Enterprise Systems Security: Analysis and Case Studies
VerifiedAdded on 2022/08/25
|20
|4603
|27
Project
AI Summary
This project is an e-portfolio created by a student business analyst after completing a short Enterprise Systems course. The project delves into various security issues related to enterprise systems, including data security, cloud computing vulnerabilities, and the importance of IT infrastructure in large organizations. It analyzes these issues, offering a domain analysis model and a security plan to address them. The portfolio also explores relevant considerations for implementing enterprise systems, such as ERP integration, business process optimization, and cloud ERP adoption. Furthermore, it emphasizes the significance of communication skills in dealing with enterprise systems. The project includes case studies focusing on improving financial security in Telstra and analyzing security metrics and risk analysis for enterprise systems, providing insights into advantages, challenges, and solutions, including the Common Vulnerability Scoring System (CVSS). The document aims to provide a comprehensive understanding of enterprise system security for the organization's intranet or knowledge portal.
Running head: SECURITY OF ES
Security of ES
Name of the Student
Name of the University
Author Note
Security of ES
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1SECURITY OF ES
Table of Contents
1. Introduction............................................................................................................................2
1.1 Background of the system................................................................................................2
1.2 Overall plan of enacting ES.............................................................................................3
2. Analyzing Enterprise System.................................................................................................4
2.1 Deep analysis of the issues...............................................................................................5
3. Larger IT infrastructure of large scale organizations.............................................................6
4. Relevant considerations in the implementation of Enterprise Systems.................................8
5. Communication skills for dealing with Enterprise Systems..................................................9
6. Case study 1: Improvement of financial security in Telstra using ES...................................9
6.1 Advantages.......................................................................................................................9
6.2 Analysis:.........................................................................................................................10
6.2 Case study 2: Security Metrics and Risk Analysis for Enterprise Systems.......................11
6.2.1 Improving cyber security program..........................................................................12
6.2.2 Challenges...............................................................................................................12
6.2.3 Enterprise security management.............................................................................12
6.3.1 Common Vulnerability Scoring System (CVSS)........................................................13
7. Conclusion............................................................................................................................14
8. References............................................................................................................................16
Table of Contents
1. Introduction............................................................................................................................2
1.1 Background of the system................................................................................................2
1.2 Overall plan of enacting ES.............................................................................................3
2. Analyzing Enterprise System.................................................................................................4
2.1 Deep analysis of the issues...............................................................................................5
3. Larger IT infrastructure of large scale organizations.............................................................6
4. Relevant considerations in the implementation of Enterprise Systems.................................8
5. Communication skills for dealing with Enterprise Systems..................................................9
6. Case study 1: Improvement of financial security in Telstra using ES...................................9
6.1 Advantages.......................................................................................................................9
6.2 Analysis:.........................................................................................................................10
6.2 Case study 2: Security Metrics and Risk Analysis for Enterprise Systems.......................11
6.2.1 Improving cyber security program..........................................................................12
6.2.2 Challenges...............................................................................................................12
6.2.3 Enterprise security management.............................................................................12
6.3.1 Common Vulnerability Scoring System (CVSS)........................................................13
7. Conclusion............................................................................................................................14
8. References............................................................................................................................16
2SECURITY OF ES
1. Introduction
There are diverse categories of security issues related with the enterprise systems
which are used in our society as well as in commercial establishments such as the delayed
updates, weighing up the benefits, only one authentication technique, getting the full
access control, numerous unauthorized systems which are related with Enterprise
Software (ES), and inadequate training sessions, failure to comply.
There are other security issues related with the use of ES like the selection of the
exact ES, technical issues of ES, data quality issues, mind shift issues and changes in the
business philosophy (Singhal, 2017). Each of these challenges has to be understood and
addressed in the first place before these systems are considered in a business.
The role of a business analyst is very much significant for the growth and
development of a commercial business as it helps in assisting a business case, monitor and
plan any type of projects, understanding the exact business requirements of the business,
managing the business procedures, managing the communication among the business
stakeholders and requirement analysis. The notable determination of this assignment is to
create an e-portfolio which can reflect the learning of a short enterprise systems course. The
data of the e-portfolio shall be available to each member of the organization where I work as
a business analyst.
1.1 Background of the system
ES can be defined as the type of computer software which is treated as business
oriented tools in commercial business establishments. This tool can be very much useful to
enhance the flexibility of the daily business processes, the productivity of the resources in a
commercial establishment can be enhanced using ES (Tabatabaei & Harris, 2019). The entire
1. Introduction
There are diverse categories of security issues related with the enterprise systems
which are used in our society as well as in commercial establishments such as the delayed
updates, weighing up the benefits, only one authentication technique, getting the full
access control, numerous unauthorized systems which are related with Enterprise
Software (ES), and inadequate training sessions, failure to comply.
There are other security issues related with the use of ES like the selection of the
exact ES, technical issues of ES, data quality issues, mind shift issues and changes in the
business philosophy (Singhal, 2017). Each of these challenges has to be understood and
addressed in the first place before these systems are considered in a business.
