IS Security and Risk Management: Threats, Solutions, and Strategies

Verified

Added on 2021/05/31

AI Summary

This report provides a detailed analysis of information security and risk management, focusing on the case of David Jones Pty Ltd, an Australian departmental store. The report begins by identifying common malware and threats faced by the organization, including viruses, worms, Trojans, ransomware, denial-of-service attacks, phishing, internal breaches, and spam. It then examines network devices, such as Wi-Fi networks, routers, and switches, highlighting their vulnerabilities to various cyberattacks. The report further explores strategies for ensuring the reliability and availability of the company's website hosted on Windows Server 2012, including the use of RAID, hybrid data centers, and cloud hosting services. It also covers measures for securing staff email security and integrity with Exchange Server. The report prioritizes threats to web and mail servers, such as malware, unauthorized access, data leakage, and DoS attacks. It then discusses methods for ensuring web and mail server availability, including RAID and cloud hosting. Finally, it examines the impact of human factors and organizational issues on IS-related security and risk management, emphasizing the importance of strong security policies, staff training, and robust logging and monitoring practices.

IS SECURITY AND RISK MANAGEMENT 1
IS Security and Risk Management
Name
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IS SECURITY AND RISK MANAGEMENT 2
Introduction
With the rising use of information systems for its immense benefits to businesses and other
organizations, security issues have become of a greater concern. This is because there are malicious
users always seeking to exploit vulnerabilities in information systems for a variety of reasons. This
paper discusses various aspects and concepts with regard to information security for an
organization, David Jones (David Jones Pty Ltd), an Australian upmarket departmental store based
in Sydney, Australia that has been a cyber attack victim (McCauley, 2015).
Q1 Common malwares and Threats Against David Jones
For an organization like David Jones, the common malware that affects its operations range
from the usual viruses to highly sophisticated worms and Trojans purposely built and targeted at the
organization. The malware include viruses, worms, Trojans, and Ransomware. Other forms of
threats include Denial and Distributed Denial of Service Attacks, human (and machine) error,
Phishing, hacking, internal deliberate breaches and information misuse such as data and information
theft, social media, and Spam (Stamp, 2013). Computer viruses are malicious software that upon
execution, replicates within an information system, modifying computer programs with its own
code. Worms are standalone malicious software that also replicate themselves in an IS and spread
to infect computers within this system (Nadkarni, 2016). Trojans are malicious software that look
perfectly normal and so mislead users and even security systems and wreak havoc. Ransomware is a
form of malicious software that gains entry into an IS and hijacks files such that they are not
accessible or usable until a ransom is paid.
Denial of service refers to a cyber attack where an attacker renders information system
resources of the victim unavailable or tool slow by flooding their network with data and data
requests, overwhelming their networks. Human (and machine) error pertains to unintended actions
or inaction that leave IS exposed or vulnerable to attacks, such as failing to log out from a remote
access, unintentionally opening and installing files with viruses (Soomro, Shah, & Ahmed, 2016).
Phishing is also a risk to David Jones; a malicious user seeks to gain access to restricted information
by posing as a legitimate and trustworthy entity. Internal breaches is one of the most significant
threats the firm faces; a disgruntled employee or one that lacks integrity can deliberately steal and
sell of data or leave loopholes for external attackers to exploit, for financial gain (or sometimes just
out of malice). Spam is when undesired mails are sent to a system , usually also carrying malicious
software. For social media, users gain information about a company and use it maliciously
Q 2 Network devices and their vulnerabilities
The three David Jones network devices susceptible to attacks and abuse include the Wi-Fi
networks (wireless access points), routers, and network switches. Wireless access points and Wi-Fi

