Developing Information Security Policies for Xero

Verified

Added on  2023/05/29

|14
|4396
|167
AI Summary
This report provides security policies for Xero to address potential threats and vulnerabilities related to computer networks. It discusses security tools and processes such as encryption, firewall, and cryptography to avoid data breaches and cyber-attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
INFORMATION SECURITY POLICY
1
Managing information system

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
INFORMATION SECURITY POLICY
2
Executive summary
Security of information is a very serious problem in this modern generation and
most the consumers use internet connectivity to share data due to which the issue of
security threats increases. In the last five years the information and technology changed
the way of communication and Xero used advanced communication networks to transfer
data from one place to another. The main problem faced by this organization is security
and privacy issue due to which their employees are facing data breach and malware attack.
The main objective of this report is to develop security policies for Xero to address the
potential threats and vulnerabilities related to computer networks. Xero is a New Zealand
company that provide information technology services to their customers and also provide
software as a service. There are many security threats occur in an information system, for
example, malware attack, denial of service attack, sniffer, and computer viruses and many
more which will be discussed in this report. With the help of this report, readers can
increase their knowledge in the sector of information security. Xero should adopt security
tools and processes, for example, encryption, firewall, and cryptography and robust
technique by using this method they can avoid the issue of data breach and cyber-attacks.
Document Page
INFORMATION SECURITY POLICY
3
Table of Contents
Executive summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Overview of Xero.........................................................................................................................................4
Information security policies for Xero.........................................................................................................4
Upgrade security system.........................................................................................................................6
Operating security devices......................................................................................................................6
Password management system...............................................................................................................6
E-mail and messages security..................................................................................................................7
Upgrade the encryption approach...........................................................................................................7
Use of a digital certification.....................................................................................................................7
Authentication process............................................................................................................................7
Limited login attempts.............................................................................................................................8
Fraud protection software.......................................................................................................................8
Security threats and risk associated with Xero............................................................................................8
Unauthorized access................................................................................................................................8
Computer viruses....................................................................................................................................9
Denial of service attack............................................................................................................................9
Malicious attack.......................................................................................................................................9
Sniffers.....................................................................................................................................................9
Mitigation or recommendation.................................................................................................................10
Conclusion.................................................................................................................................................10
References.................................................................................................................................................12
Document Page
INFORMATION SECURITY POLICY
4
Introduction
Information security policy is defined as a set of policies which is used by an
organization to secure and private their data or information. The security of information is
one of the crucial problems in this modern generation and most of organizations are facing
the issue of cyber-attack. It is observed that the rate of cyber-crimes is growing very fast
and lack of security is a big problem that increases such kind of threats. The main objective
of this report is to develop information security policies for Xero organization and analysis
the risk associated with this organization. Xero is a software development organization that
provides information and technology services to their consumers but this company is
facing various cyber-threats such as malware attack, denial of service attack and many
more. This report is producing security policies that address the threats and vulnerabilities
faced by Xero organization and also describing the various kinds of cyber security threats.
Overview of Xero
It is a New Zealand public organization which offers cloud-based services to small
and medium companies. Xero organization has many offices in Australia, United State, and
the U.K. and South Africa and this is listed on the Australian securities exchange. The
products of this organization are completely based on software as a service and the main
headquarter of Xero is placed in New Zealand. In the year 2016, it opened their first Asia
office in Singapore and it provides accounting software products to their consumers and
most of the small business sectors use this accounting software to improve the efficiency of
the business. The main problem faced by this organization is that they are not able to
handle malware and DDOS attack due to which they lost their personal information's. In
the year 2017, this hacker attacked this organization and they produced 1 Tb traffic signals
and transferred on their computer networks. Due to which around 15 minutes their
websites went to down and consumers did not access their accounts. To avoid such kind of
problems Xero organizations require modern security tools and technologies and they can
develop security policies to handle security threats.
Information security policies for Xero
Information security policy is a set of rules and regulation enacted by a company to
ensure that their employees and workers use authentic servers and networks and it also
helps to address the security-related issues (Bulgurcu, Cavusoglu, & Benbasat, 2010). Xero
is a kind of IT organization that provides communicates with numbers of consumers in
every hour for which they require to secure the data or information. To avoid the issue of a
data breach this report will develop security policies and strategies and this section will
identify the methods to improve the security of data.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
INFORMATION SECURITY POLICY
5
Objectives
There are many objectives of information security policies which are described below:
To establish a general approach to secure information
To identify the key factors that increase security threats and vulnerabilities
To protect employees and customers personal data by adopting security tools
To maintain the security and confidentiality of information and enhance the
efficiency of Xero networks (Crossler, et al., 2013).
