Comprehensive Network and Information Security Report for AO World plc
VerifiedAdded on 2021/04/24
|16
|3993
|329
Report
AI Summary
This report presents a comprehensive network and information security assessment for AO World plc, focusing on the challenges and vulnerabilities within its online retail operations. It begins with an executive summary and an overview of AO World plc, highlighting its reliance on information technol...
Running head: NETWORK AND INFORMATION SECURITY
Network and Information Security
Name of the Student
Name of the University
Author Note
Network and Information Security
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
NETWORK AND INFORMATION SECURITY
Table of Contents
1. Executive Summary.....................................................................................................................2
1. 1 AO World plc.......................................................................................................................2
2. Security Assessment Report........................................................................................................3
2. A Team Members....................................................................................................................3
2. B. Identification of Critical Assets, Threat and Vulnerability Assessment, Risk....................4
2. C. Prioritised List of Issues......................................................................................................8
3. Business Continuity Plan...........................................................................................................11
3. A. Introduction.......................................................................................................................11
3. B. Description of Continuity Plan.........................................................................................11
3. C. Security Policy..................................................................................................................13
4. References..................................................................................................................................14
NETWORK AND INFORMATION SECURITY
Table of Contents
1. Executive Summary.....................................................................................................................2
1. 1 AO World plc.......................................................................................................................2
2. Security Assessment Report........................................................................................................3
2. A Team Members....................................................................................................................3
2. B. Identification of Critical Assets, Threat and Vulnerability Assessment, Risk....................4
2. C. Prioritised List of Issues......................................................................................................8
3. Business Continuity Plan...........................................................................................................11
3. A. Introduction.......................................................................................................................11
3. B. Description of Continuity Plan.........................................................................................11
3. C. Security Policy..................................................................................................................13
4. References..................................................................................................................................14
2
NETWORK AND INFORMATION SECURITY
1. Executive Summary
The aim of this report is to address the issues and challenges being faced by the AO
world plc organization considering the last IT installation and the operations involved within the
activities of the organization. Since the organization is based on online services, it has become a
considerable factor for addressing the vulnerabilities related to the challenges and issues in the
security of the network. The organization collects many personal and sensitive information of the
clients and those data or information are vulnerable to cyber-attack or intrusion. The attempt of
this report is to identify the sectors which can be used to affect the integrity, availability,, and
confidentiality of the system. The presented security assessment report will be helpful in creating
threat profiles of the possible and already identified threats related to the proper and effective
functioning of the organization. The security risks associated with the application of the network
for the exchange and execution of the operational activities within the AO world can be listed as:
Security breaches, data loss, viruses, hacking, and malicious attacks. Virtual Private Network
adoption can be helpful for the staffs and the employees to access the data or information saved
in the network during off-site. This approach can be helpful in securing the links and protecting
the information being exchanged. This report provides an overview of the chosen organization as
a case study and based on the thorough research over the organization a security assessment
report has been presented. This report is capable of addressing the risks and issues through the
application of the OCTAVE methodology in manner to identify the effective threats and issues
and present a relative solution for the identified threats.
NETWORK AND INFORMATION SECURITY
1. Executive Summary
The aim of this report is to address the issues and challenges being faced by the AO
world plc organization considering the last IT installation and the operations involved within the
activities of the organization. Since the organization is based on online services, it has become a
considerable factor for addressing the vulnerabilities related to the challenges and issues in the
security of the network. The organization collects many personal and sensitive information of the
clients and those data or information are vulnerable to cyber-attack or intrusion. The attempt of
this report is to identify the sectors which can be used to affect the integrity, availability,, and
confidentiality of the system. The presented security assessment report will be helpful in creating
threat profiles of the possible and already identified threats related to the proper and effective
functioning of the organization. The security risks associated with the application of the network
for the exchange and execution of the operational activities within the AO world can be listed as:
Security breaches, data loss, viruses, hacking, and malicious attacks. Virtual Private Network
adoption can be helpful for the staffs and the employees to access the data or information saved
in the network during off-site. This approach can be helpful in securing the links and protecting
the information being exchanged. This report provides an overview of the chosen organization as
a case study and based on the thorough research over the organization a security assessment
report has been presented. This report is capable of addressing the risks and issues through the
application of the OCTAVE methodology in manner to identify the effective threats and issues
and present a relative solution for the identified threats.
