Information and Network Security: Threats and Solutions Report
VerifiedAdded on  2019/11/19
|12
|4203
|461
Report
AI Summary
This report focuses on information and network security, particularly for online businesses. It begins with an executive summary highlighting the importance of data protection and the increasing threats faced by organizations. The report then delves into the components of information security, including confidentiality, integrity, and availability, and emphasizes their importance. It identifies various threats such as hacking, malware, and third-party access, while offering solutions like updated antivirus software, firewalls, and user awareness. The report further discusses information and network security controls and applications, concluding with recommendations for strengthening security measures. The report also includes an introduction that provides background information on the company and its goals, including the expansion of its operations into offering information and network security services to online businesses. The report aims to assess the current market, identify success factors, and analyze associated risks.
Running head: Professional Skills in Information Technology 1
Professional Skills in Information Technology
Name
Affiliate Institution
Professional Skills in Information Technology
Name
Affiliate Institution
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: Professional Skills in Information Technology 2
Executive summary
The safety and protection of the company’s information and network should be the top priority.
Information and data shared and transferred over the internet or via a network is very vulnerable
to attackers. Data can be tapped or information can be hacked into if proper information and
network security are not put in place. Threats to information are increasing every day and include
hacking, tapping, denial of service attacks, viruses that destroys data, mobile malware, phishing
among others. Therefore, it is the responsibility of not only the information security team but the
entire company’s employees to ensure that there are no loop holes to violation of data integrity.
The company should make sure that preventive, detective, corrective, deterrent and recovery
controls are properly structured and implemented.
Confidentiality, integrity and availability of information is a key goal or objective that should be
met at all times. The company will be holding large amount of private data for example in the
gambling website and such personal information should always be kept confidential and no third
party is accessing this information without authorization.
The company is recommended to ensure that proper policies, guidelines and measures are put in
place and ensure that every employee adheres to them at all times. The company should also
install firewalls, up-to-date powerful antiviruses, install intrusion prevention and detection
mechanism, and perform regular data and information backups to ensure that in case of any data
loss they can quickly recover. Also disaster recovery techniques should be put in place.
Executive summary
The safety and protection of the company’s information and network should be the top priority.
Information and data shared and transferred over the internet or via a network is very vulnerable
to attackers. Data can be tapped or information can be hacked into if proper information and
network security are not put in place. Threats to information are increasing every day and include
hacking, tapping, denial of service attacks, viruses that destroys data, mobile malware, phishing
among others. Therefore, it is the responsibility of not only the information security team but the
entire company’s employees to ensure that there are no loop holes to violation of data integrity.
The company should make sure that preventive, detective, corrective, deterrent and recovery
controls are properly structured and implemented.
Confidentiality, integrity and availability of information is a key goal or objective that should be
met at all times. The company will be holding large amount of private data for example in the
gambling website and such personal information should always be kept confidential and no third
party is accessing this information without authorization.
The company is recommended to ensure that proper policies, guidelines and measures are put in
place and ensure that every employee adheres to them at all times. The company should also
install firewalls, up-to-date powerful antiviruses, install intrusion prevention and detection
mechanism, and perform regular data and information backups to ensure that in case of any data
loss they can quickly recover. Also disaster recovery techniques should be put in place.
Running head: Professional Skills in Information Technology 3
Table of Contents
Executive summary.........................................................................................................................2
Introduction......................................................................................................................................4
Information and Network Security..................................................................................................4
Components of Information Security..............................................................................................5
Importance of Information and Network security...........................................................................5
Threats to Information and Network Security.................................................................................6
Solutions to Information Security Threats.......................................................................................7
Information and Network Security Controls...................................................................................8
Network Security Applications........................................................................................................9
Conclusion.......................................................................................................................................9
Recommendation...........................................................................................................................10
References......................................................................................................................................11
Table 1: Summary of Types of Controls......................................................................................................9
Table of Contents
Executive summary.........................................................................................................................2
Introduction......................................................................................................................................4
Information and Network Security..................................................................................................4
Components of Information Security..............................................................................................5
Importance of Information and Network security...........................................................................5
Threats to Information and Network Security.................................................................................6
Solutions to Information Security Threats.......................................................................................7
Information and Network Security Controls...................................................................................8
Network Security Applications........................................................................................................9
Conclusion.......................................................................................................................................9
Recommendation...........................................................................................................................10
References......................................................................................................................................11
Table 1: Summary of Types of Controls......................................................................................................9
Running head: Professional Skills in Information Technology 4
Introduction
Security has become a top most concern in the information and communication technology,
societal development and economic environments recently. Data and information transfer is
being done through information systems and networks now which was impossible a few years
ago. Information systems and networks have been expanding expeditiously coupled with
increasing number of network users and transaction values has led to rise in concerns about their
security. When a business is planning to expand its operations information security is one key
prerequisite that has to be critically considered.