Scope:
This security policy applies to all data or information of Xero, computer networks,
employees of the organization, and supplied under contract on it.
Access control policy and authority
Generally, an information security policy has a hierarchical pattern which means their
employees are bound not to share or transfer the information of an organization. Xero
organization communicates with numbers of small business sectors and their employee's
share personal details due to which the issue of cyber-threat increases. Mainly a senior
manager has authority to access personal accounts and make a decision-making process to
share data or information but Xero provided authority to their employees to access private
accounts (Ericsson, 2010). Due to which several employees provided their details on third
party websites and they can suffer from the issue of cyber-crime. Therefore, the logic
demands that security policy should address each basic operation in Xero organization
with the proper specification that will illuminate their authoritative status.
Access to information shall be restricted to authorized consumers that have a
bonafide business requires to access the data of Xero
The information and data sets services members shall control and maintain a
number of restricted application and databases (Herath, & Rao, 2009).
Classification of data
Classification of data is one of the best steps to maintain a large amount of data sets
and most of the organization used this process to maintain the efficiency of computer
servers. Xero organization interacts with many users and companies and they store a huge
quantity of data sets for which they required data classification approach. Classification of
data provides a platform to protect user's data from cyber-crimes and this policy can
arrange the entire set of data. There are few steps involves in this security policy which are
described below:
Document Page
INFORMATION SECURITY POLICY
6
Large risk class: in which data or information protected by state and federal
legislation and payroll, financial and private details are also involved
Confidential class: in this type of class data is not enjoy the honour of being below
the wing of low and data manager can judges that it should protect Xero information from
unauthorized servers.
Class public: this kind of information or data can be freely transferred.
Xero can classify their data into different data sets, for example, the classification
confidential, restricted and many more. By using these kinds of approaches they can
address the problem of data breach and complexity related issues.
Information and communication technology developed numbers of security tools
and approaches to address the security threats and vulnerabilities which are described
below:
Upgrade security system
Xero is one of the largest business industry that develops accounting related
software's and they also provide SaaS services to their consumers. For which they used
many software's and networks to control and monitor their personal accounts and they can
upgrade security systems to maintain security issues. Employees of this organization
should update software on regular basis and Xero can hire an IT team to handle the
security of computer networks. They can also design and implement advanced security
systems, for example, databases, sensitive devices and components and information system
(Hsu, Shih, Hung, & Lowry, 2015).
Operating security devices
The information and technology team of Xero organization can test that all security
devices and programmes are turned on and they are working properly. This kind of
security policy will include a visual inspection of any control system that can be utilized to
determine whether the systems are in a working situation or not (Ifinedo, 2012). Xero
should check and test this kind of issue on regular basis and update computer software
regularly.
Password management system
It is one of the common security policy which is used by many organizations and
Xero can adapt this technique to secure employees personal data or information. They can
design modern security related approaches by which employees and workers can access
their accounts more effectively. This organization provide information and technology
services to their users and many small companies use their software's in the computer for
which they required a passwords based system to secure communication system between
Document Page
INFORMATION SECURITY POLICY
7
employees and users. Therefore, Xero can develop this kind of policy to control and manage
security-related issues and they should ensure that employees use a strong password and
do not share with anyone.
E-mail and messages security
It is one of the best ways which is used by Xero to communicate with their clients
and customers and also provide users support facility. For which they required a process to
manage their private emails and message and information and technology developed a
robust technique to secure employees emails. It is observed that most hackers send
unwanted emails on employee's accounts and enter into their computer system due to
which users can lose their personal details (Krutz, & Vines, 2010). If Xero developed an E-
mail security algorithm then they can save their personal chats and information and senior
manager should ensure that employees use only authentic networks during the
communication process.
Upgrade the encryption approach
It is a very important security step which is used by most organizations to protect
data or information from hackers. It provides a way to improve the overall communication
system and secure user private information's. In this kind of process, the data of
employee’s converts into a form of specific code which and transfer from supplier to
consumers and attackers are not able to read this code without their permission. Xero can
develop this type of technique because mostly they communicate with their customers by
using internet connectivity and mobile networks and they should ensure that their
employees avoid the use of third-party applications.
Use of a digital certification
The main purpose of this technique is to improve the security of computer networks
and it provides an authorized server to their consumers. Xero developed numbers of
software and IT products for which they required an authentic network that can handle the
security threats and risks associated with computer devices. They can adopt this kind of
security system to reduce cybersecurity issues and vulnerabilities (Mármol, & Pérez, 2009).