3
NETWORK AND INFORMATION SECURITY
1. 1 AO World plc
AO World plc has been one of the leading online retailer company that is providing
various domestic appliances to the citizens of the UK through online platform. Mr. John Roberts
founded it in the year 2000 and has implemented latest information technologies for the
execution of the operational activities of the organization [3]. The transformation was
implemented during 2013, when the organization had invested a big amount for the
establishment on new information technology in manner to deliver the products and services to
the UK citizens.
2. Security Assessment Report
The security assessment report presented in the following paragraphs has been conducted
through the application of the OCTAVE methodology (Operationally Critical Threat, Asset and
Vulnerability Evaluation). It is helpful in systemization and enhancement of the identified
security risks those have been analysed and identified in the following security risk assessment
[10]. This report will be helpful for the AO to retrieve the sufficing results considering the
evaluation of the security despite of using the funds and resources excessively. The proposed
methodology will be utilizing the valuable human resources of the AO for the collection of
information related to the security issues and improving them for the better an effective handling
of the data or information saved in the system [2]. The information will gathered from the
following personals of the organization:
According to Software Engineering Institute, OCTAVE “is designed to allow broad
assessment of an organization’s operational risk environment with the goal of producing more
robust results without the need for extensive risk assessment knowledge [4].”
NETWORK AND INFORMATION SECURITY
1. 1 AO World plc
AO World plc has been one of the leading online retailer company that is providing
various domestic appliances to the citizens of the UK through online platform. Mr. John Roberts
founded it in the year 2000 and has implemented latest information technologies for the
execution of the operational activities of the organization [3]. The transformation was
implemented during 2013, when the organization had invested a big amount for the
establishment on new information technology in manner to deliver the products and services to
the UK citizens.
2. Security Assessment Report
The security assessment report presented in the following paragraphs has been conducted
through the application of the OCTAVE methodology (Operationally Critical Threat, Asset and
Vulnerability Evaluation). It is helpful in systemization and enhancement of the identified
security risks those have been analysed and identified in the following security risk assessment
[10]. This report will be helpful for the AO to retrieve the sufficing results considering the
evaluation of the security despite of using the funds and resources excessively. The proposed
methodology will be utilizing the valuable human resources of the AO for the collection of
information related to the security issues and improving them for the better an effective handling
of the data or information saved in the system [2]. The information will gathered from the
following personals of the organization:
According to Software Engineering Institute, OCTAVE “is designed to allow broad
assessment of an organization’s operational risk environment with the goal of producing more
robust results without the need for extensive risk assessment knowledge [4].”
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
NETWORK AND INFORMATION SECURITY
2. A Team Members
AO’s IT infrastructure has been originally planned for the operations such as a complete
independent for other divisions as a self-governing department including the logistics and the
technical [7]. This led to the direct communication between the It department’s chief director and
the security department’s chief director in manner to consider the aspects emphasizing on the
information and data those have been emitted by the explanations provided on the interview on
the medias [12]. Following is the list of the members of the analysis team:
IT Department, Chief Director
Security Department, Chief Director
Senior / Team Supervisor of AO Department
Communication Network Department, Director
Assistants of AO Department, Administrative Head [5]
Senior / Team of product delivery Maintenance Office
Communication Network Department, Chief Engineer
2. B. Identification of Critical Assets, Threat and Vulnerability Assessment, Risk
Following is the Network Diagram of the AO’s IT infrastructure:
NETWORK AND INFORMATION SECURITY
2. A Team Members
AO’s IT infrastructure has been originally planned for the operations such as a complete
independent for other divisions as a self-governing department including the logistics and the
technical [7]. This led to the direct communication between the It department’s chief director and
the security department’s chief director in manner to consider the aspects emphasizing on the
information and data those have been emitted by the explanations provided on the interview on
the medias [12]. Following is the list of the members of the analysis team:
