IT Security Management Program for a Shipping Agency Database

Verified

Added on  2023/06/03

|13
|1987
|279
AI Summary
This article explores security management techniques in shipping agency database, including risks associated, physical and software solutions, and business continuity and disaster recovery plan.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
5BUIS003W.1 Information Technology Security 1
IT Security Management Program for a Shipping Agency Database
Student
Course
Tutor
Institutional Affiliations
State
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
5BUIS003W.1 Information Technology Security 2
Information Security Management Program for a Shipping Agency Database
Owing to the current awareness and cyber security profile in sipping agencies, threats to
shipping is the reality that should be given immediate attention. In the year 2015, shipping was
one of the top most cyber-attacked industry. Futurenautics (2015) cites that sipping agencies
should use the wakeup call in securing its critical infrastructures (both data assets and physical
assets). 2015 survey by Futurenautics suggests that 12 percent of shipping companies have
received training on cyber-security. The survey additionally finds that 43 percent of shipping
companies have been aware of cyber-security management controls availed by their organization
for personal web browsing and use of external data storage.
Basing on the analysis, we can arrive at a troubling conclusion about lack of cyber safety
in shipping companies, especially company databases. Following this rationale, this article seek
to explore security management techniques in shipping agency database. Database is the heart of
every organization and hacking it may lead to serious loses to the organization. We will first
explore the risks associated with shipping company database and then find out various physical
and software solutions to the security problems and their respective limitations and lastly
business continuity and disaster recovery plan that should be revoked on the off chance that the
agency is attacked by cyber-criminals.
Risks identified in the scenario
Assets Risks Supporting
Arguments
Impacts
Database server Packet sniffing Cyber-criminals can
gain access and
The primary target of
packet sniffers is to
Document Page
5BUIS003W.1 Information Technology Security 3
control to the
organization network
where the
organization database
server is hosted and
utilize sniffer to
capture the packets
which are flowing to
and from the database
server. They may
then analyze the
packets and decipher
passwords and
usernames in the
server (Gurban,
Groza, and Murvay,
2018, pp. 223-230).
The main purpose for
this information is to
access the root
database
administration and
compromise the
get the organization
details for malicious
purposes. Therefore,
this threat may lead
to lose of the
customers’ sensitive
information from the
company’s database
like credit card
details among others.
It may end up causing
harm to the
organization
customers. Packet
sniffing is dangerous
to the company as it
makes the
organization to be
liable for the attack,
which might degrade
the image of the
agency in the market
(Sicari, Rizzardi,
Document Page
5BUIS003W.1 Information Technology Security 4
organization database
which might end up
losing the integrity,
availability and
confidentiality of the
company’s data.
Cappiello, Miorandi,
and Coen-Porisini,
2018, pp.59-74).
Organization’s
customers’ sensitive
information
Email phishing and
malware.
Shipping agency
information system
contains the
organization and
customers’ sensitive
information. Hackers
may utilize email
phishing to lure the
organization
customers into giving
their sensitive
information (Chiew,
Yong, and Tan, 2018,
pp. 23-29). Also,
unaware that malware
has infected the
agency information
When cybercriminals
launch phishing and
malware attacks, they
may lead to impacts
of considerable
magnitude ranging
from monetary fraud
to thievery. Cargos
and even customers
may be hijacked,
which may not only
affect the
organization’s users
but also compromise
the confidence in the
organization’s
products and services

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
5BUIS003W.1 Information Technology Security 5
system database may
lead to lose of
sensitive data to
cyber-criminals.
(Chiew, Yong, and
Tan, 2018, pp. 23-
29).
Physical security solutions and limitations
Assets Risks Physical security
solutions
Limitations
Database server Packet sniffing The physical means
for reducing packet
sniffing is to ensure
that all the physical
machines hosting the
company’s database
server are locked in a
secure room and
monitored using
CCTV in order to
prevent unauthorized
entry and theft
(Sharma, Batra,
Pandey, Narwal, and
This technique is
however,
disadvantaged by the
fact that hackers may
use wireless packet
sniffers to access the
database servers from
outside the server
room and may go
unrecognized.
Document Page
5BUIS003W.1 Information Technology Security 6
Kumar, 2018, pp.9).
Organization’s
customers’ sensitive
information
Email phishing and
malware.
Creating a physical
security awareness
and training program
would be the most
appropriate physical
method for mitigating
this risk (Wash and
Cooper, 2018, pp.
492). This method
involve making the
organization’s
employees aware of
the email phishing
and malware risks
and training them
how to avoid the
risks. It is important
as the emphasis on
physical security now
a days tend to be
neglected by
employees and
This mitigation
technique is however
disadvantaged by the
fact that crews may
not practice their due
diligence pertaining
to mandatory
physical security
requirements as said
in the training and
awareness sessions.
This may make the
agency to be legible
if by any chance an
attack occur which
may diminish the
image of the
organization.
Document Page
5BUIS003W.1 Information Technology Security 7
customers which may
lead to attacks in the
organization’s
database, thus
reinforcing physical
awareness and
security training
would reduce the
chances of such
attacks.
Software security solutions and limitations
Assets Risks Software security
solutions
Limitations
Database server Packet sniffing There are several
software security
solutions that can be
executed to mitigate
the sniffing attack.
First, this attack can
be avoided by
running an admin
script on a daily basis
on the network in
These approaches
cannot fully solve
packet attacks no
matter how good they
are. Sniffers may
only see network
traffics which cross
the data lines where
they are connected,
they at least capture