This study is about an organization in Melbourne Australia that deals with development and
customization of network and information security applications and software. Its customers are
from the major cities of Australia and ranges from small to medium sized firms. Currently, it
majors in projects to develop in-house software or liaises with bigger companies to offer custom-
off-the-shelf applications. The company currently wants to expand and identify other options to
venture in other than application development in the next five years to other parts of Australia
and the rest of the world.
The company is considering diversifying its operations into offering information and network
security to online business that require maintaining online security for such firms including
customer database and websites.
This report is focused on assessing information and network security software and applications
currently I the market. It also focuses on identifying the success and failure factors in different
industries.
The objective of this report includes; investigation of the possibility of expansion, identification
and assessment of information and network security used across the world, recommendation on
how these software and application can be used to expand the company, and analysis of risks
associated with the recommendation.
Information and Network Security
Information security refers to guarding information systems from unauthorized access,
modification, use, destruction or disclosure of data within these systems. On the other hand,
network security refers to any activity structured to guard and protect the integrity and usability
of network data and information. (Cole, 2013).
People using technology should have a wide knowledge about the critical aspects and important
standards and how to implement specific procedures in order to stay secured of threats and
attacks. Over the years’ information theft, manipulation and destruction has been on the rise for
individual gain or greed. Exchange of digital information across the globe is happening every
second for example when one swipes a credit card a lot of information is distributed like
transaction details are sent to their mail addresses, and other several things happen. It is the duty
Introduction
Security has become a top most concern in the information and communication technology,
societal development and economic environments recently. Data and information transfer is
being done through information systems and networks now which was impossible a few years
ago. Information systems and networks have been expanding expeditiously coupled with
increasing number of network users and transaction values has led to rise in concerns about their
security. When a business is planning to expand its operations information security is one key
prerequisite that has to be critically considered.
This study is about an organization in Melbourne Australia that deals with development and
customization of network and information security applications and software. Its customers are
from the major cities of Australia and ranges from small to medium sized firms. Currently, it
majors in projects to develop in-house software or liaises with bigger companies to offer custom-
off-the-shelf applications. The company currently wants to expand and identify other options to
venture in other than application development in the next five years to other parts of Australia
and the rest of the world.
The company is considering diversifying its operations into offering information and network
security to online business that require maintaining online security for such firms including
customer database and websites.
This report is focused on assessing information and network security software and applications
currently I the market. It also focuses on identifying the success and failure factors in different
industries.
The objective of this report includes; investigation of the possibility of expansion, identification
and assessment of information and network security used across the world, recommendation on
how these software and application can be used to expand the company, and analysis of risks
associated with the recommendation.
Information and Network Security
Information security refers to guarding information systems from unauthorized access,
modification, use, destruction or disclosure of data within these systems. On the other hand,
network security refers to any activity structured to guard and protect the integrity and usability
of network data and information. (Cole, 2013).
People using technology should have a wide knowledge about the critical aspects and important
standards and how to implement specific procedures in order to stay secured of threats and
attacks. Over the years’ information theft, manipulation and destruction has been on the rise for
individual gain or greed. Exchange of digital information across the globe is happening every
second for example when one swipes a credit card a lot of information is distributed like
transaction details are sent to their mail addresses, and other several things happen. It is the duty
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: Professional Skills in Information Technology 5
of the associated companies and organization to make sure that such information is kept private
and confidential. (Subil, & Suku, 2014).
Components of Information Security
Information security objectives
A company that aims to implement a working internet service provider should possess clear
goals pertaining security and plan of action to which the management have agreed upon. If
disagreements exist among the management, it may cause security of the information to be at
risk and dysfunctional. The crucial aspect that a security expert should have in mind always is
that him/ her having knowledge on security administration convention will enable him to include
in the draft documentation and assures plenum, practicality and quality. (Subil, & Suku, 2014).
Making the language of policies simple and easy to understand smoothens the differences and
assures agreement among the management staff.
