Information Security Report: Analyzing Te Mata Estate Security

Verified

Added on 2019/09/30

AI Summary

This report analyzes the information security practices and challenges faced by Te Mata Estate, a New Zealand winery. It covers four components of information security risk management, including risk avoidance, transfer, mitigation, and prevention. The report also examines assurance and compliance components, focusing on privacy, accuracy, property, and accessibility (PAPA) policies. It discusses risk management controls and standards, including data protection, wireless network security, and internal server security. The report further explores unethical hacking incidents, such as the 2008 breach, and countermeasures against phishing attacks, referencing a 2011 incident. Additionally, it outlines approaches for improving the security of network components, including software design verification, password policies, and wireless network security. The report also suggests recommendations for securing communications, details information security operations, discusses vulnerability assessment and testing, and covers incident management and codes of professional practice, including IT Professionals New Zealand’s Code of Ethics. The report concludes with references to relevant sources.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Assignment
On
Information Security
Submitted by
Name
Registration No
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information Security [Student Full Name], [Student Id]
Contents
Task 1:..................................................................................................................................................2
Four components of information security risk management............................................................2
Task 2:..................................................................................................................................................3
Assurance and compliance components...........................................................................................3
Task 3:..................................................................................................................................................4
a) Risk management controls and standards...................................................................................4
Risk management controls...........................................................................................................4
Risk management standard...........................................................................................................4
b) Identify and analyze hgt4.............................................................................................................4
Task 4...................................................................................................................................................5
Unethical hacking.............................................................................................................................5
Task 5...................................................................................................................................................5
Countermeasures against phishing attack.........................................................................................5
Phishing attack at Te Mata Estate.................................................................................................5
Countermeasures against Phishing attack....................................................................................6
Task 6...................................................................................................................................................6
Approaches for improvement of security of network components..................................................6
Task 7...................................................................................................................................................7
Recommendations/solutions for Security of communication..........................................................7
Task 8...................................................................................................................................................8
Components of information security operations..............................................................................8
Task 9...................................................................................................................................................8
Vulnerabilities assessment and testing.............................................................................................8
Vulnerability assessment..............................................................................................................8
Vulnerability testing.....................................................................................................................9
Task 10.................................................................................................................................................9
Incident management.......................................................................................................................9
Task 11................................................................................................................................................10
Codes of Professional Practice.......................................................................................................10
Task 12................................................................................................................................................11
IT Professionals New Zealand’s Code of Ethics............................................................................11
Examine......................................................................................................................................11
Discussion...................................................................................................................................11
References..........................................................................................................................................11
LEVEL 7, Assessment 2, Feb 2019 Page 2 of 15

Information Security [Student Full Name], [Student Id]
Task 1:
Four components of information security risk management
Te Mata Estate is one of New Zealand’s oldest wine producers in the country. Most of the activities
of this system are automated in order to enhance the effective management of the supply chain. As
at the year 2008 and the year 2011, the company experienced some critical hitches in its information
system. In 2008, a hacking took place which not only denied access to the administrator of the
system but also the functionality of the whole system was highly downgraded. Thus to fight from
such serious security consequences there is need to analyze possible reasons for security breaches in
the system. To establish a quality information security risk assessment there is a need to choose
important parameters for this risk assessment process. Four components of information security risk
management technique are
I. Risk Avoidance
The first step is to protect the database with necessary software so that unauthorized access could be
blocked on correct timing and that is known as risk avoidance.
II. Risk transfer
If by any reason risk has made an effect on sensitive and important data then that needs to be
transferred immediately to prevent loss. There is a need to take steps so that the company “Te Mata
Estate” could choose to transfer the risk.
III. Risk Mitigation or prevention
A further step is to mitigate risk by choosing the optimum solution for it. For example, a company
can use specific and smart software which can detect the threat and guide possible solution to
mitigate it.
IV. Risk prevention
The most important step which the company can choose to prevent risk from an occurrence. Either
they can generate a strong policy for maintaining optimum security or they can use network
monitoring which can analyze the threat and correct it before its occurrence.
It is very important to identify risk and fix it on the correct time so that we can avoid heavy losses
and penalty. Even though there is a need to upgrade the security system, policy and guidelines so
that any upcoming threat could not make huge destruction for the business.
LEVEL 7, Assessment 2, Feb 2019 Page 3 of 15