The role of a business analyst is very much significant for the growth and
development of a commercial business as it helps in assisting a business case, monitor and
plan any type of projects, understanding the exact business requirements of the business,
managing the business procedures, managing the communication among the business
stakeholders and requirement analysis. The notable determination of this assignment is to
create an e-portfolio which can reflect the learning of a short enterprise systems course. The
data of the e-portfolio shall be available to each member of the organization where I work as
a business analyst.
1.1 Background of the system
ES can be defined as the type of computer software which is treated as business
oriented tools in commercial business establishments. This tool can be very much useful to
enhance the flexibility of the daily business processes, the productivity of the resources in a
commercial establishment can be enhanced using ES (Tabatabaei & Harris, 2019). The entire
3SECURITY OF ES
business plan of this organization can be supported using this tool. Clarity in the business
procedure is also maintained with the help of ES. Record keeping ability of the commercial
organization can be enhanced using this tool as well (Simpson & Foltz, 2017). Addressing
the compliance issues is one of the most significant challenges faced in the commercial
organizations which can be addressed in the first place with the help of ES. There are diverse
categories of costs involved in business organizations which can also be reduced with the
help of ES. The detailed plan of incorporating an ES can be understood from the ensuing
segment of this report.
1.2 Overall plan of enacting ES
Understand corporate strategy: Strategic direction of the environment where this
system is going to be installed. The purchasing decisions have to be finalized in the
finalized with the help of the corporate strategy as well.
Business process strategy: New operational strategies have to be selected with the
help of the strategic planners. Shared business service processes have to be
understood using the business process strategy.
Technology: Organizational change initiative has to be introduced as there are
numerous changes regarding the outline of new software.
Strategic KPI: Strategic levels of performance have to be maintained using the help
of the key perform indicators such as the flow efficiency, automation procedures
and code coverage.
Return on investment: The payback period of the project has to be understood in
the first place using cost benefit analysis (Popplewell et al.2019). The yearly return
of investment can be identified with the help of the ROI calculation as well.
business plan of this organization can be supported using this tool. Clarity in the business
procedure is also maintained with the help of ES. Record keeping ability of the commercial
organization can be enhanced using this tool as well (Simpson & Foltz, 2017). Addressing
the compliance issues is one of the most significant challenges faced in the commercial
organizations which can be addressed in the first place with the help of ES. There are diverse
categories of costs involved in business organizations which can also be reduced with the
help of ES. The detailed plan of incorporating an ES can be understood from the ensuing
segment of this report.
1.2 Overall plan of enacting ES
Understand corporate strategy: Strategic direction of the environment where this
system is going to be installed. The purchasing decisions have to be finalized in the
finalized with the help of the corporate strategy as well.
Business process strategy: New operational strategies have to be selected with the
help of the strategic planners. Shared business service processes have to be
understood using the business process strategy.
Technology: Organizational change initiative has to be introduced as there are
numerous changes regarding the outline of new software.
Strategic KPI: Strategic levels of performance have to be maintained using the help
of the key perform indicators such as the flow efficiency, automation procedures
and code coverage.
Return on investment: The payback period of the project has to be understood in
the first place using cost benefit analysis (Popplewell et al.2019). The yearly return
of investment can be identified with the help of the ROI calculation as well.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4SECURITY OF ES
On the other hand, as deliberated by Pendleton et al. (2016), the plan of installing a
new software in a business have numerous security challenges which has to be taken care of
and there is no specific plan for enacting a new software such as data integrity, lack of
support from the vendor. The investigator of this journal highlighted the significance of the
software training tools while enacting new software.
The business data of an organization can be enhanced in the first place with the help
of ES, at the same time it can also be said that automation of the customer service be
customized in the first place using the ES. Financial security can be maintained in
commercial establishments using ES, at the same time reliability of IT in a business can also
be enhanced using ES (Panetto et al., 2016). Security of ES can be very much useful in a
business as it is used to secure the customer data as well as the organization data. Real time
access to information is possible of security is maintained by ESs.
2. Analyzing Enterprise System
The role of the senior management team and the IT strategic planners is very much
significant for the successful incorporation of ES. The domain of the enterprise system has to
be analyzed in the first place. Identification of the opportunities is one of the prime aspects
of analyzing the security provided by ES (Nurse et al., 2018). The characteristic features of
the ES depend upon the business requirement of the users of this system. The model of
domain analysis which can be very much beneficial to understand the security provided by an
enterprise system is illustrated below.
On the other hand, as deliberated by Pendleton et al. (2016), the plan of installing a
new software in a business have numerous security challenges which has to be taken care of
and there is no specific plan for enacting a new software such as data integrity, lack of
support from the vendor. The investigator of this journal highlighted the significance of the
software training tools while enacting new software.
The business data of an organization can be enhanced in the first place with the help
of ES, at the same time it can also be said that automation of the customer service be
customized in the first place using the ES. Financial security can be maintained in
commercial establishments using ES, at the same time reliability of IT in a business can also
be enhanced using ES (Panetto et al., 2016). Security of ES can be very much useful in a
business as it is used to secure the customer data as well as the organization data. Real time
access to information is possible of security is maintained by ESs.