According to Kizza, (2017), information security should be designed to achieve the three main
objectives:
Confidentiality – data and information about persons, properties, places that have been declared
private should not be disclosed to outside parties and must be solely accessed by authorized
parties only.
Integrity – accuracy and completeness of data and information should be kept as it is through
this that important decisions are made by companies, governments and individuals on the way
forward.
Availability –this objective ensures that data and information is available to authorized users at
all times so as not to delay company’s operations and execution of duties.
Importance of Information and Network security
Information and network security accomplishes four fundamental functions for any organization
which assures safety of application activities implemented in the company’s infrastructure,
safeguards collected data and information, technology properties and guarantees functionality of
the company’s operations. (Stewart, 2014).
It allows the safe running of application activities invoked in the form’s it systems. For data and
information to be kept safe, enterprises must have put in place suitable applications and
structures like firewalls and antiviruses. Software installed should also be protected beside data
and information as they may lead to loss or destruction of critical resources. (Vacca, 2013).
Data and information left exposed can be penetrated and accessed by anybody. If unauthorized
users get hold of such information, it can cause severe damage both to the business and
individuals and may lead to drastic loses in the business. Information security software makes
sure that suitable and crucial information is protected at all cost. Furthermore, protecting
of the associated companies and organization to make sure that such information is kept private
and confidential. (Subil, & Suku, 2014).
Components of Information Security
Information security objectives
A company that aims to implement a working internet service provider should possess clear
goals pertaining security and plan of action to which the management have agreed upon. If
disagreements exist among the management, it may cause security of the information to be at
risk and dysfunctional. The crucial aspect that a security expert should have in mind always is
that him/ her having knowledge on security administration convention will enable him to include
in the draft documentation and assures plenum, practicality and quality. (Subil, & Suku, 2014).
Making the language of policies simple and easy to understand smoothens the differences and
assures agreement among the management staff.
According to Kizza, (2017), information security should be designed to achieve the three main
objectives:
Confidentiality – data and information about persons, properties, places that have been declared
private should not be disclosed to outside parties and must be solely accessed by authorized
parties only.
Integrity – accuracy and completeness of data and information should be kept as it is through
this that important decisions are made by companies, governments and individuals on the way
forward.
Availability –this objective ensures that data and information is available to authorized users at
all times so as not to delay company’s operations and execution of duties.
Importance of Information and Network security
Information and network security accomplishes four fundamental functions for any organization
which assures safety of application activities implemented in the company’s infrastructure,
safeguards collected data and information, technology properties and guarantees functionality of
the company’s operations. (Stewart, 2014).
It allows the safe running of application activities invoked in the form’s it systems. For data and
information to be kept safe, enterprises must have put in place suitable applications and
structures like firewalls and antiviruses. Software installed should also be protected beside data
and information as they may lead to loss or destruction of critical resources. (Vacca, 2013).
Data and information left exposed can be penetrated and accessed by anybody. If unauthorized
users get hold of such information, it can cause severe damage both to the business and
individuals and may lead to drastic loses in the business. Information security software makes
sure that suitable and crucial information is protected at all cost. Furthermore, protecting
Running head: Professional Skills in Information Technology 6
business data is a duty and ensures that confidentiality aspect is kept. (Eunice & Kermarrec,
2014).
In an enterprise, information is a crucial resource and is vital for the business operations and thus
should be safeguarded from any unauthorized access. Interconnection among several businesses
in the same field is rapidly increasing and thus widens vulnerability and threat index of
organizational data and information. Competitors may decide to create destruction like hacking,
denial of service attacks and use of malicious codes across the network. (Gupta, Agrawal &
Yamaguchi, 2016)
An organization keeps a lot of information about their clients which are extremely important
like, credit cards information and it is the duty of the company to ensure that such data is always
kept safe and secured from any unauthorized access by third parties which may use this personal
information for impersonation. It is the duty of both general and IT management to make sure
that information security objective and goal are met at all time, that is, confidentiality, integrity
and availability. (Sasith, Chris, & Pubudu, 2016).
Threats to Information and Network Security
According to Mivule (2017), creativity in business is acquired through modern technology and
continuous internet connection by societies even in bootleg market. Internet criminals are
continuously looking for loop holes to get into protected across the globe. Due to increasing
challenges in information security, every organization should always remain alert and prepared.
