ITEC6620: Information and Systems Security - Physical Security Report

Verified

Added on 2022/12/23

AI Summary

This report examines the critical aspects of information and systems security, focusing on physical security measures and the vulnerabilities inherent in IT infrastructure. It begins by defining physical security and highlighting its importance in protecting hardware, networks, software, and data from various threats, including theft, natural disasters, and cyberattacks. The report then delves into specific issues within IT infrastructure, such as the activation of unauthorized policies and the impact of unrestricted access to backup servers. It categorizes physical security threats into internal, human, and external types, and discusses the methods attackers use to bypass security controls, such as brute force and dictionary attacks. The report emphasizes the need for strict authentication and configuration management, including identifying, analyzing, and authorizing modifications to the existing system. It also explores measures for physical security control, such as surveillance, rack mount servers, and securing unused workstations. The conclusion underscores the necessity of maintaining high security for authentication and configuration control, along with the ongoing need to update security systems to counter evolving hacking techniques and the importance of continuous monitoring within an organization to prevent issues.

Running head: INFORMATION AND SYSTEMS SECURITY
INFORMATION AND SYSTEMS SECURITY
Name of Student
Name of University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION AND SYSTEMS SECURITY
Table of Contents
Introduction................................................................................................................................1
Issues in IT infrastructure...........................................................................................................2
Measures for Physical Security Control.................................................................................3
Conclusion..................................................................................................................................4
References..................................................................................................................................5
Introduction
Physical security can be defined as the protection of hardware, networks, software and
data from physical activities that could assist in damaging the data of the enterprise. Threats
includes theft, ruination, fire, natural disasters and terrorism. Due to the increased technical
threats like cyber-espionage, malware, hacking, the physical security is overlooked. The
physical attacks on the IT security can be of two types. Gaining access control in a server
room, doing modifications in the data by accessing any pc are some of the physical attacks.
For this reason, the Organization need to have proper security for their servers and need to
have backup in case some mishandling of data occurs.

2INFORMATION AND SYSTEMS SECURITY
Issues in IT infrastructure
As an instance, New Surfing Policy of PPC got activated without the consent of the
management system of the company due to which many users faced issues such as
interruption while accessing the internet, the data of the course got crashed overnight and
those who have requested for an OS update resulted in getting poor server performance. As a
result of the breakdown of data, the personal information of many students got hampered for
which PPC had to offer each student a service for identity protection. The reason for the
whole event was unrestricted access into the backup server.
There are three categories of Physical security threats which are internal, human and
external. The internal threats can be presence of humidity in the rooms containing hardware,
unsteady power supply, etc. The external threats involve natural disasters and the human
interruption involves theft, damage or accidental errors. The attackers make an effort to
bypass the core controls by using some methods. This attempt of decoding the control
mechanisms is a criminal activity.
Generally, most of the systems maintain username and password for security but the
attackers are well aware of the methods to seize passwords. For seizing the passwords the
attackers can choose a brute force attack, in which trial and error method is used to create a
matching passwords or can choose dictionary attack, in which the attacker just needs to find
the dictionary used for encryption. The workstations that are kept on the unallocated desks
can be vulnerable to attack, as these workstations are not checked regularly hence, the
attacker can access the computer anytime.

3INFORMATION AND SYSTEMS SECURITY
This can be observed that the physical security of the system should be maintained as
well as having strict control of authentication. The IT infrastructure should be comprised of
Configuration management to ensure that whatever complex issues that are arising have to be
solved with the knowledge of the management. The configuration management for IT
security involves, identifying, analysing, examining and providing authorisation to the
proposals for the modification of the existing system.
Measures for Physical Security Control
Security at a physical level is an essential part of the IT security. Only securing the
webserver system is not enough to restrict the vulnerabilities, as the attacker can invade from
anywhere (Pathan, 2016). Strict surveillance of the entire organization should be there to
track everyone’s activities. Using rack mount servers would provide assistance as it is easier
to handle being smaller and lighter (Feng, Wang & Li, 2014).
The unused workstation should be kept in a secured room (Wang et al., 2013) having
great security. The data that are being stored on the hard drives should be kept in the most
secured area of the organization which will only have the access of an authorized person.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION AND SYSTEMS SECURITY
Conclusion
Vulnerabilities in IT infrastructure are the origin of the technical issues that arises in
the Information system. As the entire infrastructure deals with lot of data and software;
therefore interruption is a normal thing, which is required to be prevented. Therefore,
maintaining high security for authentication and configuration control is necessary with the
required physical security controls. As the security system is evolving the hacking system is
also evolving; hence, updating the security system is required in every phase. Keeping track
of every activities within the organization is helpful for preventing the issues.

5INFORMATION AND SYSTEMS SECURITY
References
Duan, X., & Wang, X. (2015). Authentication handover and privacy protection in 5G hetnets
using software-defined networking. IEEE Communications Magazine, 53(4), 28-35.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation analysis.
Information sciences, 256, 57-73.
Lee, T. F., Chang, I. P., Lin, T. H., & Wang, C. C. (2013). A secure and efficient password-
based user authentication scheme using smart cards for the integrated epr information
system. Journal of medical systems, 37(3), 9941.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Wang, F., Ge, B., Zhang, L., Chen, Y., Xin, Y., & Li, X. (2013). A system framework of
security management in enterprise systems. Systems Research and Behavioral
Science, 30(3), 287-299.