IS SECURITY AND RISK MANAGEMENT 3
networks are part of th David Jones networks, where, for instance, customers can access while using
their services in store for the period they are at the outlet (Hern, 2017). Wireless access points use a
common security standard WPA or WPA 2; however, the WPA 2, despite itself being a security
feature that encrypts information, is vulnerable to attacks through key Re-installation attack (Krack)
against the WPA 2 protocol’s four way handshake; a procedure executed when a client needs to join
a Wi-Fi network and is used for confirming that both the access point and the client have the correct
credentials. As this happens, a four way handshake is initiated to generate a security key that will
encrypt all traffic through the connection (Vanhoef, 2017) . An attacker then tricks a user into
reinstalling a key already in use by replaying cryptographic handshake messages that have been
hijacked; when the user attempts to reinstall the key, the attacker resets associated parameters such
as the transmit and receive packet numbers, gaining access to the network and can then perform a
variety of malicious actions.
Routers are vulnerable to attacks because they are used for forwarding data packets between
networks of computers by directing traffic. By receiving and forwarding data packets, routers can
be exploited through their firmware, lack of a strong password management system for the routers,
or by the authentication system being bypassed (this is a common router bug). This means that a
hacker can send seemingly genuine data packets into a network through th router and then gain
access to David Jones network resources, including fiber connection routers. The result is that
hackers can gain access to sensitive information, or hijack data in transit through the routers such as
accessing its user databases of staling credit card and other personal information. The main problem
with routers with regards to cyber security is firmware and security measures taken, such as
encrypting the router passwords and changing them regularly (Butenko, Pasiliao, & Shylo, 2014).
Switches are a vulnerable attack point for David Jones because there are many access channels in
switches: switches are designed using protocols such as telnet or SNMP only for inheritance and
convenient management purposes. These access channels do not have any security features but
remain as they are; they are not replaced by more secure protocols such as SSH and SNMP v3
based access channels. These channels can be exploited maliciously, for instance, to disclose
information. The switches have inherent limitations in processing capabilities for control and
management planes as these run on the CPU meaning switches have limited processing capabilities
and because channels between network elements and terminals have a wide bandwidth, these
exposes them to denial of service attacks. IP networks are also relatively open; these further pose
problems and vulnerabilities for switches to be hacked and breached. The complexity of IP
networks poses a management challenge, especially with regard to security policies: this means the
switches remain a security vulnerability (Butenko, Pasiliao, & Shylo, 2014).

IS SECURITY AND RISK MANAGEMENT 4
Q 3 Ensuring Reliability and Availability of Website Hosted on Windows Server 2012
Technology alone cannot guarantee reliability and availability; the most important aspect is
professionalism being ingrained in the management and operations of web servers. To ensure
reliability, the server should be installed in a computer server/ mainframe computer that has
multiple processing capabilities to enable loads be transferred to another processing unit if there is
overload. Implementing RAID (Redundant Array of Inexpensive Disks) where the Windows server
2012 is installed will ensure that functions continue and the website continues to be available even
when there is a failure in one of the disks. A hybrid data center with additional processing and
hosting units for load balancing and sharing will also ensure reliability and availability. Using
dedicated cloud hosting services in which a cloud based host using Windows server 2012 hosts
David Jones website; cloud service providers usually use several geographically dispersed data
centers where services are replicated and backed; this will ensure continuous service for David
Jones, even if there is a failure or shutdown for maintenance in any other the cloud based server
hosts. In this approach, David Jones will use the Software as a Service and Infrastructure as a
Service cloud services framework. The cloud framework can be extended to a hybrid network with
virtualized implementation of the windows server so that in the event of one host center having a
problem or needing maintenance, services can be transferred to other host server machines without
any noticeable change in website availability or reliability (Arya & Bettany, 2016).
Q4 Securing staff e-mail security and integrity with Exchange Server
The integrity and security of staff mail in the exchange server can be ensured by securing the
exchange server, including security for e-mail archiving. Implementing role based access control,
throttling policies, and using federated delegation will enhance security and integrity. Legacy
outlook clients should also be blocked to further enhance security and integrity. Essentially,
administrative policies implemented from within those available in MS Exchange server will ensure
the security and integrity of staff e-mails including implementing delegated setup, implementing
file system permissions to lock out potentially dangerous file extensions, and decoupling the STMP
addresses from the user names ('Microsoft Technet', 2012)
Q5 Threats prioritization for web mail and web server
One of the major threats to mail and web serves is the threat of malicious software that gains
its way into the servers, such as through Spam e-mail sent to a recipient containing the malware
causing the whole system to be compromised. Further, the personal data privacy and integrity is
also adversely affected as the malware can steal data or erase important information for the IS.
Another threat is unauthorized access where someone bypasses the authentication procedures to
gain access to data. Data leakage is another threat to web and mail servers: sensitive information is

