Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security and Risk Management in National Bank of Australia

Verified

Added on 2023/06/12

AI Summary

This report delves into the realm of Information Security (IS) and Risk Management, particularly within the context of the National Bank of Australia (NAB). It highlights the increasing dependence of businesses on technology and the associated rise in cyber threats. The report identifies common malware such as spyware, botnets, adware, rootkits, worms, and viruses, detailing how they can impact NAB's operations. It also examines the networking devices used by NAB, including routers, switches, and hubs, pointing out their vulnerabilities. Furthermore, the report provides recommendations on ensuring the reliability and availability of NAB's web services through regular updates, hardware maintenance, system monitoring, and data backups. It addresses the importance of confidentiality and integrity of staff email, the risks associated with webmail and web servers (like brute force attacks, DDoS attacks, cross-site scripting, and SQL injection), and strategies to increase the availability of web and email servers through load balancing and recovery plans. The impact of human factors and organizational issues on IS security is also considered, along with the use of log records for monitoring and analyzing server problems. Finally, the report proposes various types of network devices to mitigate threats, including active, passive, preventative, and access control devices, concluding with the critical need for robust IS security and risk management strategies.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: IS Security and Risk Management
IS SECURITY AND RISK MANAGEMENT
NAME:
INSTITUTION:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IS Security and Risk Management 2
Executive summary
Technological advancements and innovations have been on the rise in the recent years, this
has led to increase in incorporations of these technologies into business and organizations in
general in order to increase generation of revenue and their growth and development. This
has resulted in organizations and business to become highly dependent on technology in more
than 90% of their activities which although maximizes profits and makes everything else
easier, compared to the early industrialization times, it attracts immense risks as well (Mayer
et,al 2016). This threats and risk that tag along technology incorporations into business are
wide and are on the rise. These threats such as hackers and malware disrupt that effectiveness
of an organization in performing its tasks. These threats target organizations’ data and
information which are extremely valuable and essential in the workings of business and
organizations. Therefore, it's crucial for organizations to protect their data and information
through the use of information security and risk management. This could be simply described
as the process of preventing and managing risks and threats associated with the use of
technology. Firms nowadays have no choice but to employ strategies and tools that would
protect their data from being breached, hence IS and risk management contain the tools to do
these efficiently. This theme will be discussed broadly in this report while giving various
recommendations as well

IS Security and Risk Management 3
Table of Contents
IS SECURITY AND RISK MANAGEMENT..........................................................................1
IS SECURITY AND RISK MANAGEMENT..........................................................................6
Introduction................................................................................................................................6
Common malware and threats facing the National bank of Australia and its operations......6
Spyware..............................................................................................................................6
Botnets................................................................................................................................7
Adware...............................................................................................................................7
Rootkit................................................................................................................................7
Worms................................................................................................................................7
Viruses................................................................................................................................7
Networking devices used by NAB.........................................................................................8
Routers...............................................................................................................................8
Switch.................................................................................................................................8
Hub.....................................................................................................................................9
How NAB can ensure reliability and availability of the web service....................................9
Regular updates..................................................................................................................9
Hardware maintenance.......................................................................................................9
Monitoring system alarms and systems health...................................................................9
Backup non-replaceable data.............................................................................................9
confidentiality and integrity of the staff email.....................................................................10
Rules and policies............................................................................................................10

IS Security and Risk Management 4
Identifying confidential information................................................................................10
Traffic encryption.............................................................................................................10
Awareness of new IS threats............................................................................................10
malware and security issues related to webmail and web server.........................................10
Brute Force Attack...........................................................................................................10
Botnet...............................................................................................................................10
DDoS attacks....................................................................................................................10
Cross-site Scripting..........................................................................................................10
SQL Injection...................................................................................................................11
Approaches National Bank of Australia can use to increase availability of web and email
servers..................................................................................................................................11
Load Balancing................................................................................................................11
Recovery Plans.................................................................................................................11
impact of human factors and organizational issue IS related security and management.....12
log records in monitoring and analyzing web and email server problems...........................12
Benefits of audit log reports.................................................................................................13
Auditing analysis..............................................................................................................13
Internal investigations......................................................................................................13
Operational trends and long-term problems.....................................................................13
Proposed Types of Network devices to mitigate threats......................................................13
Active Devices.................................................................................................................13
The passive Devices.........................................................................................................14