2. Analyzing Enterprise System
The role of the senior management team and the IT strategic planners is very much
significant for the successful incorporation of ES. The domain of the enterprise system has to
be analyzed in the first place. Identification of the opportunities is one of the prime aspects
of analyzing the security provided by ES (Nurse et al., 2018). The characteristic features of
the ES depend upon the business requirement of the users of this system. The model of
domain analysis which can be very much beneficial to understand the security provided by an
enterprise system is illustrated below.
5SECURITY OF ES
Figure 1: Domain analysis
(Source: Mayer et al., 2019)
The architecture of ES can be divided into two categories such as EA domains and
sub domains. The different prospects of the ES system are business architecture, technical
infrastructure, information and integration. The prime functionality of this system includes
the multi scale analysis, and continuous performance monitoring.
2.1 Deep analysis of the issues
There are diverse categories of security issues of ES can have a huge impact on the
operations of this software such as the data security issues. Any compromise in the operations
of the ES can have a huge impact on the net profitability of the business (Li, Tryfonas & Li,
2016). The cloud computing architecture can also be compromised if the operations of ES are
disrupted. The data encryption ability of a business can also get disrupted due to the
security issues of ES (Liang, 2018). The security plan which can be very much useful to deal
with these issues can be understood from the following illustration.
Figure 1: Domain analysis
(Source: Mayer et al., 2019)
The architecture of ES can be divided into two categories such as EA domains and
sub domains. The different prospects of the ES system are business architecture, technical
infrastructure, information and integration. The prime functionality of this system includes
the multi scale analysis, and continuous performance monitoring.
2.1 Deep analysis of the issues
There are diverse categories of security issues of ES can have a huge impact on the
operations of this software such as the data security issues. Any compromise in the operations
of the ES can have a huge impact on the net profitability of the business (Li, Tryfonas & Li,
2016). The cloud computing architecture can also be compromised if the operations of ES are
disrupted. The data encryption ability of a business can also get disrupted due to the
security issues of ES (Liang, 2018). The security plan which can be very much useful to deal
with these issues can be understood from the following illustration.
6SECURITY OF ES
Figure 2: Security plane to deal with the issues of ES
(Source: Gross & Li 2017)
3. Larger IT infrastructure of large scale organizations
Huge IT infrastructure is maintained in most of the large scale organizations to
optimize business operations such as the transfer of data from one business unit to another.
ES is an integral part of the IT infrastructure of the large scale organizations. ES are
increasingly used across diverse types of industries such as the finance, defense, medical
and intelligence. The current trends in security have to be understood so that the effectiveness
of ES is enjoyed by the business organizations (Gross & Li, 2017). The next generation
security models which can be very much useful to deal with the security issues of ES can be
understood from the following diagram.
Figure 2: Security plane to deal with the issues of ES
(Source: Gross & Li 2017)
3. Larger IT infrastructure of large scale organizations
Huge IT infrastructure is maintained in most of the large scale organizations to
optimize business operations such as the transfer of data from one business unit to another.
ES is an integral part of the IT infrastructure of the large scale organizations. ES are
increasingly used across diverse types of industries such as the finance, defense, medical
and intelligence. The current trends in security have to be understood so that the effectiveness
of ES is enjoyed by the business organizations (Gross & Li, 2017). The next generation
security models which can be very much useful to deal with the security issues of ES can be
understood from the following diagram.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SECURITY OF ES
Figure 3: Next generation security model
(Source: Gao et al. 2019)
According to Gao et al. (2019), CITRIX server can be very much useful to deal with
the security issues of the users and the ES. The role of the database vendors is also very much
useful to deal with the overall security issues of the ES such as the weak configuration of
the end point systems of the legacy operating systems, network devices as well as
applications. The older protocols have to be modified in order to deal with the configuration
issues of ES. Unrestricted cloud storage is the other security challenges related of ES as a
result of the compromising the basic access controls, along with this issue any sort of
unpatched software is the other security concern of ESs (Duffield 2017). There are two types
of user accounts which can be opened in an ES and the use of weaker or smaller passwords
can be very much useful to secure the data centers which are connected with the ES. There
are diverse categories of cyber security attacks related with ES such as the phishing emails
and social engineering attacks.
On the other hand, as elaborated by Dong et al (2017), limited time of incorporating
the software, resistance to change, budget constraints, and network issues are the prime
Figure 3: Next generation security model
(Source: Gao et al. 2019)
According to Gao et al. (2019), CITRIX server can be very much useful to deal with
the security issues of the users and the ES. The role of the database vendors is also very much
useful to deal with the overall security issues of the ES such as the weak configuration of
the end point systems of the legacy operating systems, network devices as well as
applications. The older protocols have to be modified in order to deal with the configuration
issues of ES. Unrestricted cloud storage is the other security challenges related of ES as a
result of the compromising the basic access controls, along with this issue any sort of
unpatched software is the other security concern of ESs (Duffield 2017). There are two types
of user accounts which can be opened in an ES and the use of weaker or smaller passwords
can be very much useful to secure the data centers which are connected with the ES. There
are diverse categories of cyber security attacks related with ES such as the phishing emails
and social engineering attacks.