IT Department, Chief Director
Security Department, Chief Director
Senior / Team Supervisor of AO Department
Communication Network Department, Director
Assistants of AO Department, Administrative Head [5]
Senior / Team of product delivery Maintenance Office
Communication Network Department, Chief Engineer
2. B. Identification of Critical Assets, Threat and Vulnerability Assessment, Risk
Following is the Network Diagram of the AO’s IT infrastructure:
5
NETWORK AND INFORMATION SECURITY
Figure 1: AO’s IT Infrastructure
(Source: Created by Author using MS Visio)
PSTN Control Cards: Without having actual knowledge about the status of the service
interruption and because of the communication network or hardware failure in the network,
connecting the users and the organization could possibly lead to interruption in the PTSN
Control Card operation status [6]. There are the possibilities of the accidental outage or
interruption because of the failures due to the human faults. Following are the security
requirements:
NETWORK AND INFORMATION SECURITY
Figure 1: AO’s IT Infrastructure
(Source: Created by Author using MS Visio)
PSTN Control Cards: Without having actual knowledge about the status of the service
interruption and because of the communication network or hardware failure in the network,
connecting the users and the organization could possibly lead to interruption in the PTSN
Control Card operation status [6]. There are the possibilities of the accidental outage or
interruption because of the failures due to the human faults. Following are the security
requirements:
6
NETWORK AND INFORMATION SECURITY
Integrity: the authorized technicians of the AO will only be allowed to access the network
after verifying through the TDMF entry that is a PIN access code and having unique codes for
each cabinets [11]. Other concerning objective is that the organization should be well aware with
the activities including the modification, repair and installation through receiving the daily work
schedules of the technicians involved in this project.
Confidentiality: Two primary security requirements are firstly, monitoring the service
providers and the core network monitoring through the PSTN control card considering the open
or close state of the monitoring cabinet door [17]. Secondly, violation related to this procedure
without having a prior update to the system will be leading to the alert signalling through
standard process.
Availability: There should be always availability of the access to the control card for the
authorized individuals and the technicians in manner to enter the cabinet and make the needed
changes [15]. Other factor associated with this availability is that it must be connected with the
OCS in constant manner in manner to respond to the frequent periodic polling.
Following are the strategies that can be helpful in protecting the system from these
threats: firstly, for an instance if the short outage of the control card services do not exceeds the
proposed polling period, it will not be causing significant problem [13]. Secondly, standby
technicians can be activated, even if there is outage of the power supply as the UPS system will
be automatically supplying the power. For any other inconveniences, Mobile Patrol Security can
be contacted.
Central Administration System (CAS) - OCS, OCIM, VPS, and AO server: The
software or hardware failures because of the malfunctioning, destruction or tampering of the
NETWORK AND INFORMATION SECURITY
Integrity: the authorized technicians of the AO will only be allowed to access the network
after verifying through the TDMF entry that is a PIN access code and having unique codes for
each cabinets [11]. Other concerning objective is that the organization should be well aware with
the activities including the modification, repair and installation through receiving the daily work
schedules of the technicians involved in this project.
Confidentiality: Two primary security requirements are firstly, monitoring the service
providers and the core network monitoring through the PSTN control card considering the open
or close state of the monitoring cabinet door [17]. Secondly, violation related to this procedure
without having a prior update to the system will be leading to the alert signalling through
standard process.
Availability: There should be always availability of the access to the control card for the
authorized individuals and the technicians in manner to enter the cabinet and make the needed
changes [15]. Other factor associated with this availability is that it must be connected with the
OCS in constant manner in manner to respond to the frequent periodic polling.
Following are the strategies that can be helpful in protecting the system from these
threats: firstly, for an instance if the short outage of the control card services do not exceeds the
proposed polling period, it will not be causing significant problem [13]. Secondly, standby
technicians can be activated, even if there is outage of the power supply as the UPS system will
be automatically supplying the power. For any other inconveniences, Mobile Patrol Security can
be contacted.