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IS Security and Risk Management 5
Preventative Devices........................................................................................................14
Unified Threat Management............................................................................................14
Access control devices.....................................................................................................14
Conclusion................................................................................................................................14
REFERENCES.........................................................................................................................16

IS Security and Risk Management 6
IS SECURITY AND RISK MANAGEMENT
Introduction
The aims and objectives of this report are to describe the various threats that are linked to the
incorporations of technology into business and organizations, furthermore, the report will
also illustrate the various impacts these threats may have on an organization. The report will
also give the various recommendations that an organization will use in countering this risk
and threat while showing their benefits. However, the aim and objectives of this firm will be
put into perspective through the use of National Bank of Australia as the selected
organization. It’s among the largest banking originations in Australia offering information
services to both its consumers and staff members in order to access its products and services.
Headquartered in Docklands, NAB operates through 820 banking centers and is present in
New Zealand, the US, Asia, and Europe. NAB currently employs around 35,063 staff and
serves around 8 million customers around the world. As of 2016, the total income of the bank
reached US$5,144 million and total assets amounted to US$617 billion. Therefore, the aims
and objectives of this report will be discussed and analyzed broadly in the context of the
National bank of Australia (Daly, & Gebremedhin, 2015).
Common malware and threats facing the National bank of Australia and its operations
Spyware- this type of malware affects breaches the information system of the organization,
its clients, and users through spying on them without their knowledge. Through spyware,
attackers are able to monitor and collect data on their victims’ devices and even makes
changes to their information systems (Laybats, & Tredinnick, 2016). This would be fatal for
NAB since an attacker would acquire logon details of their customers and even steal money
from their accounts

IS Security and Risk Management 7
Botnets- a collection of computers or servers used by attackers for DDOS attacks on
organizations system and also deliver malware disguised inform of popular search items done
by staff members.
Adware-also known as advertising-supported software is a type of malware that affects
internet devices such as computer and smartphones. They affect these devices through
advertainment pop up on websites and advertisements displayed on software and
applications. this adware could be used to create backdoors into the bank’s information
systems and acquire sensitive data. In some instances, adware is bundled with spyware which
could be more futile for the bank consumers and its staff members
Rootkit-ist a malicious software that is designed to gain remote access to computers and
manipulate them without the knowledge of the security systems nor the users. Once this
software has been executed it is possible for the attacker to harvest user data and modify the
information systems which is futile for organizations such as NAB, where attackers can
monitor the activities of the staff members
Worms-this is the most common malware, it affects organizational operational activities by
exploiting the vulnerabilities of the operating system being used by consuming bandwidth
and overloading servers which causes them to overheat and reduce efficiency and later crush
if nothing is done to eradicate it (Tuvell, & Venugopal, 2017). However, worms have the
ability to replicate and spread to as many computers in an organization, moreover, they could
be accompanied with payloads which are used to harvest data and manipulate the systems and
create bots as well
Viruses-another type of malware that has the ability to reciprocate itself and spread to other
computers by attaching and infecting essential applications and programs when the user
launches them. viruses can be used to steal crucial information, harm networks, and their host
computers and also create botnets (Jouini, Rabai, & Aissa, 2014)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IS Security and Risk Management 8
Networking devices used by NAB
Routers-its purpose it creates a connection between two or more computers in a network
which consequentially data packets are exchanged between them. The authenticity of the
information in the data packets is verified by their automatically assigned addresses,
therefore, determining the presence in the same network, identifying the source and
destination in the long run, however, routers are vulnerable to destruction, error, and abuse.
There are two aspects of a router the hardware which contains the computer parts such as
ROM, CPU, and ROM. The software part is known as the firmware which runs the router. It
is very difficult to write software and even the gurus may make mistakes creating room for
bugs which hacker will definitely exploit. Router vendors will likely sell routers that have
outdated firmware so that they can make profits (Singh, & Tyagi,2015). This is due to the
fact that they look for ways to produce hardware at a lower cost and often neglect the
software part, in some cases you may find that the casing of the routers may be inefficient,
weak and breaks easily, despite this it has achieved the vendors goal for lower cost
production and generate maximum profits as possible. Moreover, exploits identified by
hackers are hardly updated since vendors are focused on the next router. Sometimes routers
may be configured wrongly due to the lack of knowledge in handling understanding the
firmware terms used by engineers for engineers, this creates errors and vulnerabilities in the
long run.
Switch-a computer networking device that creates a connection of devices together on the
same network through packet switching where data is received processed and sent to its
intended destination device. Just like routers switch firmware is complex and hard to write,
this results in coders leaving mistakes in the code which causes bugs that hackers tend to
exploit. a good example id the famous CISCO switch vulnerability where there was incorrect
processing of packets which was exploited by hackers. Moreover, a firm’s objective is to

