails to the spam folder.2.Use a proper monitoring tool to keenly observe all the activities that are being performed to avoid any creep.3.Train every employee properly to make them aware of the issues caused by security breaches.Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management.MIS quarterly, 503-522.b. six controls that must have been analyzed before setting up the information system for te Mata Estate company:1.Using https instead of http while browsing the sites which restricts the intrusion of the criminals on the network links and further prevents the data to be exposed and conqueredby them. It works on the port n0. 443 and http works on 80. 2.Using internal mail system by using SMTP so that it is nit hosted on the public zone and hence it is ensured that data is being transferred internally. It is very easy to configure the mail server and uses linux as the platform on which this application is deployed.3.Using open SSL - this is secured socket layer that uses certificate for authentication and puts the minimum risk of data leakage. Actually the risk is nil in this case and uses encryption as well. The encryption could be asymmetric or symmetric. Asymmetric is public key encryption and private key is symmetric key encryption.4.It is also advised to deploy certain devices in the infra to ensure security of the data. These devices are mandatory to be integrated in the system and are named as firewall, logger, intrusion prevention system and quarantining methods. Firewall works as a filter between the inner and the outer network environment. It filters the data in terms of IP addresses and the type of data being transferred. Firewall rules are added in the system in
Secure Application Delivery with Zero Bugs_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Lucent pharma - Assignment

Identification of Threats using Nmap and Metasploit Network Security Tools

Network Forensics: Features and Benefits

Assignment on CyberSecurity

Signs of a Network Data Breach & How to Prevent One

Cyber Security Measures and Future Exploration