Information Security [Student Full Name], [Student Id]
Task 2:
Assurance and compliance components
At present, there are so different types of ethical issues that need to be evaluated. To enhance the
system security there is need to focus on assurance and compliance components. To ensure the
assurance and compliance policy has been followed completely on not there is a need to evaluate
different policy separately and we will discuss four policy her,
PAPA- Privacy, Accuracy, Property, and Accessibility.
a) In privacy, we mainly work on what an individual data and information are going to exchange
and share under some specific terms and conditions with other people as well as also help in
deciding what to keep safe and what to share with others.
b) Whereas inaccuracy we look for the data and information validity, as well as find out the
responsible authorities for error in data and information and also the affected party lost.
c) In property, we basically tried to find out the owner of the data and information and also tried to
fix the prices for its exchange.
d) And at last inaccessibility, we mainly work on what type of data and information any individual
or organization have the right to obtain under certain terms and conditions.
Though four policy has been incorporated very clearly not more than two policies have been
followed correctly. As we see that there are many problems which occur due to the communication
problem between developers, managers, and customers. Currently, there are two main forces which
put major risk on the privacy of the individual and organization. First one is a sudden rise in the use
of information technology with more new capabilities of communications, surveillance, and storage.
Whereas the second one is a more dangerous threat in which information plays a major role in the
decision-making process. Information leaks lead to invading the privacy of individuals and
organization.
Task 3:
a) Risk management controls and standards
The new risk management standard has many definitions and approaches to managing the risk
factor. All the new method and theory which is developed in AS/NZS ISO 31000:2009 for the
benefits of the organization which helps in making confident and balanced decisions about all the
risks which Te Mata Estate are going to face in the future.
LEVEL 7, Assessment 2, Feb 2019 Page 4 of 15

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information Security [Student Full Name], [Student Id]
Risk management controls
I. Data and information which are in the form of documents, presentations, emails, and databases
are the lifeline of the most of the companies and application which protect and run your
organizations requires a lot of space.
II. A wireless network can be easily compromised by using share key. Due to increasing
dependence on IT also increased the risk impact of IT on overall organization business. Nowadays
threats in IT services is increased because its vulnerabilities are exposed across the world.
III. Internal server and network
Risk management standard
Risk management standard generally helps to identify the risk and how to behave in some
predefined type of risk. It is very important for any company because some time predictable risk
can be sorted out in less time than actual by the help of this method.
I. Make risk rating
II. Be an effective part of decision making
III. There is a need to be structured, secured and timely.
b) Identify and analyze hgt4
I. Clause 5 of ISO 31000 defines the risk management process as “the systematic application of
management policies, procedures, and practices to the activities of communicating, consulting,
establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing
risk”
II. (ISO Guide 73:2009, definition 3.1). ISO/IEEE/IEC29119 software testing is a benchmark set
Standard for the world. Standards mean services for everyone.
III. ISO/IEC/IEEE 29119 is a series of standardization which mainly covers the systems and
software testing. The main aim behind these series is to make a set of standards which is accepted
globally. According to IEEE Standard 610.12-1990, the testing of software is explained as “The
methods of analyzing a software product to find out the differences between old and new situations
(which is, bugs) and to measures the new updates of the software products." Standards
Australia/Standards New Zealand. (2009).
Task 4.
Unethical hacking
LEVEL 7, Assessment 2, Feb 2019 Page 5 of 15