IS Security and Risk Management 9
produce maximum revenue at the lowest possible cost of productions is also applied here
which results in easy destruction and breakages with improper handling. Due to the
complexity of the firmware, it tends to be hard for users with a typical technical knowledge to
performs incorrect configurations causing errors, therefore, disrupting the network
Hub-a network hub is used in connecting multiple hosts in a network moreover, just like the
switch it also transfers packets data on a computer network. Bugs that may originate from
mistakes made during coding will create chances for exploitations by hackers. Moreover, lack
of updates on the firmware by vendors will constantly increase vulnerability to their
consumers who do use the same network device for a while. Moreover, the use of low
production cost, especially on the casing of the hub, may reduce its durability in the long run
How NAB can ensure reliability and availability of the web service
Regular updates-It is essential for the organizations to make regular updates on the windows
server 2012 for the purpose of acquiring security updates to protect the web service from new
threats and attacks
Hardware maintenance-regular hardware maintenance and replacement are essential since it
will remove obstacles such as dust and prevent overheating which will reduce reliability
durability.
Monitoring system alarms and systems health -the firmware in server 2012 contain efficient
monitoring systems that will alert the IT supports in case of a problem with the system. This
allows quick response in solving the issue, therefore, maintaining availability and reliability
of the web service
Backup non-replaceable data-through backing of non-replaceable data that would be lost in
case of a hacking or a crash of the server would ensure maintaining its operational activities
to run smoothly

IS Security and Risk Management 10
confidentiality and integrity of the staff email
Rules and policies- the organization should educate all its employees on the various policies
available concerning privacy at workplaces, as well as the consequences that will be met with
the breach of these policies
Identifying confidential information -employees should be able to discern confidential
intimation such as employee information and contracts, if not clarification should be made
through seminars and training
Traffic encryption -encrypting of the email traffic will go a long way in protecting data and
information sent by staff members
Awareness of new IS threats-as an organization sit is essential to be aware of the new threats
and vulnerabilities that can affect the confidentiality and integrity of the staff email
malware and security issues related to webmail and web server
Brute Force Attack- the attacker attempts to gain access to the web server by attempting to
gain the correct root administrator password through the use of software or Linux executions
that check every possible combination
Botnet- a collection of computers or servers used by attackers for DDOS attacks on
organizations system and also deliver malware disguised inform of popular search items done
by staff members
DDoS attacks- also known as the denial of service, its lethal technique attackers use to
shutdown effectively the webservers through increasing traffics that the servers become
unresponsive overheats and crash
Cross-site Scripting- it maximizes vulnerabilities found in web applications which allows the
attacker to inject code in the server-side script which is used in the execution of malicious
client-side scripts as well as harvest data from users (Cassidy,2016)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IS Security and Risk Management 11
SQL Injection- utilizes vulnerabilities found in the database associated with web
applications. the strings are inserted malicious codes that are later passed to the SQL server,
parsed and executed.
Approaches National Bank of Australia can use to increase availability of web and
email servers
Load Balancing- The organization can use this approach to improve availability and
performance in the long run through the distributions of the workload through multiple web
and email servers. If one server fails and it is already loaded balanced the other web and
email server will handle oncoming traffic until it becomes healthy (Pearlson,, Saunders, &
Galletta,2016).
Figure 1: load balancing approach to increase availability of web and email servers at
NAB