On the other hand, as elaborated by Dong et al (2017), limited time of incorporating
the software, resistance to change, budget constraints, and network issues are the prime
8SECURITY OF ES
security challenges related with ES. Each of these security threats has to be addressed in the
first place with the help of an effective defensive tools and security solutions. According to
Kawanishi et al., (2019), unwanted interference can be restricted using a firewall with the
help of advanced firewalls as well (Appelbaum et al., 2017). The entire flow of the data can
be managed in the first place using a secure router. The researchers of this data source
provided an in depth discussion about the procedures which can be very much useful to deal
with the security issues of ES such as AV scanning technique, IP reputation awareness
and malware scanning. The considerations of enacting an ES can be understood from the
following section of this report.
4. Relevant considerations in the implementation of Enterprise Systems
The different categories of considerations related with the enactment of ES are as
followings:
Integration of ERP: Clarity of business functions must be there and the business
must be getting a competitive edge after enacting the ES.
Business Process Optimization: The functional capabilities of ES have to be
fulfilling its business requirements. The obsolete processes of the business have to be
minimised along with the redundant processes using the BPO.
Enabling cloud ERP: The overhead cost of enacting ES can be minimised in the first
place if cloud based ERP solutions are hosted.
Mobile adaptation and value addition: In order to get intermission free operations
enterprise mobility must be practised. The planning feature of the ERP software can
also be used to enhance the benefit of the ES.
security challenges related with ES. Each of these security threats has to be addressed in the
first place with the help of an effective defensive tools and security solutions. According to
Kawanishi et al., (2019), unwanted interference can be restricted using a firewall with the
help of advanced firewalls as well (Appelbaum et al., 2017). The entire flow of the data can
be managed in the first place using a secure router. The researchers of this data source
provided an in depth discussion about the procedures which can be very much useful to deal
with the security issues of ES such as AV scanning technique, IP reputation awareness
and malware scanning. The considerations of enacting an ES can be understood from the
following section of this report.
4. Relevant considerations in the implementation of Enterprise Systems
The different categories of considerations related with the enactment of ES are as
followings:
Integration of ERP: Clarity of business functions must be there and the business
must be getting a competitive edge after enacting the ES.
Business Process Optimization: The functional capabilities of ES have to be
fulfilling its business requirements. The obsolete processes of the business have to be
minimised along with the redundant processes using the BPO.
Enabling cloud ERP: The overhead cost of enacting ES can be minimised in the first
place if cloud based ERP solutions are hosted.
Mobile adaptation and value addition: In order to get intermission free operations
enterprise mobility must be practised. The planning feature of the ERP software can
also be used to enhance the benefit of the ES.
9SECURITY OF ES
5. Communication skills for dealing with Enterprise Systems.
Intragroup communication is very much significant to deal with ES as there are
numerous technical and non-technical challenges of ES. Both the verbal as well as the non-
verbal communication skills are required to deal with ES. The communication skills required
to deal with the challenges of ES are emotional intelligence, cohesion, and empathy
(Alshammari, 2017). Most of the real time interactions can be done with the help of these
communication skills. The collaboration procedure required in each of the business
organization who deals with ES can be optimised with the help of these communication
skills.
6. Case study 1: Improvement of financial security in Telstra using ES
Telstra which is the largest tele-communication industry in Australia has successfully
incorporated a new ES which has helped them to enhance the quality of daily operations. The
entire cloud computing infrastructure was enhanced after ES is introduced in this
organization. There numerous challenges which are faced while incorporating ES in Telstra.
6.1 Advantages
The business operations with the subsidiary organizations of Telstra have improved
after the introduction of ES. The performance of the scalable applications has improved
after the ES successfully incorporated in Telstra. Supervision activities of this business and
the entire IP network of this business are enhanced after this tool is amalgamated in Telstra.
The cutting edge solutions which are provided by this software were also boosted after the
introduction of ES (Enterprise, 2020). The cost of ownership have also enhanced after this
software is installed with the different types of computer systems in this business. The in-
house management of Telstra was improved due to ESs.
5. Communication skills for dealing with Enterprise Systems.
Intragroup communication is very much significant to deal with ES as there are
numerous technical and non-technical challenges of ES. Both the verbal as well as the non-
verbal communication skills are required to deal with ES. The communication skills required
to deal with the challenges of ES are emotional intelligence, cohesion, and empathy
(Alshammari, 2017). Most of the real time interactions can be done with the help of these
communication skills. The collaboration procedure required in each of the business
organization who deals with ES can be optimised with the help of these communication
skills.
6. Case study 1: Improvement of financial security in Telstra using ES
Telstra which is the largest tele-communication industry in Australia has successfully
incorporated a new ES which has helped them to enhance the quality of daily operations. The
entire cloud computing infrastructure was enhanced after ES is introduced in this
organization. There numerous challenges which are faced while incorporating ES in Telstra.
6.1 Advantages
The business operations with the subsidiary organizations of Telstra have improved
after the introduction of ES. The performance of the scalable applications has improved
after the ES successfully incorporated in Telstra. Supervision activities of this business and
the entire IP network of this business are enhanced after this tool is amalgamated in Telstra.
The cutting edge solutions which are provided by this software were also boosted after the
introduction of ES (Enterprise, 2020). The cost of ownership have also enhanced after this
software is installed with the different types of computer systems in this business. The in-
house management of Telstra was improved due to ESs.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10SECURITY OF ES
6.2 Analysis:
Based on the financial report of Telstra it can be said that the incorporation of ES has
provided this organization a growth of 3.6%. The total annual income of this organization
enhanced from $27807M to $28841M. The net profitability also enhanced after the
introduction of ES. The following diagram can be very much useful to see the business
growth after considering ES.