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IS SECURITY AND RISK MANAGEMENT 5
hijacked while o transit, such as passwords and messages. Spam mail is a very common threat to
mail and web servers, and is a major attack vector for other malicious software such as worms and
viruses; the mail server can be the origin of Spam or be an open reply portal where external spam
messages are sent to other clients. DoS attacks are another threat for web and mail servers where the
server become jammed because of flooding by malicious data or code and can bring the servers to a
halt. Load balancing is also a threat to the servers with regard to stability and performance; a sever
becomes overloaded and may crash or function abnormally, affecting normal web and mail server
operations (Ignatenko, Rudov, & Yurko, 2017).
Q6 Ensuring web and mail server availability
The two most plausible approaches to ensure web and mail server availability and
performance are through implementation of RAID and using cloud web and mail server hosting.
RAID (random array of independent disks) is a form of virtualization technology for storing data
where multiple physical disks are combined into a single or more logical units to improve
performance and ensure data redundancy. Specifically, RAID 5 is recommended because it dos not
compromise space much as say, RAID 10 where one loses half the storage space. This architecture
has lower costs, improves performance, and enhances resiliency to achieve higher availability such
that a failure in one of the mail or web server disks does not affect availability as the servers are
mirrored in other disks (Harwood, 2009). Using cloud hosted services means that the task is
outsourced to specialist providers with massive resources; the provisioning of services can be scaled
as demand changes and a hybrid cloud architecture will ensure high availability and greater security
(Chao, 2014).
Cloud Hosting and Virtualization

IS SECURITY AND RISK MANAGEMENT 6
RAID 5
Q7 Impact of Human factors and Organizationals Issues on IS-Related Security and Risk
Management
Human factors can be the biggest security threats to an IS and also its best solution; Internal
threats to IS security is the biggest threat through either actions of omission or commission. Actions
of omission include weak organization policies in IS security; this related to organizational
structures. When an organization lacks a robust IS security policy and protocol, the organization
remains vulnerable to security threats and exploits to its IS systems. However, an organizational
culture with a strong focus on IS security, with an IS security team that is charged with
implementing, revising, and reporting IS policies; the security and integrity of th IS system will be
assured. Acts of omission relate to cultural and regular practices; not updating security firewalls,
anti-viruses, firmware, failure to effective manage access credentials, and failure to follow laid
down IS procedures, such as not opening unusual files from unknown sources (Ahmad, Maynard, &
Shanks, 2015). Acts of commission are another big source of IS insecurity and vulnerability;
employees deliberately stealing information and data or leaving loopholes to be exploited by

IS SECURITY AND RISK MANAGEMENT 7
hackers I one of the biggest and the most devastating sources of IS security and integrity in
organizations (Van Zadelhoff, 2016).
Q8 Logging in Solving Mail and Web Server Problems
Installing proxy severs to capture logs and monitor logs is an effective way of solving some
of the mail and web server problems, such as DoS attacks: monitoring needs to be doe in real time
though, to ensure zero day responses to issues. Logs ensure compliance wit company IT and IS
security and use policies, helps to maximize the productivity of employees, ensure compliance with
legal requirements, and also help the organization verify (and sometimes reduce) bandwidth costs.
Logs that are monitored in real time will help the organization protect confidential information and
maximize other security measures such as e-mail protection with anti viruses (Gupta & Sharma,
2009)
Q9 Audit log process
The log audit process starts with selecting a suitable auditor that has experience (best
practice), who will work with the internal IT staff at the organization. The requirements for the audit
are then spelt, in the context of the organizations’ security policies and a thorough and
comprehensive audit conducted. When the audit is being conducted, a security baseline is chosen
based on the organizations’ security policies and standards to provide a guideline for determining
the risk levels. The policies themselves must be subjects of regular updates as technology and
security threats constantly change. After setting the baseline, the organization must know what it
wants from the log audit. The IT staff must review and document the configured security
mechanisms on the IS resources, including servers and firewall, as well as review the configuration
of other resources that includes the routers, and form a security perspective. This framework will
then enable the log audit to be conducted with a goal in mind. Once the audit is done, and based on
the company’s security policies, relevant issues will be identified, such as unauthorized downloads
among others. The IT staff and company’s IS security department will then develop and update their
security policies based on the log audit; for instance, changing the sever software from Windows
based to a customizable Linux to enhance security or require two step authentication for cloud
based/ remote log ins into the firms’ IS resources
Q 10 Critical Network Devices for Network Security
The organization needs to install a physical firewall to manage traffic into and out of its IS
resources and networks. Load balancers are another security device that can greatly enhance web
and mail server security and integrity. Load balancers balance the work demand load by sending
traffic across various different servers to achieve maximum availability and ensure maximum
uptime, as well as capacity and reliability ('Infosec Institute', 2017). 4 and 7 layer load balancers can