The following are some of the threats to data security:
Technology with feeble controls – technology keeps evolving daily and new threats are
emerging. Devices with inadequate security features installed in them tend to be vulnerable to
these threats when connected to the internet. This tends to demonstrates a very critical risk
because every unconstrained interconnection is subject to vulnerability. Fast growth of
technology is a tribute to innovators. (Kizza, 2017).
Mobile Malware – security professional have found vulnerability loop holes in mobile gadgets
ever since they began accessing the internet. There is a long list of today’s mobile attacks and
users tend to ignore the risks they are getting themselves into. Bearing in mind of our strong
culture’s dependence on mobile devices and the way internet criminals are targeting them
insignificantly develops a dangerous threat to them. (Cole, 2013).
Foreign/ Third-party access – internet criminals get to choose the section with the least
protection. They focus on tricking the young generation to falling into their traps. (Mivule, 2017)
Disregarding Proper Configuration – large data equipment is associated with their ability to be
built to align with an organization’s requirements. Organizations constantly disregard the
significance of setting up security configurations well. (Kizza, 2017)
Out of dated Security programs – updating security programs is a very essential management
practice and a required step in safeguarding the company’s information. Programs are built to
protect the information systems from known dangers. As such any advanced and recent
business data is a duty and ensures that confidentiality aspect is kept. (Eunice & Kermarrec,
2014).
In an enterprise, information is a crucial resource and is vital for the business operations and thus
should be safeguarded from any unauthorized access. Interconnection among several businesses
in the same field is rapidly increasing and thus widens vulnerability and threat index of
organizational data and information. Competitors may decide to create destruction like hacking,
denial of service attacks and use of malicious codes across the network. (Gupta, Agrawal &
Yamaguchi, 2016)
An organization keeps a lot of information about their clients which are extremely important
like, credit cards information and it is the duty of the company to ensure that such data is always
kept safe and secured from any unauthorized access by third parties which may use this personal
information for impersonation. It is the duty of both general and IT management to make sure
that information security objective and goal are met at all time, that is, confidentiality, integrity
and availability. (Sasith, Chris, & Pubudu, 2016).
Threats to Information and Network Security
According to Mivule (2017), creativity in business is acquired through modern technology and
continuous internet connection by societies even in bootleg market. Internet criminals are
continuously looking for loop holes to get into protected across the globe. Due to increasing
challenges in information security, every organization should always remain alert and prepared.
The following are some of the threats to data security:
Technology with feeble controls – technology keeps evolving daily and new threats are
emerging. Devices with inadequate security features installed in them tend to be vulnerable to
these threats when connected to the internet. This tends to demonstrates a very critical risk
because every unconstrained interconnection is subject to vulnerability. Fast growth of
technology is a tribute to innovators. (Kizza, 2017).
Mobile Malware – security professional have found vulnerability loop holes in mobile gadgets
ever since they began accessing the internet. There is a long list of today’s mobile attacks and
users tend to ignore the risks they are getting themselves into. Bearing in mind of our strong
culture’s dependence on mobile devices and the way internet criminals are targeting them
insignificantly develops a dangerous threat to them. (Cole, 2013).
Foreign/ Third-party access – internet criminals get to choose the section with the least
protection. They focus on tricking the young generation to falling into their traps. (Mivule, 2017)
Disregarding Proper Configuration – large data equipment is associated with their ability to be
built to align with an organization’s requirements. Organizations constantly disregard the
significance of setting up security configurations well. (Kizza, 2017)
Out of dated Security programs – updating security programs is a very essential management
practice and a required step in safeguarding the company’s information. Programs are built to
protect the information systems from known dangers. As such any advanced and recent
Running head: Professional Skills in Information Technology 7
mischievous lines of code striking an outdated form of security program will go unidentified.
(Kumar, Singh & Jayanthi, 2016).
Missing Encryption Capabilities– safeguarding sensitive company information in transfer and at
storage is an action that a small number of companies have failed to implement, even though it is
efficiency. (Cole, 2017)
Corporate information on Personal gadgets – Whether a company allocates company
communication devices like laptops, tablets and phones or not, classified information can still be
obtained on private gadgets. Management of mobile equipment continue to restrict operations
but limiting this weak points hasn’t been prioritized by several companies. (Stewart, 2014).