Information Security [Student Full Name], [Student Id]
In Te Mata Estate (2008), a hacking took place which not only denied access to the administrator of
the system but also the functionality of the whole system was highly downgraded. After much
intervention, it was realized that one of the employees had deliberately given out critical
information of the system to some hackers for an exchange with cash. It is proved that data &
information both work as a support system for both consumer and business. The main problem
arises when privacy is invaded, as well as sensitive information and data is lost and stored. Due to
this individual or company security and privacy ethics become very vulnerable. The management of
risk is the basis of an information system to provide the best cyber security solution. One of the
major security threats is an employee who works on the system T. Berners-Lee, R. Cailliau, J.
Groff, and B. Pollermann,(2012) . They can easily harm the system with intention and for fulfilling
some purposes.
Hackers are the very common type of attacker on cyberspace. They find the loophole in security
and attack by using the known method at a very high rate frequently to get the desired results. Mails
and servers are their main target. If they are not able to find the weakness they go for an easy target
and plant their attack. Te Mata Estate should also always check whether the current legal framework
fulfills the criteria of available technology or not. Because without proper security guarantees of
security and integrity as well as privacy of the data and information the digital legal system
framework is not going to develop properly.
Task 5.
Countermeasures against phishing attack
Phishing attack at Te Mata Estate
In Te Mata Estate (2011), An email was sent to the department claiming that the sender was a new
supplier from a subsidiary company and the department was to pay a deposit to the given bank
account number to facilitate the delivery of grapes. Without confirmation from the other
departments, the chief accountant authorized the payment blindly. After a few days, it was realized
that the money was sent to a cybercriminal who had masqueraded to be a supplier. The efforts to
track the money proved futile since the criminal didn’t leave any traces. Information leaks lead to
invading the privacy of individuals and organization. As we see that information technology is the
major sector which rides and lives on cyberspace.
LEVEL 7, Assessment 2, Feb 2019 Page 6 of 15

Information Security [Student Full Name], [Student Id]
Countermeasures against Phishing attack
In recent time business analytics and intelligence platform responsible for mainstream data and
information flow with a high rate of cloud-based deployments. Offers visual based intuitive
interaction experience which permits the user to analyze, access and finding current errors in their
database without having any coding or technical skills. It is mainly used to provide a standard way
to visualize the system design process. It enables the developer to construct, visualize, specifies and
document the design of the system. Its help in making the architecture more scalable, robust and
secure in execution.
Task 6.
Approaches for improvement of security of network components
Applying these standards of software testing help with global knowledge and mutual standards for
testing software, at the same time it also provides a high-quality method towards the assurance of
quality.
a) The software design must be verified against requirements so that user’s needs are reflected in
the design. Functional testing mainly carried out to ensure how the product behaves according to
functional requirements in the system. Whereas usability testing mainly focuses on the acceptance
of the customer.
b) The software and hardware part which are going to use in the Te Mata Estate is also checked by
the IT professional upcoming risks. Session management, ID management, security events, and
logging are the major risk factor areas of the Te Mata Estate. There are so many salient features of
the password policy like enforced password history, password maximum age, password minimum
age, password minimum length, passwords must meet the complexity requirements and then after
stores the passwords using the reversible encryption. In today time there are so many systems like
Google and other IT giant have built-in password methods to set the policy.
c) As we see that nowadays most of business pc is overtaken by mobile devices. Data sent over the
wireless network can be easily accessed by attackers using various data interception techniques.
Identity theft is also very common in the wireless network when able to capture the network traffic
and able to identifies the address of the computer using network privileges. Wireless computing
device and mobile are the main targets to attackers because of unmanaged use of wireless links. As
we see that in a big organization network infrastructure data mainly originates and travel in so many
different environments like remote locations and main office.
LEVEL 7, Assessment 2, Feb 2019 Page 7 of 15