The main role of this technique is to identify the third party websites or application and it
is observed that many Xero employees use third-party websites for communication
purpose that are developed by attackers. There are numbers of Australian organization
that display their company name in green colour which shows that they use digital
certification process to manage the unauthentic signals.
Authentication process
This is a very important step in information security that provides a way to verify
the identities of Xero websites and their accounts. Xero organization can evolve this type of
security process because it has the ability to detect and monitor fraud links and traffic

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
INFORMATION SECURITY POLICY
8
signals by which employees can secure their personal data or information. One time
password is one of the best examples of authentication approach and most of the
organization provided this process during the generation of new accounts (Rhee, Kim, &
Ryu, 2009). Xero provides the accounts facility on their website by which users can create
their accounts for which they required an authentication process. They can adopt a
biometric recognition system to improve the security of computer networks and IT team
should ensure that employees used only their authentic identity to access organization
accounts. Information and technology developed many biometric systems that can be
implemented for Xero such as fingerprint, iris, and face recognition and hand geometry
(Workman, Bommer, & Straub, 2008).
Limited login attempts
The main purpose of this security policy is to reduce the denial of services and
malware attack and many organizations used this technology. It is observed that Xero
provide multiple login attempts to their employees and works that create uncertainty of
networks which is also increasing the issue of cyber-attack. To avoid such kinds of issues
the senior manager of this organization can reduce numbers of login attempts by which
they can enhance the privacy of their networks (Siponen, & Vance, 2010). It has the
capability to address the brute-force attack which is a very serious problem for any
organization that blocks the peripheral devices of employees.
Fraud protection software
In this advanced generation information and technology produced numbers of
antivirus and software to avoid the security-related issues. Generally, Xero stored their
personal data into computer devices and they do not use any protection software which
can increase the problem of a data breach. Firewall, cryposense, web titan, and log360 all
these are very popular software that can be used to detect unwanted signals and
unauthorized networks in computer devices (Workman, 2008). All these applications run
into the background of computer and identify the spam links or malware signals and
provide a notification on the screen of the computer by which employees can block these
networks.
Security threats and risk associated with Xero
There are numbers of potential threats and vulnerabilities occur into Xero
organizations that are described below:
Unauthorized access
In the field of the information system, unauthorized access is a most common
security threat which is very dangerous for computer networks. Xero is suffering from this
type of security threat that detects the employee's computing devices and enters into their
Document Page
INFORMATION SECURITY POLICY
9
networks by using malicious software (Siponen, & Vance, 2014). In which hackers produce
an unauthentic website or server and send to the users accounts after that consumers use
these signals by which they lose their personal information.
Computer viruses
It is a type of nasty software that enters into the employee's computer devices
without taking their permission and it also spread from one location to another. It is
investigated that the few viri can cause severe harm that may affect the computer program
and overall performance. Recently Xero observed that their computer devices are not
working properly and employees are facing the issue of performance which occur due to
viruses. This type of problem may affect the computer system and users can lose their
private data (Siponen, Mahmood, & Pahnila, 2014).
Denial of service attack
It is a very common type of security threat that occurs due to lack of security and
hackers target on the user's peripheral devices. Xero communicates with their users by
using websites and computer blog and they are suffering from the problem of DDOS attack.
In which hackers send spam or fraud emails to the employees and they click on unwanted
links due to which hackers store their personal information (Sommestad, Hallberg,
Lundholm, & Bengtsson, 2014). Generally, hackers use malware software to produce traffic
signals and first they detect the location of computer networks after that they encrypt all
private details.
Malicious attack
Malicious is kind of hacking software that produce a large amount of traffic and
unauthentic servers which are used to block the computer networks. Generally attacker
target on the website of Xero after that they reduce the performance of wireless networks
and hack login ID and passwords of their computer devices (Von Solms, & Van Niekerk,
2013). Most the hackers use malicious software because it has the ability to break the
security of user's devices and few employees of Xero use third-party application which are
developed by malware that store user's personal information.
Sniffers
It is also called a security threat that increases due to use of unauthentic servers and
Xero organization is facing this issue from last few years. In which hacker utilize more
complex algorithm that detects and identify the login ID and password of employee's
accounts. Attackers are able to encrypt the user's personal information and they can
control the communication process between employees and consumers (Wall, Palvia, &
Lowry, 2013).