Central Administration System (CAS) - OCS, OCIM, VPS, and AO server: The
software or hardware failures because of the malfunctioning, destruction or tampering of the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
NETWORK AND INFORMATION SECURITY
power and equipment supply loss those are capable of breaking down or temporary
malfunctioning of the system. Following is the list of the security requirements:
Integrity: the administrative assistants will be maintaining all the assets those are helpful
in routine maintenance and the inspections.
Confidentiality: The IT department’s Chief Director will be performing the activities
related to the configuration and the initial installation of the components those have been
included in the CAS [20]. Further modifications will need the approval of the director before
making any changes or manipulation in the systems. “Operational status, of all components
included, is real time monitoring by Chief Director of IT Department and Administrative
Assistants, rotating into standby shifts, providing 24/7/365 QoS. [7].”
Availability: the Central Administration System should have the access to all the assets
every time. Following recommendation can be presented as the protection strategies;
AO has been using the SDW cloud vendor in manner to allow temporary components’
breakdown for the real time redundancy. OCS, VPS, KIOSK, and OCIM provides the facility of
Server Room (server physical location) that has a two factor authentication mechanism including
the fingerprint biometric system and the PIN access system that can be helpful in enhancing the
security of the systems and the physical locations [25]. The other components CAS and the
connections including the kUI terminals, SDW, and KiND have been protected with the IDS
system, VPN tunnelling, and hardware firewalls and these can be represented as the most
beneficial approach.
KiND (Keruak Information Network Database): Because of the software or hardware
tampering, loss in power supply, and equipment’s destruction, there are the possibilities in the
NETWORK AND INFORMATION SECURITY
power and equipment supply loss those are capable of breaking down or temporary
malfunctioning of the system. Following is the list of the security requirements:
Integrity: the administrative assistants will be maintaining all the assets those are helpful
in routine maintenance and the inspections.
Confidentiality: The IT department’s Chief Director will be performing the activities
related to the configuration and the initial installation of the components those have been
included in the CAS [20]. Further modifications will need the approval of the director before
making any changes or manipulation in the systems. “Operational status, of all components
included, is real time monitoring by Chief Director of IT Department and Administrative
Assistants, rotating into standby shifts, providing 24/7/365 QoS. [7].”
Availability: the Central Administration System should have the access to all the assets
every time. Following recommendation can be presented as the protection strategies;
AO has been using the SDW cloud vendor in manner to allow temporary components’
breakdown for the real time redundancy. OCS, VPS, KIOSK, and OCIM provides the facility of
Server Room (server physical location) that has a two factor authentication mechanism including
the fingerprint biometric system and the PIN access system that can be helpful in enhancing the
security of the systems and the physical locations [25]. The other components CAS and the
connections including the kUI terminals, SDW, and KiND have been protected with the IDS
system, VPN tunnelling, and hardware firewalls and these can be represented as the most
beneficial approach.
KiND (Keruak Information Network Database): Because of the software or hardware
tampering, loss in power supply, and equipment’s destruction, there are the possibilities in the
8
NETWORK AND INFORMATION SECURITY
failure of the KiND. Despite of these other factors such as modifications, deliberate or accidental
manipulation with the data have the capability to malfunction the whole system including the
operational interruptions [18]. Outdoor cabinet of the AO are monitoring the information related
to the clients those are personal and sensitive can be easily exposed to every user of the KiND.
Following are the security requirements for this issue:
Integrity: It is a considerable factor, that the individuals associated with the organization
and its mechanisms should have the knowledge and experience of how to deal with the presented
incident scenarios.
Confidentiality: The data or information save din the network should must be categorized
at different levels considering the privileges associated with the access of the data [22].
Availability: there should be effectively monitoring on the KUI for 24*7. Following are
some of the protection strategies: Firstly, the kUI users entering the Web Application through the
application of the authentication mechanism should be classified in different user access groups
and should be having the different information access rights. The VPN tunnelling willn be
allowing the users to access the kUI despite of considering the facts associated with the
unauthorized information leakage.