Solutions to Information Security Threats
Make sure the anti-virus application is always up-to-date- new computer bugs are being
distributed and it is important that businesses are safeguarded from these bugs by updating anti-
virus software. Organizations should ensure that the devices that lack updated anti-virus software
are denied network connection. (Sundar, & Kumar, 2016).
Apply a firewall to safeguard networks- since computer bugs can distribute by other ways other
than email, it is essential that undesirable traffic is hindered from accessing the network by use
of a firewall. For users that utilize devices like personal firewall, laptops or PCs for jobs at home
that are away from the protection of the organizations network, should be installed to make sure
the devices are safeguarded. (Radia, 2016).
Filter all email traffic- outgoing and incoming email should be refined for computer viruses. This
filter should appealingly be at the circumference of the network to avoid computer bugs. Emails
with some file possessions normally used by computer bugs to spread themselves, for instance
SCR, EXE, and .COM files, should also be blocked from accessing the network. (Stewart,
2014).
Teach all users to be cautious of suspicious e-mails- make sure that all users are aware to avoid
opening unexpected attachments on an email. Even when the email is appearing from a known
source, alertness should be practiced when accessing attachments in emails. Criminals take
advantage of the trust planted in an email to trick people into opening an attachment or a link.
(Sundar, & Kumar, 2016).
Scan Internet Downloads- make sure that all documents downloaded from the Internet are
checked for computer bugs before being employed. Scanning should be performed from one
central place on the network to make sure that all documents are properly checked. (Mivule,
2017)
Don’t execute programs of unknown source- It is essential that you apply a trusted origin for
your software needs. This is to make sure that all software configured can be dependable and that
its origin can be proved to be authentic. Apart from making sure that the right licensing
agreements are established, adopting a trusted supplier can assist in minimizing the risk of
software infected with a bugs endangering your business. Awareness on running computer
mischievous lines of code striking an outdated form of security program will go unidentified.
(Kumar, Singh & Jayanthi, 2016).
Missing Encryption Capabilities– safeguarding sensitive company information in transfer and at
storage is an action that a small number of companies have failed to implement, even though it is
efficiency. (Cole, 2017)
Corporate information on Personal gadgets – Whether a company allocates company
communication devices like laptops, tablets and phones or not, classified information can still be
obtained on private gadgets. Management of mobile equipment continue to restrict operations
but limiting this weak points hasn’t been prioritized by several companies. (Stewart, 2014).
Solutions to Information Security Threats
Make sure the anti-virus application is always up-to-date- new computer bugs are being
distributed and it is important that businesses are safeguarded from these bugs by updating anti-
virus software. Organizations should ensure that the devices that lack updated anti-virus software
are denied network connection. (Sundar, & Kumar, 2016).
Apply a firewall to safeguard networks- since computer bugs can distribute by other ways other
than email, it is essential that undesirable traffic is hindered from accessing the network by use
of a firewall. For users that utilize devices like personal firewall, laptops or PCs for jobs at home
that are away from the protection of the organizations network, should be installed to make sure
the devices are safeguarded. (Radia, 2016).
Filter all email traffic- outgoing and incoming email should be refined for computer viruses. This
filter should appealingly be at the circumference of the network to avoid computer bugs. Emails
with some file possessions normally used by computer bugs to spread themselves, for instance
SCR, EXE, and .COM files, should also be blocked from accessing the network. (Stewart,
2014).
Teach all users to be cautious of suspicious e-mails- make sure that all users are aware to avoid
opening unexpected attachments on an email. Even when the email is appearing from a known
source, alertness should be practiced when accessing attachments in emails. Criminals take
advantage of the trust planted in an email to trick people into opening an attachment or a link.
(Sundar, & Kumar, 2016).
Scan Internet Downloads- make sure that all documents downloaded from the Internet are
checked for computer bugs before being employed. Scanning should be performed from one
central place on the network to make sure that all documents are properly checked. (Mivule,
2017)
Don’t execute programs of unknown source- It is essential that you apply a trusted origin for
your software needs. This is to make sure that all software configured can be dependable and that
its origin can be proved to be authentic. Apart from making sure that the right licensing
agreements are established, adopting a trusted supplier can assist in minimizing the risk of
software infected with a bugs endangering your business. Awareness on running computer
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: Professional Skills in Information Technology 8
programs from known source or trustworthy persons or company should be created. (Gupta,
Agrawal & Yamaguchi, 2016).