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Information Security [Student Full Name], [Student Id]
Task 7.
Recommendations/solutions for Security of communication
There is a need to ensure that whether any security attack occurred or not and that’s why there is a
need to recheck all security parameters. The finance department can make three suitable reasons to
identify whether any breach in network occurred or not and that can be analyzed by evaluating these
three points.
a) Te Mata Estate IT system provides management features where they can store complete
information of the customer and their details of purchasing in the estate, details of Te Mata Estate
products information. Its mainly helps Te Mata Estate to monitor every information which is used in
their E-Commerce system in the time of online activities like payment cycle and information about
the product. Resource management of Te Mata Estate e-commerce system helps in removing and
adding new data as well as information about the transaction, user and products.
b) Te Mata previous system is not very user-friendly. Now, Estate e-commerce system user
interfaces mainly design by keeping the mind in customer requirements with their new system.
Their e-commerce system fulfills the needs of users and products information in a user-friendly
way so that they can purchase without any problem. When we check in the business model then we
found that only the location of the site is a risky thing otherwise company purpose and plan are
same and good. When human interaction with the system then there is a high level of privacy
concern among the users. Companies which rely more on human interaction with the system often
face these mistakes: Sometimes they use these things to answer meaningless questions.
c) In privacy, we mainly work on what an individual data and information are going to exchange
and share under some specific terms and conditions with other people as well as also help in
deciding what to keep safe and what to share with others. Whereas inaccuracy we look for the data
and information validity, as well as find out the responsible authorities for error in data and
information and also the affected party lost. In property, we basically tried to find out the owner of
the data and information and also tried to fix the prices for its exchange. And at last inaccessibility,
we mainly work on what type of data and information any individual or organization have the right
to obtain under certain terms and conditions.
LEVEL 7, Assessment 2, Feb 2019 Page 8 of 15

Information Security [Student Full Name], [Student Id]
Task 8.
Components of information security operations
Information security is very important for company safety and security because if any security
parameter is being left attended for a longer time than usual then that can be a reason of security
breach in the company.
a) Preventive maintenance of the Estate IT system maintains, analyze, and control the performance
of Te Mata applications according to the user requirements. It covers from server admin to the end
user and everything which connect all the IT infrastructure for good and bad purpose at the same
time. So regular update on a daily basis of preventive measures makes Te Mata Estate more secure
and user-friendly. According to IEEE Standard 610.12-1990, the testing of software is explained as
“The methods of analyzing a software product to find out the differences between old and new
situations (which is, bugs) and to measures the new updates of the software products."
b) Software testing standards have a globally-accepted set of standards which can be used by any
company when they do software testing. Applying these standards of software testing help to ensure
how product behave according to functional requirements in the system. Whereas usability testing
mainly focuses on the acceptance of the customer. The new global standard nowadays covers the
different level of testing processes. It’s mainly cover the documentation process, design test
methods, and concepts Matalonga S., Rodrigues F., Travassos G.H. 2015.). The standard mainly
helps in recognizing different types of software and development of methods of any industry.
c) Testing plays an important role in the foundation of the success of any software products. A
system test plan is a detailed strategy of the test plan. The test document mainly consists of different
type of test plan and test cases. The quality of system and product mainly depends upon the
requirements which explain the problem, design and analysis models of the solution, tests which
exercise the software to find out their error. A good software development process mainly uses
measurement to assess the quality of all four component.
Task 9.
Vulnerabilities assessment and testing
Vulnerability assessment
The new global standard nowadays covers the different level of testing processes. It’s mainly cover
the documentation process, design test methods, and concepts. The standard mainly helps in
LEVEL 7, Assessment 2, Feb 2019 Page 9 of 15

Information Security [Student Full Name], [Student Id]
recognizing different types of software and development of methods of any industry. Testing plays
an important role in the foundation of the success of any software products. The test document
mainly consists of different type of test plan and test cases. Standards are published documents
setting out specifications and procedures designed to ensure products, services and systems are safe,
reliable and consistently perform the way they were intended to T. Berners-Lee, R. Cailliau, J.
Groff, and B. Pollermann,(2012). They establish a common language which defines quality and
safety criteria.
Vulnerability testing
There are several standards, international and national, that relate specifically to software testing.
Standards formalize industry best practice and they are agreed
Upon by professionals in the industry in which the standards apply. Software testing mainly looks
for a potential threat before going life or moved into the user environment. So many testers still
think that testing field is still not ready for a standard. Independent standards accurately identify
problems in the infrastructure without doing any partiality Dhlamini, J., Nhamu, I. & Kachepa, A.
(2009). . It provides solid proofs of product effectiveness. To make their products more transparent
to their vendors and customers it is very necessary to opt independent standard benchmark for
software testing. Due to the lack of process visibility, it is very tough to assess the real progress
through documented standards.
Task 10.
Incident management
a) In a big organization network infrastructure data mainly originates and travel in so many different
environments like remote locations and main office. The main office is where all the branch offices
are reporting and where most important server run whereas branch offices are mainly located in
remote places and connected to the main office through a wide area network. Branch offices
normally host less important servers. To connect many employees at the same time all office
location must access the same network resources.
b) There are so many companies which deploy wide area network (WAN) to connect with the
remote offices. WAN mainly used to connect LAN from different offices together. By using these
services Te Mata Estate can work from separate offices and share or communicate information
easily with effectiveness. The management of risk is the basis of an information system to provide
the best cybersecurity solution. here are so many activities which mainly solved or minimize the
risk associated with a specific portion of the software development process like objective,
constraints, alternatives, risks, risk resolution, results, plan, commitment. As we know that these
activities mainly used for system development task to improve their quality.
LEVEL 7, Assessment 2, Feb 2019 Page 10 of 15