Figure 1: Improvement of the financial security
(Source: Erturk 2019).
Problems faced: The prime problems faced while installing this software are lack of
effective training sessions and poor data entry capability of the resources of Telstra. The
management of the record date and payment record enhanced using this software as well.
Strength and weakness of the case study: This case study was very much useful to
understand how the financial security of the management of Telstra enhanced after the
incorporation of an Enterprise System. The case study provided detailed explanation of the
margin of profit which has increased in Telstra over the last few years. This was one of the
6.2 Analysis:
Based on the financial report of Telstra it can be said that the incorporation of ES has
provided this organization a growth of 3.6%. The total annual income of this organization
enhanced from $27807M to $28841M. The net profitability also enhanced after the
introduction of ES. The following diagram can be very much useful to see the business
growth after considering ES.
Figure 1: Improvement of the financial security
(Source: Erturk 2019).
Problems faced: The prime problems faced while installing this software are lack of
effective training sessions and poor data entry capability of the resources of Telstra. The
management of the record date and payment record enhanced using this software as well.
Strength and weakness of the case study: This case study was very much useful to
understand how the financial security of the management of Telstra enhanced after the
incorporation of an Enterprise System. The case study provided detailed explanation of the
margin of profit which has increased in Telstra over the last few years. This was one of the
11SECURITY OF ES
most engaging content of the case study. There are no real limitations in this case study as it
discusses the general problems which were faced while incorporating the software as well.
6.2 Case study 2: Security Metrics and Risk Analysis for Enterprise
Systems
Maintaining data security is one of the most significant challenges which are faced
by the commercial business organizations. The NIST cyber security framework is very
much significant to understand the priorities of the selection of the framework (Shackelford
et al., 2015). The cyber security activities of the business can also be enhanced with the help
of the NIST framework. The detailed description of the functions of this framework can be
understood from the following illustration as well.
Figure 2: Cyber security framework
(Source: Singha & Ou, 2017)
most engaging content of the case study. There are no real limitations in this case study as it
discusses the general problems which were faced while incorporating the software as well.
6.2 Case study 2: Security Metrics and Risk Analysis for Enterprise
Systems
Maintaining data security is one of the most significant challenges which are faced
by the commercial business organizations. The NIST cyber security framework is very
much significant to understand the priorities of the selection of the framework (Shackelford
et al., 2015). The cyber security activities of the business can also be enhanced with the help
of the NIST framework. The detailed description of the functions of this framework can be
understood from the following illustration as well.
Figure 2: Cyber security framework
(Source: Singha & Ou, 2017)
12SECURITY OF ES
6.2.1 Improving cyber security program
The different steps of enhancing a cyber-security program are prioritisation and
scope of the program. The orientation of the business has to be understood in the first place
with the help of the IT experts. A through risk assessment has to be conducted to analyse the
operating environment. The following step is the creation of an action plan which can address
the gaps and monitor the target profile.
6.2.2 Challenges
The challenges which are faced while introducing this tool for the first time are
management of the database server, management of the intrusion attacks, managing the
security of the network configuration, managing the future security investments,
selection of the system security model and analysis tool.
The hundreds of hosts in the enterprise networks, along with different application
is one of the main challenges of security risk analysis using attack graphs. Finding
information about exploits is the other challenge of this procedure.
6.2.3 Enterprise security management
The network configuration of a business can be enhanced in the first place with the
help of ES. This software is very much useful to provide security of both network as well as
the organizational assets. Access control of a business, the data authentication procedure,
and data security can be enhanced in the first place with the help of this framework. This
framework is very much significant for the growth of new systems such as IDS and the
continuous monitoring system (Kaušpadienė, Ramanauskaitė & Čenys, 2019). Response
planning and the risk mitigation activities can be enhanced using this Enterprise Systems
as well. The components of the framework can be understood with the help of the illustration.
6.2.1 Improving cyber security program
The different steps of enhancing a cyber-security program are prioritisation and
scope of the program. The orientation of the business has to be understood in the first place
with the help of the IT experts. A through risk assessment has to be conducted to analyse the
operating environment. The following step is the creation of an action plan which can address
the gaps and monitor the target profile.
6.2.2 Challenges
The challenges which are faced while introducing this tool for the first time are
management of the database server, management of the intrusion attacks, managing the
security of the network configuration, managing the future security investments,
selection of the system security model and analysis tool.
The hundreds of hosts in the enterprise networks, along with different application
is one of the main challenges of security risk analysis using attack graphs. Finding
information about exploits is the other challenge of this procedure.
