EIT ITSY7.660 - Information System Security: Threats and Mitigation

Verified

Added on  2023/06/11

|7
|1522
|302
Report
AI Summary
This report provides an analysis of information system security, covering risks, assets, migrations, and vulnerabilities. It discusses security measures for new business websites, including firewall protection, intrusion prevention, and SSL certificates. The report examines the threat of spambots and their impact on confidentiality, integrity, and availability, referencing the Parkerian model. It further explores encryption methods like DES and Triple DES, highlighting their strengths and weaknesses. The report emphasizes the importance of information security policies and strategies for mitigating security breaches. Desklib offers a wealth of similar student contributions and study resources.
Document Page
Running head: INFORMATION SYSTEM SECURITY
INFORMATION SYSTEM SECURITY
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1INFORMATION SYSTEM SECURITY
Table of Contents
Task 1:.............................................................................................................................................2
Task 2:.............................................................................................................................................2
Task 3:.............................................................................................................................................3
Task 4:.............................................................................................................................................4
Reference:........................................................................................................................................6
Document Page
2INFORMATION SYSTEM SECURITY
Task 1:
Lot of aspects needs to be analyzed for develop an effective new business website.
Organizations must take security precaution before utilizing new opportunities. They needs to
analyze some aspects before engaging in website business. Risk, assets, migrations and
vulnerabilities are the most vital aspects to consider (Wiemer et al., 2013). Security:
Organization must check the security of the new website. The transaction process of goods and
money must be secured. Some factors needs to analyze as Basic firewall protection, http
Intrusion, Advanced server exploitation protection, web server and PHP hardening, Root FTP
access, CXS scans and monthly vulnerability scans (Watters & Keane, 2015). They also needs to
comply with the payment card industry’s Data Security Standers to protect customer vital
information. It also involves in infrastructure standard and server setup. Off-site back up is also
mandatory for disaster recovery. Losing the database means loss of all record of sales (Von
Solms & Van Niekerk, 2013). Next area to be consider is firewall which are used to defend the
infrastructure from the malicious software and viruses. Web’s Firewall Products can be used to
prevent this malicious attacks and it also allow constant scan on server activity. It is very
effective to prevent new threats vial signature-based intrusion prevention. SSL certificate
services can be utilized to provide a secure encryption for online transaction. It also assist
business to secure the servers from any third party access.
Task 2:
Spambot is basically a program which is intended to harvest, collect e-,mail address from the
internet in order to create a mailing list for sending unsolicited e-mail known as spam (Rhodes-
Document Page
3INFORMATION SYSTEM SECURITY
Ousley, 2013). This spam were send to millions of e-mail address of vulnerable windows
computer. Nowadays, there are several spambot discovered which does not even detected by
spam filters. Onliner is one of the spambot capable of bypassing spam filters according to the
ZDNet. After reaching the destination the email has been seen disguised as invoices from
authenticate source such as government, Bank and DHL notification (Jouini, Rabai & Aissa,
2014). In the modern society, information has turn to a valuable asset. The majority of this are
collected on computer systems which often connected with a network. Information can be
compromised thorough many malware braches as Spambot. Having an information security
policy is essential in order to protect the vital information as well as strengthen its position in the
market. IS increases efficiency as well Assist Company to investigate to identify recurring
incidents and areas of risk. Information security has four main important strategies elements
which are utilized in the case of any breach (Laudon & Laudon2016). This elements are:
Understand the reasons and evaluate the effectiveness of its response.
Assess the risks associated with the breach
Containment and recovery
Notify the appropriate people/organization
Task 3:
The paerkerian model is basically set of six elements of Information Security which are
possession and control, confidentiality, integrity, availability, unity and authenticity. The data
gathered by Spambot effect systems Confidentiality, integrity and availability. Spambot collects
e-mail address from online and used to compromise vital data set (Jouini, Rabai & Aissa, 2014).
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4INFORMATION SYSTEM SECURITY
Confidentiality defines as safe ground which are designed to prevent data loss by authenticating
the user. There are several methods utilized to ensure confidentiality such as data encryption,
Authentication with biometric, security tokens or key fobs. Integrality is designed to maintain
trustworthiness, accuracy and consistency. Data must not be altered by unauthorized people.
Spambot is used to alter ESPs so that the culprit can hide his identity though captured e-mail
address. These measures includes file permissions and user access controls. Availability
involves software conflicts as it is also an important to keep current with all necessary system
updates. Redundancy, failover, RAID even high-availability clusters can mitigate serious
consequences when hardware issues do occur (Crossler et al. 2013). Fast and adaptive disaster
recovery is essential for the worst case scenarios. Security measures such as firewall, anti-
malware and proxy servers can be useful to prevent this type of data breach.
Task 4:
DES was first developed a long time ago in 1977 as a US federal standard. It is widely
known as data encryption Algorithm, a 64 bit block cipher that is capable of transferring 64 bit
plaintext into a 64 bit cipher text while employing a 56 bit key. Though it was criticize fot its
short key size (256), it is still widely popular all over the world. Many business adopt the DES as
there was no particular competitor schema available, especially financial sectors. The 2-key DES
was proposed by Tuchman in 1978 (Enck et al. 2014). It operates while maintain K1=K3. First,
k1 is used to encrypt and K2 is used to decrypt and finally re-encryption done by k1. It has
several advantage as it reduce the key storage and transmission requirements. Companies used 2-
key DES to prevent attacks which cannot be stopped by 3_key DES. Despite the fact that 2-ket
DES is less secure than 3-Key DES, many organization uses 2-key DES, particularly electronic
payment industry. The basic EMV standard utilizes @-key DES worldwide. Most of the debit
Document Page
5INFORMATION SYSTEM SECURITY
and credit cards are manufactured while utilizing the double-length key triple DES encipherment
algorithm to encipherment the MAC mechanism.
Triple DES is widely recommended for the effective cryptographic schema. After failure
of single DES by brute Force attack, the triple DES schema was implemented that still utilized
by many industry (Crossler et al. 2013). It’s also became an ANSI standard in the US. Rather
than performing three consecutive encryptions, the encryption is performed by k1 then the
decryption is done by the K2 and finally another encryption was done by k3. The encrypt-
decrypt-encrypt approach has many significant advantages as k1, k2 and k3 can be chosen
independently (Enck et al. 2014). The triple DES remain standard version in the ISO/IEC 18033-
3. The key statement to reproduce it elsewhere is following:
80-bits key length must be used rather than 112 bits of two-key triple DES in specific
application.
The plaintext encryption number with a single key must be limited as well depends on the
required security level.
Document Page
6INFORMATION SYSTEM SECURITY
Reference:
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioral information security research. computers & security, 32, 90-101.
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., ... & Sheth, A. N. (2014).
TaintDroid: an information-flow tracking system for realtime privacy monitoring on
smartphones. ACM Transactions on Computer Systems (TOCS), 32(2), 5.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in
information systems. Procedia Computer Science, 32, 489-496.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
Rhodes-Ousley, M. (2013). Information security: the complete reference. McGraw Hill
Education.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Watters, J. P., & Keane, M. (2015). U.S. Patent No. 9,015,846. Washington, DC: U.S. Patent and
Trademark Office.
Wiemer, D., Gustave, C., Chow, S. T., & McFarlane, B. K. (2013). U.S. Patent No. 8,438,643.
Washington, DC: U.S. Patent and Trademark Office.
chevron_up_icon
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]