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
5BUIS003W.1 Information Technology Security 8
order to disable the
promiscuous modes
on the network
interfaces which
results into shutting
down the sniffing
software. Another
important way of
dealing with sniffing
attacks is the use of
anti-sniffing tools to
detect the interface
mode of the network
along with different
process as well as
software which are
present in the
organization’s server.
Most importantly, the
organization should
ensure that computers
within the
headquarters and
the data which are
coming out and in to
the organization
database servers
which is good but
may not be adequate.
A lot which are going
on in the network
may not be known if
captures take place
only at the edge.
Document Page
5BUIS003W.1 Information Technology Security 9
those that are in ships
and other
headquarters use
encrypted network
protocol like IPSEC
to encrypt any traffic
from the information
system
(Balasubramanian,
2018, pp. 1312-
1342).
Organization’s
customers’ sensitive
information
Email phishing and
malware.
To avoid email
phishing and malware
attacks to the agency
database, the
organization’s email
security gateway
must be reinforced
with multiple
scanning solutions for
increasing the
protection from
known and unknown
The limitation of this
approach is that
phishers can
sometimes bypass the
filter’s database by
transforming words.
This may lead to
phishing which may
result to hijack of
cargos and even
customers.
Document Page
5BUIS003W.1 Information Technology Security 10
threats thus
decreasing the
vulnerability that
disables or evades
anti-malware engines
(Sampat, Saharkar,
Pandey, and Lopes,
2018, pp.121).
Additionally, this risk
can be reduced by
applying data
sanitization to
remove all active
codes from
attachments in the
emails. This helps in
automatic removal of
other possible threats.
Business continuity and disaster recovery plan for a shipping organization
This section presents a strategy for maintaining business continuity in the event of
disruptions from network sniffing and email phishing attacks. The business continuity and
disaster recovery plan is in compliance with NIST SP 800-34. This plan should be invoked if by

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
5BUIS003W.1 Information Technology Security 11
any case the company suffer loss of data, hijack of cargos and ransomware from the
aforementioned attacks (Charlesworth, Mazur, and Marinelli, 2018, pp.22-30).
a. Sensitive information backup
All sensitive information of the organization including customers data that would be
stolen on the off chance that a cyber-terror occur are maintained and controlled by the disaster
recovery department (Ferguson, 2018, pp.243-255). Some of the information will be backed up
periodically at an offsite location as part of the organization disaster management department’s
normal operation.
b. Hijack of cargos
The organization shall insure all its assets so that whenever a phishing attack lead to
hijack of the company’s cargos, the company shall receive recovery from insurance to continue
the business.
c. Ransomware attack
If a ransomware attack occur, the organization users, including staffs may be decrypted
from system until a ransomware fee is paid. To recover from such attack, the company shall
allocate funds for recovering from ransomware attacks.
Document Page
5BUIS003W.1 Information Technology Security 12
Reference list
Balasubramanian, K., 2018, Web Application Vulnerabilities and Their Countermeasures.
In Application Development and Design: Concepts, Methodologies, Tools, and Applications, pp.
1312-1342, IGI Global.
Charlesworth, A., Mazur, S. and Marinelli, V., 2018, PREPARING FOR NATURAL
DISASTERS: After years of relatively mild activity, natural disasters hit hard in 2017, as a
devastating series of hurricanes, severe storms, wildfires, earthquakes and droughts caused $353
billion in economic losses and $134 billion in insured losses worldwide. Risk
Management, 65(5), pp.22-30.
Chiew, K.L., Yong, K.S.C. and Tan, C.L., 2018, A survey of phishing attacks: their types,
vectors and technical approaches, Expert Systems with Applications, pp. 23-29.
Ferguson, C., 2018, Business continuity and disaster management within the public service in
relation to a national development plan. Journal of business continuity & emergency
planning, 11(3), pp.243-255.
Futurenautics, 2015, Crew Connectivity 2015, Available from:
<http://www.futurenautics.com/2015/11/communicating-or-connected/> [Accessed on 23rd
October 2018]
Gurban, E.H., Groza, B., and Murvay, P.S., 2018, June, Risk assessment and security
countermeasures for vehicular instrument clusters, In 2018 48th Annual IEEE/IFIP International
Conference on Dependable Systems and Networks Workshops (DSN-W) (pp. 223-230). IEEE.
Document Page
5BUIS003W.1 Information Technology Security 13
Sampat, H., Saharkar, M., Pandey, A., and Lopes, H., 2018, Detection of Phishing Website
Using Machine Learning, pp.121.
Sharma, A., Batra, D., Pandey, R., Narwal, P., and Kumar, V., 2018, Distributed Denial of
Service Attack and its Countermeasures, pp. 9.
Sicari, S., Rizzardi, A., Cappiello, C., Miorandi, D., and Coen-Porisini, A., 2018, Toward data
governance in the internet of things, In New advances in the internet of things, pp. 59-74,
Springer, Cham.
Wash, R. and Cooper, M.M., 2018, April, Who Provides Phishing Training? Facts, Stories, and
People like Me, In Proceedings of the 2018 CHI Conference on Human Factors in Computing
Systems, p. 492, ACM.
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]