IS Security and Risk Management 12
Recovery Plans- this approach will assist NAB to recover efficiently from potential failures
or administration errors within the web and email servers moreover they give the firm a
recovery plan from any point of failures such as hardware failure or accidental deletion of
data that would affect the presence and availability of the web and email server for a specific
time.
Figure 2: recovery plan approach to increase availability of web and email servers at NAB
impact of human factors and organizational issue IS related security and management
The human factor has a great impact on IS security and management in a world of technology
advancements accompanied with increasing threats to undermine them, however, there is
always the tendencies to equate origin of security breaches to the end users which is not the
case (Parsons et,al 2015). This needs to be looked at from a holistic view of three paradigms,
the end user the, IS professional and in the top executives daily operations if the end user will
affect the IS either negatively or positively and it’s up to the IS professionals to respond
according to ensure (Soomro, Shah, & Ahmed 2016). Moreover the top executives in an

IS Security and Risk Management 13
organizations play a big role in offering support such as infrastructures and financially to the
IS professionals in maintaining effective and secure information systems as well as
structuring policies and regulations for their implementation (Gilpin & Lawler,2015)
log records in monitoring and analyzing web and email server problems
Consistently, computers nowadays are producing records of the events that happen. Some are
normal. Others are markers of a decrease in network health or endeavored security ruptures.
Log documents contain an abundance of data to decrease an association's exposure to
attackers, malware, harm, misfortune and lawful liabilities. A vulnerability that has attacked
NAB can be traced back to the user or staff member who was compromised initially and
appropriate actions can be taken. Log information should be gathered, stored, analyzed and
observed to meet and give an account of regulatory compliance standards like Sarbanes
Oxley (Layton, 2016). .
Benefits of audit log reports
Auditing analysis-audit reports tend to be very useful to the information system security in an
organization. Through these reports organizations such as NAB is able to assess the various
damages or threats that could compromise the entire system.IS professionals are also able to
identify end users networks movements and identify those who are prone to threats and take
appropriate actions (Safa et. al, 2014)
Internal investigations-audit reports are also essential in conducting investigations in cases
of complaints from end users and tracking the cause of information’s system security
compromise. This is possible since networks devices will generate log records of every event,
therefore, identifying the compromised party is easier and faster.
Operational trends and long-term problems. As an IT professional working in NAB, it will
be easier for me to identify operational trends that occur through the use of the audit reports.
Compromise arising from the operational trend will be easier to address through appropriate

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IS Security and Risk Management 14
actions.IS issue that seems too long-term, strategies can be created and implemented in order
to tackle them and eradicate them in the future and also introducing a learning curve for
future scenarios that may arise (Taneja et,al 2016)
Proposed Types of Network devices to mitigate threats
Active Devices-these are devices that are efficient in blocking surplus traffic that may cause a
DDOS attack or purely innocent overloading which would cause failure of the web and email
servers. They include content filtering devices, firewalls, and antivirus scanning devices
(Sharma, Dhote, & Potey,2017)
The passive Devices-these appliance will be used in identifying unwanted intrusion in the
web and email servers and alert the IT specialist to take appropriate actions. This will be
effective in preventing malware such as rootkit and spyware
Preventative Devices-these devices will be used in scanning the network and identifying
potential threats to the information systems and appropriate actions are taken, these devices
include penetration testing tools
Unified Threat Management- performs its tasks in general through the incorporations of the
devices above as one. This offers efficiency in detecting and preventing intrusions and
security threat to the firm effectively
Access control devices-its efficient to recognize each user and its device to prevent outsiders
from accessing the organization's services.it also assists in implementing policies and
regulations and those users who don’t comply are given limited access (Garba, Armarego, &
Murray,2015)
Conclusion
Technological advancements and innovations have been on the rise in the recent years, this
has led to increases in incorporations of these technologies into business and organizations in
general in order to increase generation of revenue and their growth and development This has