SDW (Sensage Data Warehouse): Due to the utilization of the SDW cloud services,
there is not any approach of performing the qualitative security assessment utilizing the
OCTAVE framework. This can be treated as the “black box” due to the unavailability of the
knowledge and information associated with the inside assets present in the framework of the AO
[21]. However, SDW can be represented as untrusted.
NETWORK AND INFORMATION SECURITY
failure of the KiND. Despite of these other factors such as modifications, deliberate or accidental
manipulation with the data have the capability to malfunction the whole system including the
operational interruptions [18]. Outdoor cabinet of the AO are monitoring the information related
to the clients those are personal and sensitive can be easily exposed to every user of the KiND.
Following are the security requirements for this issue:
Integrity: It is a considerable factor, that the individuals associated with the organization
and its mechanisms should have the knowledge and experience of how to deal with the presented
incident scenarios.
Confidentiality: The data or information save din the network should must be categorized
at different levels considering the privileges associated with the access of the data [22].
Availability: there should be effectively monitoring on the KUI for 24*7. Following are
some of the protection strategies: Firstly, the kUI users entering the Web Application through the
application of the authentication mechanism should be classified in different user access groups
and should be having the different information access rights. The VPN tunnelling willn be
allowing the users to access the kUI despite of considering the facts associated with the
unauthorized information leakage.
SDW (Sensage Data Warehouse): Due to the utilization of the SDW cloud services,
there is not any approach of performing the qualitative security assessment utilizing the
OCTAVE framework. This can be treated as the “black box” due to the unavailability of the
knowledge and information associated with the inside assets present in the framework of the AO
[21]. However, SDW can be represented as untrusted.
9
NETWORK AND INFORMATION SECURITY
2. C. Prioritised List of Issues
(KiND) Keruak Information Network Database
Concerning Areas Threat Properties
1. Failure in the hardware due to the
tampering of the software caused by the
insider.
Access: physical
Asset: KiND
Actor: insiders
Outcome: destruction / loss and interruption
Motive: accidental
2. Failure in the retrieving or alteration of the
data because of the software tamper Caused
by the user either accidentally or intentionally
and thus, hampering the entries related to the
critical information [24]
Access: physical & network
Asset: KiND
Actor: insiders
Outcome: modification, disclosure,
destruction / loss and interruption
Motive: deliberate and accidental
PSTN Control Cards
1. The unauthorised user or technicians breaks
the PSTN control card accidentally
Access: physical
Asset: PSTN control card
Actor: insiders
Outcome: Destruction / loss and Interruption
Motive: accidental
NETWORK AND INFORMATION SECURITY
2. C. Prioritised List of Issues
(KiND) Keruak Information Network Database
Concerning Areas Threat Properties
1. Failure in the hardware due to the
tampering of the software caused by the
insider.
Access: physical
Asset: KiND
Actor: insiders
Outcome: destruction / loss and interruption
Motive: accidental
2. Failure in the retrieving or alteration of the
data because of the software tamper Caused
by the user either accidentally or intentionally
and thus, hampering the entries related to the
critical information [24]
Access: physical & network
Asset: KiND
Actor: insiders
Outcome: modification, disclosure,
destruction / loss and interruption
Motive: deliberate and accidental
PSTN Control Cards
1. The unauthorised user or technicians breaks
the PSTN control card accidentally
Access: physical
Asset: PSTN control card
Actor: insiders
Outcome: Destruction / loss and Interruption
Motive: accidental
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
NETWORK AND INFORMATION SECURITY
2. The unauthorised user or technicians
permanently set the control card in manner to
provide false / negative condition (no
intrusion / no alerts)
Access: physical
Asset: PSTN control card
Actor: insiders
Outcome: modification and disclosure
Motive: deliberate
3. The cabinet gets breakdown accidentally by
an outsider Outsiders (vehicle accident or
some sort of similar incidents)
Access: physical and network
Asset: PSTN control card
Actor: insiders
Outcome: Destruction / loss and Interruption
Motive: deliberate
4. Vandals or Terrorists damages the outdoor
cabinet
Access: physical and network
