Comprehensive Network Security Design Report for Tera Tax Australia

Verified

Added on 2021/02/20

AI Summary

This report examines the network security needs of Tera Tax Australia Pty. Ltd., a tax agency with multiple branches facing challenges due to outdated legacy software and increasing client data. The report outlines the process of network security design, emphasizing the software development life cycle's planning, building, and managing phases. It details the reasons behind cyber-attacks, including financial gain and outdated infrastructure, and identifies various security risks such as computer viruses, Trojan horses, and worms. The report categorizes these risks into physical, electronic, technical, and infrastructure failures, proposing a risk management plan that encompasses risk tolerance, security capabilities, and strategies. It also covers network security design elements, including network access control and security policies, alongside the components of an incident response plan and typical security incidents like unauthorized access, insider threats, and phishing attacks. The report concludes by highlighting the importance of security patches and encryption for protecting sensitive information. The report references various sources to support its claims.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Report

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
INTRODUCTION ..........................................................................................................................2
MAIN BODY...................................................................................................................................2
Process that defines planning, building and managing phase of network security design.135...2
Why attacks occur and who they may come from......................................................................2
Security risks that requires protection..........................................................................................3
Categories the risks for the company...........................................................................................3
Risk management plan.................................................................................................................4
Network security design..............................................................................................................5
Security policy for organisation...................................................................................................5
What is incident response plan ?..................................................................................................5
Some typical incidents ?..............................................................................................................5
Process that happen when incident is identified. ........................................................................6
CONCLUSION ...............................................................................................................................6
REFERENCES................................................................................................................................6
1

INTRODUCTION
The Report is based on Tera Tax Australia Pty.Ltd. It is a privately owned tax agency
which is located in Melbourne and it has three other branches. Firm use's legacy tax software that
has reached end of life. Owner of firm has decided to interconnect all the offices and improve
security to maintain laws under Australian law and legislation. TeraTax wants to develop ICT
network security solution as number of clients will increase in coming months . The Report will
outline process of network security design, why attacks happen, types of security risk, incident
response plan etc.
MAIN BODY
Process that defines planning, building and managing phase of network security design.135
Software development life cycle is the process that is used for developing a new software
system. This will help to meet the demands of clients with less expenditure.
Planning stage-
Under this, TeraTax will develop project goals. It is the most important organizational phase. It
involves feasibility assessment, identification of the system, developing project plan etc.
Building stage-
It is also called development phase. It involves developing the infrastructure of IT,
database and code etc. It only provides the blue print of the IT infrastructure. Firm will install
software and hardware to support the infrastructure (Layton, 2016).
Managing stage-
Under this stage, firm will make required modifications to ensure that system will work.
It is essential to upgrade the system from time to time for adapting to changing business
environment.
The major benefit of the process is that, it helps to control the process of development to
a particular extent.
Why attacks occur and who they may come from.
There are various types of cyber-attacks that happens due to various reasons. The attacks
in network security in TeraTax may occur due to various reasons such as when another person
wants financial details of the business. These also happen due to the requirement of sensitive
personal data, due to outdated infrastructure of information technology, due to information
technology services, intellectual property etc. Generally, cyber-attacks against companies are
2

intentional or are motivated by financial gain. External threats related with cyber security may
come from various sources such as organized criminals, professional hackers like whether
malicious or not, amateur hacks that are also known as script kiddies.
Security risks that requires protection.
There are different types of security risks that are related with security of network. These
are as follows -
Computer virus-
One of the most threat to cybersecurity is computer virus. Out dated computer system
and network in TeraTax may have chances of computer virus. Computer virus are generally
spread from one system to another. This virus have ability to steal data like clients' information,
tax records, passwords etc. from computer system of the organization.
Trojan horse-
It can be defined as tricking anyone and inviting an attacker into a protected area. Trojan
horse spread in computer system through an email. It may record the passwords of TeraTax
company and steal important data from system.
Computer worm-
These are those programs that replicate in fast way and spread from one system to
another. This may affect all the data of computer system. Worms are often transmitted by
exploiting software vulnerabilities. (Hawthorn, Miller and LoSAPIO, 2015). Assessing security
risks of users in a computing network. U.S. Patent Application 14/620,866.
It also involves risk that an outsider may stole tax records, billing information due to
proper security to the system. There is also the risk of slow connectivity and high latency of the
network.
Categories the risks for the company.
The security risks can be divided into different parts. On the basis of the nature of the
risks there are various types of risks for TeraTax company. These are described below -
Physical threats – These types of attacks happens due to the access to the resources of
information technology by another person. It includes threats like damage to the server, theft of
confidential data due to outdated system.
Electronic threats -
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