Document Page
INFORMATION SECURITY POLICY
10
Mitigation or recommendation
Xero is facing the issue of cyber-crime and data breach due to which they can lose their
personal data and value in the market. It is observed that lack of security is a very common
problem because most Xero employees use unauthentic servers that are developed by
attackers and they lost their personal information (Warkentin, & Willison, 2009). To avoid
such kind of problem information and technology provide numbers of steps and tools
which are described below:
Adopt a password-based system and avoid the use of third-party applications
Add the digital certificate to handle the security related issues
Update computer software on a regular basis
Use short message services
Follow proper configuration steps to avoid the issue of conflict
Always active antivirus to protect data from hackers
Block unauthentic servers
Keep secure private details on Google
Use backup plans and recovery tools like cloud computing
Communicate with employees and take action if they found any malware
Use device identification techniques
It is observed that most the consumers use very low password system and they do not
use any backup plan due to which they face the problem of hacking. For Xero, it is very
important to check and security programmes after that the management team should
adopt an IT team that can handle the security-related issues. there are many ethical and
legal issues occur due to cyber-security threats, for example, data breach, security theft,
loss of personal e-mails, and reduce the privacy of computer devices (Yeh, & Chang, 2007).
All these issues and problems can be resolved by above security policies and it is
recommended that Xero can adopt the advanced computer networks and security tools to
handle the data breach issues. Encryption and cryptography both are very popular
technologies which can be used for Xero organization and they provide a platform to
identify the key factors that increase cyber-crimes. The employees of Xero should ensure
that they use only authentic servers and if any malware signals attacks on their networks
then contact with IT teams.
Conclusion
Security of data is very common and biggest problem for every organization
because hackers use advanced algorithm to attack the computer devices of consumers. In
the last few years security related issues like data breach and threats are growing very fast
and the main reason for this increment is lack of security. This report is completely based
on information security threats and issues and with the help of this paper readers can

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
INFORMATION SECURITY POLICY
11
enhance their knowledge in the area of the information system. Xero is a software company
that provide IT related services to their customers but in the last few years, they are facing
the issue of cyber-threat. This report explained the threats and vulnerabilities of the
information system and developed security policies to address such kinds of problems.
There are main three problems occur in computer networks, for example, DOS attack,
sniffer and malicious attack which are described in this report. The management team of
Xero should ensure that their employees avoid the use of third-party applications and use
firewall and cryptography technology to address the issue of cyber-security.
Document Page
INFORMATION SECURITY POLICY
12
References
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance:
an empirical study of rationality-based beliefs and information security
awareness. MIS Quarterly, 34(3), 523-548.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioural information security research. computers &
security, 32, 90-101.
Ericsson, G. N. (2010). Cybersecurity and power system communication—essential parts of
a smart grid infrastructure. IEEE Transactions on Power Delivery, 25(3), 1501-1507.
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviours in
organizations: Role of penalties, pressures and perceived effectiveness. Decision
Support Systems, 47(2), 154-165.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviours
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), 282-300.
Ifinedo, P. (2012). Understanding information systems security policy compliance: An
integration of the theory of planned behaviour and the protection motivation
theory. Computers & Security, 31(1), 83-95.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
Mármol, F. G., & Pérez, G. M. (2009). Security threats scenarios in trust and reputation
models for distributed systems. computers & security, 28(7), 545-556.
Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on
end users' information security practice behaviour. Computers & Security, 28(8),
816-826.
Document Page
INFORMATION SECURITY POLICY
13
Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee
information systems security policy violations. MIS Quarterly, 12(3), 487-502.
Siponen, M., & Vance, A. (2014). Guidelines for improving the contextual relevance of field
surveys: the case of information security policy violations. European Journal of
Information Systems, 23(3), 289-305.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & Management, 51(2), 217-
224.
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing
information security policy compliance: a systematic review of quantitative
studies. Information Management & Computer Security, 22(1), 42-75.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cybersecurity.
computers & security, 38, 97-102.
Wall, J. D., Palvia, P., & Lowry, P. B. (2013). Control-related motivations and information
security policy compliance: The role of autonomy and efficacy. Journal of
Information Privacy and Security, 9(4), 52-79.
Warkentin, M., & Willison, R. (2009). Behavioural and policy issues in information systems
security: the insider threat. European Journal of Information Systems, 18(2), 101-
105.
Workman, M. (2008). Wisecrackers: A theorygrounded investigation of phishing and
pretext social engineering threats to information security. Journal of the American
Society for Information Science and Technology, 59(4), 662-674.
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of
information security measures: A threat control model and empirical
test. Computers in human behaviour, 24(6), 2799-2816.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
INFORMATION SECURITY POLICY
14
Yeh, Q. J., & Chang, A. J. T. (2007). Threats and countermeasures for information system
security: A cross-industry study. Information & Management, 44(5), 480-491.
1 out of 14
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]