6.2.3 Enterprise security management
The network configuration of a business can be enhanced in the first place with the
help of ES. This software is very much useful to provide security of both network as well as
the organizational assets. Access control of a business, the data authentication procedure,
and data security can be enhanced in the first place with the help of this framework. This
framework is very much significant for the growth of new systems such as IDS and the
continuous monitoring system (Kaušpadienė, Ramanauskaitė & Čenys, 2019). Response
planning and the risk mitigation activities can be enhanced using this Enterprise Systems
as well. The components of the framework can be understood with the help of the illustration.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13SECURITY OF ES
Figure 3: Management of cyber security
(Source: Kawanishi et al., 2019)
6.3.1 Common Vulnerability Scoring System (CVSS)
The metric groups of CVSS are base metric group, temporal metric group and
the environmental metric group. Each of these groups is very much significant for the
identification of the computer system vulnerabilities. The pictorial diagram is very much
significant to understand the component of each of the metrics of CVSS.
Figure 6: Components of the matrices
(Source: Almukaynizi et al., 2019)
Attack graphs can be very much useful to deal with the security of the enterprise
networks. How each step can help the attackers to comprise a network with the help of the
Figure 3: Management of cyber security
(Source: Kawanishi et al., 2019)
6.3.1 Common Vulnerability Scoring System (CVSS)
The metric groups of CVSS are base metric group, temporal metric group and
the environmental metric group. Each of these groups is very much significant for the
identification of the computer system vulnerabilities. The pictorial diagram is very much
significant to understand the component of each of the metrics of CVSS.
Figure 6: Components of the matrices
(Source: Almukaynizi et al., 2019)
Attack graphs can be very much useful to deal with the security of the enterprise
networks. How each step can help the attackers to comprise a network with the help of the
14SECURITY OF ES
attack graphs (Liu et al., 2019). The role of the firewall, demilitarised zone is very much
significant for the vulnerability scan of a network and the identification of vulnerabilities.
The entire risk mitigation procedure can be prioritized with the help coming from the network
administrator.
Strength and weakness of the case study: The prime advantage of this case study is
that it provides a detailed explanation of the components of the cyber security framework
component. The scope of improvement of the cyber security program can be understood
from the case study as well. Like the above case study, this case study also does not have any
drawbacks as it provide the challenges of the improvement of the security program. In-depth
discussion of enterprise security management and CVSS was also one of the main metiers
of this case study.
7. Conclusion
There are diverse categories of security issues related with commercial business
organizations such as maintaining data security can be resolved in the first place with the help
of the ESs. ES is very much beneficial for the growth of a business as it can enhance the
flexibility of the business procedures. The compliance issues and the record keeping ability of
business organizations can be enhanced in the first place using the ESs. The plans of enacting
ES are selection of the corporate strategy and process strategy, selection of technology,
identification of the KPI and calculating the ROI. The architecture of an ES includes the
sources of domain knowledge and management procedures like taxonomies. The encryption
ability of a business can also be enhanced using ES. Numerous industries are making the
most out of the ES and the security issues of ES can be addressed in the first place using the
next generation security model and the CITRIX server. The factors which have to be
considered while enacting am ES are integration of the ERP systems, business process
attack graphs (Liu et al., 2019). The role of the firewall, demilitarised zone is very much
significant for the vulnerability scan of a network and the identification of vulnerabilities.
The entire risk mitigation procedure can be prioritized with the help coming from the network
administrator.
Strength and weakness of the case study: The prime advantage of this case study is
that it provides a detailed explanation of the components of the cyber security framework
component. The scope of improvement of the cyber security program can be understood
from the case study as well. Like the above case study, this case study also does not have any
drawbacks as it provide the challenges of the improvement of the security program. In-depth
discussion of enterprise security management and CVSS was also one of the main metiers
of this case study.
7. Conclusion
There are diverse categories of security issues related with commercial business
organizations such as maintaining data security can be resolved in the first place with the help
of the ESs. ES is very much beneficial for the growth of a business as it can enhance the
flexibility of the business procedures. The compliance issues and the record keeping ability of
business organizations can be enhanced in the first place using the ESs. The plans of enacting
ES are selection of the corporate strategy and process strategy, selection of technology,
identification of the KPI and calculating the ROI. The architecture of an ES includes the
sources of domain knowledge and management procedures like taxonomies. The encryption
ability of a business can also be enhanced using ES. Numerous industries are making the
most out of the ES and the security issues of ES can be addressed in the first place using the
next generation security model and the CITRIX server. The factors which have to be
considered while enacting am ES are integration of the ERP systems, business process
15SECURITY OF ES
optimization, enabling the use of the cloud ERP, mobile adaptation and value addition. The
communication skills required to deal with the ES are intragroup communications, emotional
intelligence and empathy. The case study 1 was very much useful to understand the
effectiveness of the incorporation of the ES in Telstra which is one of the biggest
telecommunication organizations of Australia. Case study 2 was very much useful to identify
the security metrics and risk analysis of ESs. The challenges of introducing ES can also be
understood with the help of this case study. The case study was very much significant to
understand the help of ESM and CVSS.
optimization, enabling the use of the cloud ERP, mobile adaptation and value addition. The
communication skills required to deal with the ES are intragroup communications, emotional
intelligence and empathy. The case study 1 was very much useful to understand the
effectiveness of the incorporation of the ES in Telstra which is one of the biggest
telecommunication organizations of Australia. Case study 2 was very much useful to identify
the security metrics and risk analysis of ESs. The challenges of introducing ES can also be
understood with the help of this case study. The case study was very much significant to
understand the help of ESM and CVSS.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16SECURITY OF ES
8. References
Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., & Shakarian, P.