These type of threats aim to compromise with the information of the organization.
TeraTax may have risk of hacker to gain access to the website, due to computer virus, falling as
victim of a fraudulent website etc (DiValentin and Carver, 2018).
Technical failures -
There are various types of technical failures such as computer crash, whole failure of
computer system and software due to incapacity to load huge amount of data, failure of any
component etc (Kaur and Kaur, 2015 ).
Infrastructure failures -
These failures include loss of connection of internet can also disrupt the working of the
business. Example- Management may miss to record transaction etc.
Risk management plan.
Goal and objectives of risk management The accountable authority is committed to
effective risk management, expecting a
security culture.
Risk tolerance The level of risk tolerance will depend upon
the potential damage to the entity.
Security capability The maturity of firm's capability to manage the
security risk.
Strategies for security risk management Sufficient controls will be implemented to
detect, deter and respond to the threats that
may affect the assets, information etc.
Supporting documents The security risk assessment report
Threat assessment
Critical asset register
Information asset register etc.
Network security design.
It can be defined as the procedure of developing a network that involves different
measures to prevent different types of problems. While designing network security TeraTax have
to keep in mind various things such as weakest link, defence in depth etc (John and
Kadadevaramath, 2019.). The type of network security design suitable for company is -
Network Access Control -
4

This type of control will help TeraTax to control the access of people to the network and
those that cannot access. It will help to identify the users and also assist to determine users and
unauthorized people that are making efforts to gain access to the network (Hof, 2015).
Security policy for organisation.
The security policy defines what thing organisation have to protect and how they will
protect it. For example – The policy that unauthorized people will not access data without
permission. The policy also define expected behaviour of employees in respect of dealing with
data and security policy to provide guidance on required behaviour (DiValentin and Carver,
2018).
What is incident response plan ?
It refers to the plan that includes a set of guidelines that help staff of IT department to
respond towards network security incidents. This plan addresses the issues related with data loss,
cybercrime, service outage etc. that may threaten the routine work of the company. It provides a
plan course of action for addressing the significant incidents. Team of incident recovery involves
the group of people that are being assigned the incident response plan (Chasaki and Mansour,
2015). IT staff of TeraTax may also require communication experts and lawyers to ensure that all
the legal obligations are met out by the firm.
Some typical incidents ?
There are various types of typical security incidents. These are -
Unauthorised attempts to access the data -
To prevent a threat from acquiring access to data or system using an authorized account
of user is one of the typical security incident. Company should implement two factors
authentication. In this way, attackers will not be able to access the confidential data.
Insider threat -
It is a type of malicious threat to the data or security of the organisation that is typically
attributed to former employees, or third party, temporary workers etc. To prevent these type of
incidents firm should implement rigorous data backup, antivirus program, firewalls etc.
Phishing attack -
Under this, the attacker uses email to distribute malicious attachments that can perform
different functions like account information from victims.
5

Process that happen when incident is identified.
When an incident happens, company will require the need of security for example –
security patches encryption for communication. Cryptography enables the secure delivery of
regular software updates that also involves security patches for communication through the
network. It majorly focuses on protecting the confidentiality of the information. Software patches
will help the management to protect data like personal information, other documents etc.
Updating the software will offer various benefits to the organization (Sandberg, Amin and
Johansson, 2015).
CONCLUSION
It has been concluded that, there are various stages of system development life cycle that
helps an organization to develop an implement a new system software. There are various
attackers like virus etc. that have ability to steal important information of the business. The report
has explained that incident response plan defines a course of action for addressing the significant
incidents related with network security. Security patches encryption helps to protect important
information from hackers.
REFERENCES
Chasaki, D. and Mansour, C., 2015. Security challenges in the internet of things. International
Journal of Space-Based and Situated Computing. 5(3). pp.141-149.
DiValentin, L.W. and Carver, M., Accenture Global Solutions Ltd, 2018. Identifying network
security risks. U.S. Patent Application 15/951,880.
Hawthorn, T.T., Miller, N. and LoSAPIO, J., 2015. Assessing security risks of users in a
computing network. U.S. Patent Application 14/620,866.
Hof, H.J., 2015. Towards enhanced usability of it security mechanisms-how to design usable it
security mechanisms using the example of email encryption. arXiv preprint
arXiv:1506.06987.
John, B. and Kadadevaramath, R.S., 2019. Optimization of software development life cycle
process to minimize the delivered defect density. OPSEARCH. pp.1-14.
Kaur, A. and Kaur, K., 2015. Suitability of existing software development life cycle (sdlc) in
context of mobile application development life cycle (madlc). International Journal of
Computer Applications. 116(19).
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Sandberg, H., Amin, S. and Johansson, K.H., 2015. Cyberphysical security in networked control
systems: An introduction to the issue. IEEE Control Systems Magazine. 35(1). pp.20-23.
7