Asset: PSTN control card
Actor: outsiders [23]
Outcome: Destruction / loss and Interruption
Motive: deliberate
5. Technicians or any other authorized
personnel accidentally break communication
line of the PSTN control card
Access: network
Asset: PSTN control card
Actor: insiders
Outcome: Destruction / loss and Interruption
Motive: accidental
6. The unauthorized user or the technicians
trap communication line intentionally and
thus, blocks the remote access of the PSTN
Access: network
Asset: PSTN control card
Actor: insiders
NETWORK AND INFORMATION SECURITY
2. The unauthorised user or technicians
permanently set the control card in manner to
provide false / negative condition (no
intrusion / no alerts)
Access: physical
Asset: PSTN control card
Actor: insiders
Outcome: modification and disclosure
Motive: deliberate
3. The cabinet gets breakdown accidentally by
an outsider Outsiders (vehicle accident or
some sort of similar incidents)
Access: physical and network
Asset: PSTN control card
Actor: insiders
Outcome: Destruction / loss and Interruption
Motive: deliberate
4. Vandals or Terrorists damages the outdoor
cabinet
Access: physical and network
Asset: PSTN control card
Actor: outsiders [23]
Outcome: Destruction / loss and Interruption
Motive: deliberate
5. Technicians or any other authorized
personnel accidentally break communication
line of the PSTN control card
Access: network
Asset: PSTN control card
Actor: insiders
Outcome: Destruction / loss and Interruption
Motive: accidental
6. The unauthorized user or the technicians
trap communication line intentionally and
thus, blocks the remote access of the PSTN
Access: network
Asset: PSTN control card
Actor: insiders
11
NETWORK AND INFORMATION SECURITY
control card Outcome: Destruction / loss and Interruption
Motive: accidental
3. Business Continuity Plan
3. A. Introduction
The major focusing sector will be the information infrastructure of the AO through the
examination and determination of the key components related to the technology architecture.
This could led to the unauthorized actions against the previously identified critical assets taking
into the considerations of the identified technological weaknesses [14]. An unauthorized user for
proposing solutions and exploiting the solutions in manner to mitigate or minimize the
exploitation caused by these weaknesses could utilize these weaknesses. following paragraph
explains the vulnerabilities and related solutions those could be incorporated within the business
continuity plan.
3. B. Description of Continuity Plan
Considerable
Components
Vulnerabilities in the Technology Proposed solution
Communication
between the AO and
its partners and
customers
The communication between the
personals is being taken by the
PSTN through the application of the
control card. For the situation such
as, total network failure, there will
be not any communication between
In manner to have more than
one ISPs, additional GSM
connectors can be installed
via different paths of the
communication that will be
helpful in providing the
NETWORK AND INFORMATION SECURITY
control card Outcome: Destruction / loss and Interruption
Motive: accidental
3. Business Continuity Plan
3. A. Introduction
The major focusing sector will be the information infrastructure of the AO through the
examination and determination of the key components related to the technology architecture.
This could led to the unauthorized actions against the previously identified critical assets taking
into the considerations of the identified technological weaknesses [14]. An unauthorized user for
proposing solutions and exploiting the solutions in manner to mitigate or minimize the
exploitation caused by these weaknesses could utilize these weaknesses. following paragraph
explains the vulnerabilities and related solutions those could be incorporated within the business
continuity plan.
3. B. Description of Continuity Plan
Considerable
Components
Vulnerabilities in the Technology Proposed solution
Communication
between the AO and
its partners and
customers
The communication between the
personals is being taken by the
PSTN through the application of the
control card. For the situation such
as, total network failure, there will
be not any communication between
In manner to have more than
one ISPs, additional GSM
connectors can be installed
via different paths of the
communication that will be
helpful in providing the
12
NETWORK AND INFORMATION SECURITY
these entities resulting in the
unavailability [16] of the information
related to the condition of the
cabinet. This will be alternatively
resulting in the service interruption
through deliberately or intentionally.
redundancy between the
communication entities.