Make common backups of critical information- It is essential to make sure that regular duplicates
of important documents are stored either on removable media like tapes or portable drives to
make sure there is availability of a trusted origin for information in the occasion that the network
is corrupted with a computer bug. Backups will also enhance the organization to put back
systems to software that are free from infection of computer bugs. Backups should be stored in a
securely offsite to enhance added security. In case a major calamity happens to the organization,
like the building going on fire, the information will remain secured in the safe offsite area and
can be reestablished faster in a new facility. (Talabis, & Martin, 2013).
Information and Network Security Controls
Types of Controls
Security controls can be grouped depending on the functionality; they include administrative,
preventive, deterrent, detective or recovery and according to area/ platform of use; they include
technical, physical or administrative. Technical controls include authentication systems, file
encryption system, firewalls or intrusion detection systems. Physical controls entails structures as
air conditioners, doors, flood protection, fire extinguishers and secure facilities. Administrative
controls include information security guidelines, procedures and policies developed by the
company. (Gunnam, & Kumar, 2017).
Preventive Controls
These are the first level defense mechanism that attackers meet. It tries to block any unauthorized
access by implementing access control. It may be physical- like burglar proofing, technical- like
firewalls or administrative- like security procedures and clearances. (Talabis, & Martin, 2013).
Detective Controls
As the name suggests this security layer is structure so as to identify and detect any intrusion in
to the system and alert the implementation of counter measure by information security team. It
includes; file integrity, cryptographic check sums, audit trials among others. (Gupta, Agrawal &
Yamaguchi, 2016).
Corrective Controls
These type of controls are used to try cure the system intrusion and violation that has already
occurred to the system. It tries to fix the violated system status. They may be technical or
administrative and widely varies. (Gupta, Agrawal & Yamaguchi, 2016).
Deterrent Controls
These controls are implemented so as to deter and discourage attacker from performing a
particular violation or intrusion. Examples include sound security systems like alarms and lights.
(Talabis, & Martin, 2013).
programs from known source or trustworthy persons or company should be created. (Gupta,
Agrawal & Yamaguchi, 2016).
Make common backups of critical information- It is essential to make sure that regular duplicates
of important documents are stored either on removable media like tapes or portable drives to
make sure there is availability of a trusted origin for information in the occasion that the network
is corrupted with a computer bug. Backups will also enhance the organization to put back
systems to software that are free from infection of computer bugs. Backups should be stored in a
securely offsite to enhance added security. In case a major calamity happens to the organization,
like the building going on fire, the information will remain secured in the safe offsite area and
can be reestablished faster in a new facility. (Talabis, & Martin, 2013).
Information and Network Security Controls
Types of Controls
Security controls can be grouped depending on the functionality; they include administrative,
preventive, deterrent, detective or recovery and according to area/ platform of use; they include
technical, physical or administrative. Technical controls include authentication systems, file
encryption system, firewalls or intrusion detection systems. Physical controls entails structures as
air conditioners, doors, flood protection, fire extinguishers and secure facilities. Administrative
controls include information security guidelines, procedures and policies developed by the
company. (Gunnam, & Kumar, 2017).
Preventive Controls
These are the first level defense mechanism that attackers meet. It tries to block any unauthorized
access by implementing access control. It may be physical- like burglar proofing, technical- like
firewalls or administrative- like security procedures and clearances. (Talabis, & Martin, 2013).
Detective Controls
As the name suggests this security layer is structure so as to identify and detect any intrusion in
to the system and alert the implementation of counter measure by information security team. It
includes; file integrity, cryptographic check sums, audit trials among others. (Gupta, Agrawal &
Yamaguchi, 2016).
Corrective Controls
These type of controls are used to try cure the system intrusion and violation that has already
occurred to the system. It tries to fix the violated system status. They may be technical or
administrative and widely varies. (Gupta, Agrawal & Yamaguchi, 2016).
Deterrent Controls
These controls are implemented so as to deter and discourage attacker from performing a
particular violation or intrusion. Examples include sound security systems like alarms and lights.
(Talabis, & Martin, 2013).
Running head: Professional Skills in Information Technology 9
Recovery Controls
They are almost similar to corrective but in this case recovery controls try to restore the
normalcy of system functionality and resources like data, information and applications.
Examples include data backups, emergency key management, disaster recovery and many others.
(Gupta, Agrawal & Yamaguchi, 2016).