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IS SECURITY AND RISK MANAGEMENT 8
adequately handle the job. Proxies are also another device needed to ensure the servers security,
performance, and integrity; the proxy server refers to a separate hub that allows connection by other
servers to the internet. The proxy server therefore ensures security, anonymity, and privacy
(Ciampa, 2015. Protocol analyzers is another useful physical network security tool. A Unified
Threat Management (UTM) device is also another important physical device for the security of the
network (Tittel, 2018)
Conclusion
IS is a very important aspect in the modern technology world; in the context of David Jones,
a high end Australian departmental store, the common security threats and malware include viruses,
worms, Trojans, Ransomware, DDoS, human/ machine error, Phishing, hacking, internal attacks
and information misuse, social media, and Spam. The most vulnerable network resources include
wireless access points, routers, and switches. Website and mail availability, reliability, and security
can be achieved load balancing, implementing RAID, and using multiple core processors.

IS SECURITY AND RISK MANAGEMENT 9
References
Chao, L. (2014). Cloud database development and management. Boca Raton: CRC Press.
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems
and security incident responses. International Journal of Information Management, 35(6),
717-723. doi:10.1016/j.ijinfomgt.2015.08.001
Arya, K., & Bettany, A. (2016). Windows Group Policy Troubleshooting: A Best Practice Guide for
Managing Users and PCs Through Group Policy. Hoboken, NJ: Wiley.
Butenko, S., Pasiliao, E. L., & Shylo, V. (2014). Examining Robustness and Vulnerability of
Networked Systems. Burke: IOS Press.
Ciampa, M. D. (2015). Network Security Devices, Design, and Technology. In Security+ guide to
network security fundamentals (6th ed., pp. 246-247). Boston, MA: Cengage.
Gupta, J. N., & Sharma, S. K. (2009). Handbook of research on information security and assurance.
Hershey, PA: Information Science Reference.
Harwood, M. (2009). CompTIA network+ N10-004: Exam prep. Indianapolis, Ind.: Que Pub.
Hern, A. (2017, December 29). All wifi networks' are vulnerable to hacking, security expert
discovers. Retrieved from https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-
security-vulnerable-hacking-us-government-warns
Ignatenko, S., Rudov, D., & Yurko, D. (2017, April 19). Mail Server Security: Potential
Vulnerabilities and Protection Methods. Retrieved from https://www.apriorit.com/qa-
blog/428-mail-server-security-testing
'Infosec Institute'. (2017). Network Security Devices and Technologies. Retrieved from
http://resources.infosecinstitute.com/category/certifications-training/securityplus/sec-
domains/network-security-sec-domains/network-security-devices-and-technologies/#gref
McCauley, D. (2015, October 2). Online shoppers beware: David Jones has been hacked. Retrieved
from http://www.news.com.au/finance/business/retail/david-jones-privacy-hack-leaves-
online-shoppers-vulnerable/news-story/8fa2e684f77d31a137dd0dcf4b2fac1c

IS SECURITY AND RISK MANAGEMENT 10
'Microsoft Technet'. (2012, March 8). Exchange 2010 Security Guide: Exchange 2010 Help.
Retrieved from https://technet.microsoft.com/en-us/library/bb691338(v=exchg.141).aspx
Nadkarni, P. (2016). Computer Security, Data Protection, and Privacy Issues. Clinical Research
Computing, 4, 143-158. doi:10.1016/b978-0-12-803130-8.00007-5
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information Management,
36(2), 215-225. doi:10.1016/j.ijinfomgt.2015.11.009
Stamp, M. (2013). Information security: Principles and practice. Hoboken, NJ: Wiley.
Tittel, E. (2018). Comparing the best UTM products in the industry. Retrieved from
https://searchsecurity.techtarget.com/feature/Comparing-the-best-UTM-products-in-the-
industry
Van Zadelhoff, M. (2016, September 19). The Biggest Cybersecurity Threats Are Inside Your
Company. Retrieved from https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-
inside-your-company
Vanhoef, M. (2017). Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse. Retrieved
from https://www.krackattacks.com/