Accessing the data or
information related to
the operational
activities of the AO
through the KiND
Location of the Kind
The data or information saved in the
system could be disclosed by an
unauthorized user or an unhappy
insider and thus, could result in the
disclosure of the data to him or her
The approach can be made
for the preparation of the new
network database, separating
it from the KiND that will be
helpful in hosting the
required and related data or
information by the AO those
have been installed within the
systems of the AO and being
maintained by the
administrative of the AO [6]
SDW (Sensage Data
Warehouse)
The OCTAVE framework
methodology is not capable of
utilizing the external cloud vendor
and the analysis of the real time log
data. Thus, it can be represented as
untrusted no matter whether it has
Replacing the SDW
redundancy system with
another installed AO
department that can be easily
and effectively managed by
the administrators of the AO
NETWORK AND INFORMATION SECURITY
these entities resulting in the
unavailability [16] of the information
related to the condition of the
cabinet. This will be alternatively
resulting in the service interruption
through deliberately or intentionally.
redundancy between the
communication entities.
Accessing the data or
information related to
the operational
activities of the AO
through the KiND
Location of the Kind
The data or information saved in the
system could be disclosed by an
unauthorized user or an unhappy
insider and thus, could result in the
disclosure of the data to him or her
The approach can be made
for the preparation of the new
network database, separating
it from the KiND that will be
helpful in hosting the
required and related data or
information by the AO those
have been installed within the
systems of the AO and being
maintained by the
administrative of the AO [6]
SDW (Sensage Data
Warehouse)
The OCTAVE framework
methodology is not capable of
utilizing the external cloud vendor
and the analysis of the real time log
data. Thus, it can be represented as
untrusted no matter whether it has
Replacing the SDW
redundancy system with
another installed AO
department that can be easily
and effectively managed by
the administrators of the AO
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
NETWORK AND INFORMATION SECURITY
been tunnelled by the VPN or not or
having a firewall
Terminal physical
location of the new
entry KUI users
New entry KUI users
There are the possibilities of the
physical damage to the physical
location of the systems of the KUI
users that could led to expose or
destruction of data or information
related to the AO’s operational
activities [23]. There is another
assumption as because of the no
training provided to the new users,
there are the possibilities of the loss
or modification of the data or
information.
Transferring all the
amployees of the KUI within
the existing physical location
of the AO can be a helpful
approach in providing better
and effective training. This
training should also address
the regulations and policies
associated with the
application of the services.
3. C. Security Policy
The purpose of this policy would be to address the security issues identified in the first
part of this report and through the implementation for the policies; the AO will be beneficial as
follows:
1. Establishing the organization-wide information security framework in manner to
safeguard the data or information saved in the system related to the operational activities and
including the personal and sensitive information of the individuals in effective and efficient
manner.
NETWORK AND INFORMATION SECURITY
been tunnelled by the VPN or not or
having a firewall
Terminal physical
location of the new
entry KUI users
New entry KUI users
There are the possibilities of the
physical damage to the physical
location of the systems of the KUI
users that could led to expose or
destruction of data or information
related to the AO’s operational
activities [23]. There is another
assumption as because of the no
training provided to the new users,
there are the possibilities of the loss
or modification of the data or
information.
Transferring all the
amployees of the KUI within
the existing physical location
of the AO can be a helpful
approach in providing better
and effective training. This
training should also address
the regulations and policies
associated with the
application of the services.
3. C. Security Policy
The purpose of this policy would be to address the security issues identified in the first
part of this report and through the implementation for the policies; the AO will be beneficial as
follows:
1. Establishing the organization-wide information security framework in manner to
safeguard the data or information saved in the system related to the operational activities and
including the personal and sensitive information of the individuals in effective and efficient
manner.
14
NETWORK AND INFORMATION SECURITY
2. Protecting the stored data or information from unauthorized access in manner to
restrict the intruder from exposing, manipulating and deleting the data or information saved in
the network that could possibly affect the organization’s reputation [22]. This will stop the
intruder from the affecting the privacy and security of the individuals associated with the AO.
3. Protecting the information assets, those have been estimated through the application o
the OCTAVE methodology framework in the above sections.
4. Complying with the UK regulations, state and local law, federal, policies and
agreements those will be required for the organization in manner to implement thee security
safeguards in effective and efficient manner [16].