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information Security [Student Full Name], [Student Id]
c) Most of the design of the test is according to the initial explanation of the requirements and are
not able to change according to the requirements. If the testing process is not automated then it will
be boring and monotonous and have maximum chance to give the fail results. There is a very huge
chance of fault rate in new design components. The system design must be verified against
requirements so that user’s needs are reflected in the design.
d) Due to standards, businesses and users can feel confident that their software products and
services they develop and/or use are safe, reliable and user-friendly Wichmann, B. A. and M. G.
Cox (1992). It works as a launch pad for new innovations. They can be created and destroy
according to the requirement of our changing world. New standards mainly developed to show new
technologies and innovations.
Task 11.
Codes of Professional Practice
a) Many of the recent research shows that the end user has a big impact on the success and failure of
Standards and software testing. As we see that normally people reject the change when they get
instantly in the system. Due to their rejection, it poses a bad effect on the acceptance of the new
system negatively.
b) It is very common for the end users to find it problematic to use any new deploy system. But if
this thing lasts a long then threat to the acceptability of the system increases. The end user always
wants the new requirements during the operation of the system which is implemented mainly to
fulfill the user needs, organizational and environmental changes, and needs of the business.
c) This new risk management standard has many definitions and approaches to managing the risk
factor. All the new method and theory which is developed in AS/NZS ISO 31000:2009 for the
benefits of the organization which helps in making confident and balanced decisions about all the
risks which they are going to face in the future.
d) To solve this they are setting the standard which is capable to solve all forms of risk and provide
reliability and consistency. Independent security checks accurately identify problems in the
infrastructure without doing any partiality. It provides solid proofs of product effectiveness.
Expertise in both the process plays a main role in project success P. Bieber and F. Cuppens. (2012).
Main issues which affect the uncertainty in project planning mainly consists of project size, project
complexity, and structural uncertainty.
LEVEL 7, Assessment 2, Feb 2019 Page 11 of 15

Information Security [Student Full Name], [Student Id]
Task 12.
IT Professionals New Zealand’s Code of Ethics
Examine
According to NewZeland code of IT, Independent security audit to keep all the program in track as
well as decrease the tension of formal audits of the system. It helps in fulfilling an important role to
make sure that all the procedures and policies are followed according to the business standards and
legislation or not. To make audit impartial it is necessary to involve people who are independent of
the specific business enterprise. The way nowadays people use the internet, it is a very high
probability that someone out there knows more about the people than people know about himself.
Discussion
The expertise and experience of the stakeholders in many cases always improves the understanding
of the risk. To make their products more transparent to their vendors and customers it is very
necessary to opt independent security benchmark. They provide surety about the quality and
consistency of software products and their services. They also enhance the company economy,
provide best health services and safety, It also protects the natural resources, and provide a better
quality of life. The new global standard of software testing was created by International
standardization organization (ISO) and International Electrotechnical Commission (IEC) in the year
2013. This method offers the best results. Before the design process of system developers must
have to go for two activities like knowing the problems in brief which they are going to solve and
Study about the tools through which they are going to solve the problem. They also help in
developing the risk treatment which will be widely acceptable and very effective for the system.
References
Abdullah, T., Mateen, A., Sattar, A., & Mustafa, T. (2010). Risk analysis of various phases of
software development models. European Journal of Scientific Research, 40(3), 369–376.
Arshad, N., Mohamed, A., & Nor, Z. (2007). Risk factors in software development projects.
Proceedings of the 6 th WSEAS International Conference on Software Engineering, Parallel and
Distributed Systems, pages 51–56
Braddy Phillip W, Meade Adam W, Kroustalis Christina ( 2008) M. Online recruiting: The effects
of organizational familiarity, website usability, and website attractiveness on viewers’ impressions
of organizations.Computers in Human Behavior.;24(6):2992–3001.
LEVEL 7, Assessment 2, Feb 2019 Page 12 of 15