(2019). Patch Before Exploited: An Approach to Identify Targeted Software
Vulnerabilities. In AI in Cybersecurity (pp. 81-113). Springer, Cham.
Alshammari, B. (2017). Enterprise Architecture Security Assessment Framework (EASAF).
JCS, 13(10), 558-571.
Appelbaum, D., Kogan, A., Vasarhelyi, M., & Yan, Z. (2017). Impact of business analytics
and enterprise systems on managerial accounting. International Journal of Accounting
Information Systems, 25, 29-44.
Dong, B., Chen, Z., Wang, H. W., Tang, L. A., Zhang, K., Lin, Y., ... & Chen, H. (2017,
November). Efficient discovery of abnormal event sequences in enterprise security
systems. In Proceedings of the 2017 ACM on Conference on Information and
Knowledge Management (pp. 707-715). ACM.
Duffield, M. (2017). War as a network enterprise: the new security terrain and its
implications. In The Criminology of War (pp. 109-121). Routledge.
Enterprise, B. (2020). Business Systems Care from Telstra Enterprise. Retrieved 20 January
2020, from https://www.telstra.com.au/business-enterprise/products/unified-
communications/collaboration/on-premise/business-systems-care
Erturk, E. (2019). Implementing Enterprise Content Management Services with an Agile
Approach. Business And Management Research, 8(3), 16. doi: 10.5430/bmr.v8n3p16
8. References
Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., & Shakarian, P.
(2019). Patch Before Exploited: An Approach to Identify Targeted Software
Vulnerabilities. In AI in Cybersecurity (pp. 81-113). Springer, Cham.
Alshammari, B. (2017). Enterprise Architecture Security Assessment Framework (EASAF).
JCS, 13(10), 558-571.
Appelbaum, D., Kogan, A., Vasarhelyi, M., & Yan, Z. (2017). Impact of business analytics
and enterprise systems on managerial accounting. International Journal of Accounting
Information Systems, 25, 29-44.
Dong, B., Chen, Z., Wang, H. W., Tang, L. A., Zhang, K., Lin, Y., ... & Chen, H. (2017,
November). Efficient discovery of abnormal event sequences in enterprise security
systems. In Proceedings of the 2017 ACM on Conference on Information and
Knowledge Management (pp. 707-715). ACM.
Duffield, M. (2017). War as a network enterprise: the new security terrain and its
implications. In The Criminology of War (pp. 109-121). Routledge.
Enterprise, B. (2020). Business Systems Care from Telstra Enterprise. Retrieved 20 January
2020, from https://www.telstra.com.au/business-enterprise/products/unified-
communications/collaboration/on-premise/business-systems-care
Erturk, E. (2019). Implementing Enterprise Content Management Services with an Agile
Approach. Business And Management Research, 8(3), 16. doi: 10.5430/bmr.v8n3p16
17SECURITY OF ES
Gao, P., Xiao, X., Li, D., Li, Z., Jee, K., Wu, Z., ... & Mittal, P. (2019). A Stream-based
Query System for Efficiently Detecting Abnormal System Behaviors for Enterprise
Security. arXiv preprint arXiv:1903.08159.
Gao, P., Xiao, X., Li, Z., Jee, K., Xu, F., Kulkarni, S. R., & Mittal, P. (2019). A query system
for efficiently investigating complex attack behaviors for enterprise security.
Proceedings of the VLDB Endowment, 12(12), 1802-1805.
Gross, K. C., & Li, M. (2017). Method for Improved IoT Prognostics and Improved
Prognostic Cyber Security for Enterprise Computing Systems. In Proceedings on the
International Conference on Artificial Intelligence (ICAI) (pp. 328-334). The Steering
Committee of The World Congress in Computer Science, Computer Engineering and
Applied Computing (WorldComp).
Kaušpadienė, L., Ramanauskaitė, S., & Čenys, A. (2019). Information security management
framework suitability estimation for small and medium enterprise. Technological and
Economic Development of Economy, 1-19.
Kawanishi, Y., Nishihara, H., Souma, D., Yoshida, H., & Hata, Y. (2019). A Comparative
Study of JASO TP15002-Based Security Risk Assessment Methods for Connected
Vehicle System Design. Security and Communication Networks, 2019.
Li, S., Tryfonas, T., & Li, H. (2016). The Internet of Things: a security point of view.
Internet Research, 26(2), 337-359.
Liang, X. (2018, July). Discussion on Information Security of Enterprise Network. In 2018
International Symposium on Communication Engineering & Computer Science
(CECS 2018). Atlantis Press.
Gao, P., Xiao, X., Li, D., Li, Z., Jee, K., Wu, Z., ... & Mittal, P. (2019). A Stream-based
Query System for Efficiently Detecting Abnormal System Behaviors for Enterprise
Security. arXiv preprint arXiv:1903.08159.
Gao, P., Xiao, X., Li, Z., Jee, K., Xu, F., Kulkarni, S. R., & Mittal, P. (2019). A query system
for efficiently investigating complex attack behaviors for enterprise security.
Proceedings of the VLDB Endowment, 12(12), 1802-1805.