NETWORK AND INFORMATION SECURITY
2. Protecting the stored data or information from unauthorized access in manner to
restrict the intruder from exposing, manipulating and deleting the data or information saved in
the network that could possibly affect the organization’s reputation [22]. This will stop the
intruder from the affecting the privacy and security of the individuals associated with the AO.
3. Protecting the information assets, those have been estimated through the application o
the OCTAVE methodology framework in the above sections.
4. Complying with the UK regulations, state and local law, federal, policies and
agreements those will be required for the organization in manner to implement thee security
safeguards in effective and efficient manner [16].
15
NETWORK AND INFORMATION SECURITY
4. References
[1] a. Cardenas, P. K. Manadhata, and S. P. Rajan, “Big Data Analytics for Security,” IEEE
Secur. Priv., vol. 11, no. 6, pp. 74–76, 2013.
[2] Bechtsoudis and N. Sklavos, “Aiming at higher network security through extensive
penetration tests,” IEEE Lat. Am. Trans., vol. 10, no. 3, pp. 1752–1756, 2012.
[3] Tsohou, M. Karyda, S. Kokolakis, and E. Kiountouzis, “Analyzing trajectories of
information security awareness,” Inf. Technol. People, vol. 25, no. 3, pp. 327–352, 2012.
[4] Yassir and S. Nayak, “Cybercrime: A threat to Network Security,” IJCSNS Int. J.
Comput. Sci. Netw. Secur., vol. 12, no. 2, pp. 84–88, 2012.
[5] Joshi and U. K. Singh, “Information security risks management framework – A step
towards mitigating security risks in university network,” J. Inf. Secur. Appl., vol. 35, pp.
128–137, 2017.
[6] Chuan-Yuh Wang, “A knowledge network production: Ten years of information security
research,” African J. Bus. Manag., vol. 6, no. 1, pp. 213–221, 2012.
[7] Dang-Pham, S. Pittayachawan, and V. Bruno, “Applications of social network analysis in
behavioural information security research: Concepts and empirical analysis,” Comput.
Secur., vol. 68, pp. 1–15, 2017.
[8] Dang-Pham, S. Pittayachawan, and V. Bruno, “Applying network analysis to investigate
interpersonal influence of information security behaviours in the workplace,” Inf.
Manag., vol. 54, no. 5, pp. 625–637, 2017.
NETWORK AND INFORMATION SECURITY
4. References
[1] a. Cardenas, P. K. Manadhata, and S. P. Rajan, “Big Data Analytics for Security,” IEEE
Secur. Priv., vol. 11, no. 6, pp. 74–76, 2013.
[2] Bechtsoudis and N. Sklavos, “Aiming at higher network security through extensive
penetration tests,” IEEE Lat. Am. Trans., vol. 10, no. 3, pp. 1752–1756, 2012.
[3] Tsohou, M. Karyda, S. Kokolakis, and E. Kiountouzis, “Analyzing trajectories of
information security awareness,” Inf. Technol. People, vol. 25, no. 3, pp. 327–352, 2012.
[4] Yassir and S. Nayak, “Cybercrime: A threat to Network Security,” IJCSNS Int. J.
Comput. Sci. Netw. Secur., vol. 12, no. 2, pp. 84–88, 2012.
[5] Joshi and U. K. Singh, “Information security risks management framework – A step
towards mitigating security risks in university network,” J. Inf. Secur. Appl., vol. 35, pp.
128–137, 2017.
[6] Chuan-Yuh Wang, “A knowledge network production: Ten years of information security
research,” African J. Bus. Manag., vol. 6, no. 1, pp. 213–221, 2012.
[7] Dang-Pham, S. Pittayachawan, and V. Bruno, “Applications of social network analysis in
behavioural information security research: Concepts and empirical analysis,” Comput.
Secur., vol. 68, pp. 1–15, 2017.
[8] Dang-Pham, S. Pittayachawan, and V. Bruno, “Applying network analysis to investigate
interpersonal influence of information security behaviours in the workplace,” Inf.
Manag., vol. 54, no. 5, pp. 625–637, 2017.
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.