Information Security [Student Full Name], [Student Id]
Dhlamini, J., Nhamu, I. & Kachepa, A. (2009). Intelligent risk management tools for software
development. Proceedings of the 2009 Annual Conference of the Southern African Computer
Lecturers’ Association, 33–40.
Hentea, M. (2008). A perspective on security risk management of SCADA control systems.
Proceedings of 23rd International Conference on Computers and Their Applications, April 9-11,
2008, Cancun, Mexico.
Hannu Jaakkola and Bernhard Thalheim. (2011) "Architecture-driven modelling methodologies."
In: Proceedings of the 2011 conference on Information Modelling and Knowledge Bases XXII.
Anneli Heimbürger et al. (eds). IOS Press. p. 98
ISO/IEC/IEEE International Standard. 2013. “Software and systems engineering --Software testing
--Part 1:Concepts and definitions," in ISO/IEC/IEEE 29119-1:2013(E) , pp.1- 64.
Majchrzak T.A. 2012. “Software Testing”. In: Improving Software Testing. SpringerBriefs in
Information Systems. Pp 11-56
Matalonga S., Rodrigues F., Travassos G.H. 2015. “Matching Context Aware Software Testing
Design Techniques to ISO/IEC/IEEE 29119”. In: Rout T., O’Connor R., Dorling A. (eds) Software
Process Improvement and Capability Determination. SPICE 2015. Communications in Computer
and Information Science, vol 526. pp 33-44.
M Warkentin, R Willison(2009) Behavioral and policy issues in information systems security: The
insider threat, European Journal of Information Systems, pp. 101-105
Nenad Medvidovic and Richard N. Taylor (2000). "A classification and comparison framework for
software architecture description languages." Software Engineering, IEEE Transactions on 26.1
(2000): 70-93.
N. Anerousis,(2017) An architecture for building scaleable, Web-based management services,
Journal of Network and Systems Management, Vol. 7, No. 1, pp. 73-104
LEVEL 7, Assessment 2, Feb 2019 Page 13 of 15

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Information Security [Student Full Name], [Student Id]
P. Bieber and F. Cuppens. (2001 )Computer Security Policies and Deontic Logic. In Proc. of the
First International Workshop on Deontic Logic in Computer Science, Amsterdam, The
Netherlands,pp.75-125
P. Bieber and F. Cuppens. (2012) A Logical View of Secure Dependencies. Journal of Computer
Security, pp.99–129
Reid S. 2012. “The New Software Testing Standard”. In: Dale C., Anderson T. (eds) Achieving
Systems Safety. pp 237-255.
Standards Australia/Standards New Zealand. (2009). Australian/New Zealand StandardË Risk
management— Principles and guidelines. Standards Australia/Standards New Zealand. Retrieved
04 28, 2017
T. Berners-Lee, R. Cailliau, J. Groff, and B. Pollermann,(2012) World-Wide Web: The Information
Universe, Electronic Networking, Vol. 1, No. 2, pp. 52-58
Vincent, J. (1996). Managing risk in public services: A review of the international literature.
International Journal of Public Sector Management, 9(2), 57-64
Wichmann, B. A. and M. G. Cox (1992). "Problems and strategies for software component testing
standards." Software Testing, Verification and Reliability 2(4): 167-185
LEVEL 7, Assessment 2, Feb 2019 Page 14 of 15