Gross, K. C., & Li, M. (2017). Method for Improved IoT Prognostics and Improved
Prognostic Cyber Security for Enterprise Computing Systems. In Proceedings on the
International Conference on Artificial Intelligence (ICAI) (pp. 328-334). The Steering
Committee of The World Congress in Computer Science, Computer Engineering and
Applied Computing (WorldComp).
Kaušpadienė, L., Ramanauskaitė, S., & Čenys, A. (2019). Information security management
framework suitability estimation for small and medium enterprise. Technological and
Economic Development of Economy, 1-19.
Kawanishi, Y., Nishihara, H., Souma, D., Yoshida, H., & Hata, Y. (2019). A Comparative
Study of JASO TP15002-Based Security Risk Assessment Methods for Connected
Vehicle System Design. Security and Communication Networks, 2019.
Li, S., Tryfonas, T., & Li, H. (2016). The Internet of Things: a security point of view.
Internet Research, 26(2), 337-359.
Liang, X. (2018, July). Discussion on Information Security of Enterprise Network. In 2018
International Symposium on Communication Engineering & Computer Science
(CECS 2018). Atlantis Press.
18SECURITY OF ES
Liu, Y., Wang, Z., Zhang, Y., Shi, P., & Shao, X. (2019, April). Study on Vulnerability
Rating of the Intelligent and Connected Vehicle’s Cybersecurity. In Journal of
Physics: Conference Series (Vol. 1187, No. 5, p. 052054). IOP Publishing.
Liu, Y., Zhang, M., Li, D., Jee, K., Li, Z., Wu, Z., ... & Mittal, P. (2018). Towards a Timely
Causality Analysis for Enterprise Security. In NDSS.
Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., & Wieringa, R. (2019). An
integrated conceptual model for information system security risk management
supported by enterprise architecture management. Software & Systems Modeling,
18(3), 2285-2312.
Nurse, J. R., Radanliev, P., Creese, S., & De Roure, D. (2018). If you can't understand it, you
can't properly assess it! The reality of assessing security risks in Internet of Things
systems.
Panetto, H., Zdravkovic, M., Jardim-Goncalves, R., Romero, D., Cecil, J., & Mezgár, I.
(2016). New perspectives for the future interoperable enterprise systems. Computers
in Industry, 79, 47-63.
Pendleton, M., Garcia-Lebron, R., Cho, J. H., & Xu, S. (2016). A survey on systems security
metrics. ACM Computing Surveys (CSUR), 49(4), 1-35.
Popplewell, K., Thoben, K. D., Knothe, T., & Poler, R. (2019). Enterprise Interoperability
VIII. Springer International Publishing.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST
cybersecurity framework on shaping reasonable national and international
cybersecurity practices. Tex. Int'l LJ, 50, 305.
Liu, Y., Wang, Z., Zhang, Y., Shi, P., & Shao, X. (2019, April). Study on Vulnerability
Rating of the Intelligent and Connected Vehicle’s Cybersecurity. In Journal of
Physics: Conference Series (Vol. 1187, No. 5, p. 052054). IOP Publishing.
Liu, Y., Zhang, M., Li, D., Jee, K., Li, Z., Wu, Z., ... & Mittal, P. (2018). Towards a Timely
Causality Analysis for Enterprise Security. In NDSS.
Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., & Wieringa, R. (2019). An
integrated conceptual model for information system security risk management
supported by enterprise architecture management. Software & Systems Modeling,
18(3), 2285-2312.
Nurse, J. R., Radanliev, P., Creese, S., & De Roure, D. (2018). If you can't understand it, you
can't properly assess it! The reality of assessing security risks in Internet of Things
systems.
Panetto, H., Zdravkovic, M., Jardim-Goncalves, R., Romero, D., Cecil, J., & Mezgár, I.
(2016). New perspectives for the future interoperable enterprise systems. Computers
in Industry, 79, 47-63.
Pendleton, M., Garcia-Lebron, R., Cho, J. H., & Xu, S. (2016). A survey on systems security
metrics. ACM Computing Surveys (CSUR), 49(4), 1-35.
Popplewell, K., Thoben, K. D., Knothe, T., & Poler, R. (2019). Enterprise Interoperability
VIII. Springer International Publishing.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST
cybersecurity framework on shaping reasonable national and international
cybersecurity practices. Tex. Int'l LJ, 50, 305.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19SECURITY OF ES
Simpson, W. R., & Foltz, K. E. (2017, July). Assured identity for enterprise level security. In
Proceedings of the World Congress on Engineering 2017 (pp. 5-7).
Singhal, A. (2017). Security Metrics and Risk Analysis for Enterprise Systems.
Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using probabilistic
attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Tabatabaei, M., & Harris, J. K. (2019). A MODEL GRADUATE ENTERPRISE SECURITY
COURSE. Issues in Information Systems, 20(3).
Simpson, W. R., & Foltz, K. E. (2017, July). Assured identity for enterprise level security. In
Proceedings of the World Congress on Engineering 2017 (pp. 5-7).
Singhal, A. (2017). Security Metrics and Risk Analysis for Enterprise Systems.
Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using probabilistic
attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Tabatabaei, M., & Harris, J. K. (2019). A MODEL GRADUATE ENTERPRISE SECURITY
COURSE. Issues in Information Systems, 20(3).
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.