IS Security and Risk Management 15
resulted in organizations and business to become highly dependent on technology, its attracts
immense risks as well (Webb et,al 2014). These threats such as hackers and malware disrupt
that effectiveness of an organization in performing its tasks the report has discussed the
various threats. The report has also looked at the network devices used by NAB and
explained the reasons why they are prone to vulnerability and destructions moreover the
human factor has also been addressed and it has come into a conclusion that it should be
looked at through a holistic view. organizations should consider strong information’s systems
through the incorporation of network and system devices. They should also train their
employees regularly and issue them with appropriate tools so as to reduce their compromise
by hackers or intruders and sustain a strong efficient information system

IS Security and Risk Management 16
REFERENCES
Cassidy, A. (2016). A practical guide to information systems strategic planning. CRC press.
Daly, A., & Gebremedhin, T. A. (2015). Can An “Indigenous Employment Program” Work?
A Case Study of National Australia Bank. Economic Papers: A journal of applied
economics and policy, 34(3), 128-138.
Garba, A. B., Armarego, J., & Murray, D. (2015). A policy-based framework for managing
information security and privacy risks in BYOD environments. International Journal
of Emerging Trends & Technology in Computer Science, 4(2), 189-98.
Gilpin, K., & Lawler, E. (2015). U.S. Patent Application No. 14/510,230.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in
information systems. Procedia Computer Science, 32, 489-496.
Laybats, C., & Tredinnick, L. (2016). Information security.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. CRC Press.
Mayer, N., Aubert, J., Grandry, E., & Feltus, C. (2016, November). An Integrated Conceptual
Model for Information System Security Risk Management and Enterprise
Architecture Management Based on TOGAF. In IFIP Working Conference on The
Practice of Enterprise Modeling (pp. 353-361). Springer, Cham.
Parsons, K., McCormac, A., Butavicius, M., & Ferguson, L. (2015). Human Factors and
Information Security: Individual, Culture and Security Environment, Report
published by Defence Science and Technology Organisation. DSTO-TR-2484,
Edinburgh South Australia, 5111, Australia. http://dspace. dsto. defence. gov.
au/dspace/bitstream/1947/10094/1/DSTO-TR-2484% 20PR. pdf Erişim Tarihi: 22.08.
Pearlson, K. E., Saunders, C. S., & Galletta, D. F. (2016). Managing and Using Information
Systems, Binder Ready Version: A Strategic Approach. John Wiley & Sons.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IS Security and Risk Management 17
Safa, N. S., & Maple, C. (2016). Human errors in the information security realm–and how to
fix them. Computer Fraud & Security, 2016(9), 17-20.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers
& Security, 53, 65-78.
Sharma, D. H., Dhote, C. A., & Potey, M. M. (2017). Implementing Anti-Malware as
Security-as-a-Service from Cloud. In Proceedings of the 5th International Conference
on Frontiers in Intelligent Computing: Theory and Applications (pp. 533-539).
Springer, Singapore.
Singh, N., & Tyagi, K. (2015). A Literature Review of the Reliability of Composite Web
Service in Service-Oriented Architecture. ACM SIGSOFT Software Engineering
Notes, 40(1), 1-8.
Skorodumov, B. I., Skorodumova, O. B., & Matronina, L. F. (2015). Research of human
factors in information security. Modern Applied Science, 9(5), 287.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Taneja, D., Bhamidipati, P. V., Byragani, B. Y., Nadimpalli, S., & Lull, J. (2016). U.S.
Patent No. 9,286,595. Washington, DC: U.S. Patent and Trademark Office.
Tuvell, G., & Venugopal, D. (2017). U.S. Patent No. 9,576,131. Washington, DC: U.S.
Patent and Trademark Office.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for
information security risk management. Computers & security, 44, 1-15.