Preventive Detective Corrective Deterrent Recovery
Firewalls Antiviruses Back up data
restoral
Alarms Back up data
restoral
Intrusion prevention
systems
System
monitoring
OS Upgrade Motion
detectors
Security Guards Motion detectors Antiviruses Flashing
Lights
Antiviruses Check sums Vulnerability
mitigation
Security awareness
Training
Intrusion detection
Systems
Table 1: Summary of Types of Controls
Network Security Applications
DefensePro
DefensePro is an actual-time, trait-based threats mitigation gadget that safeguard the
organizations infrastructure against application and network slow time, data theft, software
vulnerability exploitation, network anomalies, malware distribution and other upcoming cyber-
threats. (Kizza, 2017).
Mitigation Service threats
Mitigation Service is completely controlled, composite solution conjoining always-on discovery
and alleviation with cloud-built volumetric DDoS threat coming up and ERT premium controlled
support. (Radia, 2016).
Cloud WAF Service
Cloud WAF Service supply enterprise-brand, constant flexible web program security, supplying
full inclusion of OWASP Top ten attacks and automatically adjust guardianship to upcoming
threats and safeguarded assets. (Kizza, 2017).
Conclusion
Keeping company’s system safe and protecting its data and information in the current business
world is taken to be very essential and important. Many companies including telecommunication
frim as are prioritizing system security controls. It is also critical and necessary to have security
experts who can develop, analyze and implement security procedures, guidelines, policies and
Recovery Controls
They are almost similar to corrective but in this case recovery controls try to restore the
normalcy of system functionality and resources like data, information and applications.
Examples include data backups, emergency key management, disaster recovery and many others.
(Gupta, Agrawal & Yamaguchi, 2016).
Preventive Detective Corrective Deterrent Recovery
Firewalls Antiviruses Back up data
restoral
Alarms Back up data
restoral
Intrusion prevention
systems
System
monitoring
OS Upgrade Motion
detectors
Security Guards Motion detectors Antiviruses Flashing
Lights
Antiviruses Check sums Vulnerability
mitigation
Security awareness
Training
Intrusion detection
Systems
Table 1: Summary of Types of Controls
Network Security Applications
DefensePro
DefensePro is an actual-time, trait-based threats mitigation gadget that safeguard the
organizations infrastructure against application and network slow time, data theft, software
vulnerability exploitation, network anomalies, malware distribution and other upcoming cyber-
threats. (Kizza, 2017).
Mitigation Service threats
Mitigation Service is completely controlled, composite solution conjoining always-on discovery
and alleviation with cloud-built volumetric DDoS threat coming up and ERT premium controlled
support. (Radia, 2016).
Cloud WAF Service
Cloud WAF Service supply enterprise-brand, constant flexible web program security, supplying
full inclusion of OWASP Top ten attacks and automatically adjust guardianship to upcoming
threats and safeguarded assets. (Kizza, 2017).
Conclusion
Keeping company’s system safe and protecting its data and information in the current business
world is taken to be very essential and important. Many companies including telecommunication
frim as are prioritizing system security controls. It is also critical and necessary to have security
experts who can develop, analyze and implement security procedures, guidelines, policies and
Running head: Professional Skills in Information Technology 10
measures. Without accurate, and up-to-date information businesses cannot work well or make
important decisions. This reason gives organizations to take information security as a very
important aspect to them. In addition, application safety is one of the most essential components
in carrying on a healthy business. As cyber threats rise in frequency, severity, and sophistication,
program and network security remedies require to meet and beat these changeful attacks.
Radware’s series of DDoS guardianship and Web program security contribution support
integrated network and application security remedies structured designed to safeguard
information and programs everywhere. It provides a multi-vector threat discovery and mitigation
remedies, managing network layer and server threats, malware procreation and interruption
activities. (Liang, Yuanmo, Hongtu, Yicheng, Fangming, & Jianfeng, 2014)
Information systems always under constant attacks from all corners like hacking, and tapping
into firm’s networks, denial of service attacks. Since the company holds very critical and private
data, it is its responsibility to ensure that such information is secured at all times. Organization’s
data centers should be physically secured apart from logically protecting it from imminent
attacks over the network and internet. For a business to operate efficiently, the data should
always be up to date and always available.
Information security have numerous advantages including: protecting data information,
computers and company’s network from unauthorized entry and access, integrating security
controls makes a company competitive in the market place, makes a company reputable and
gives it a good image, increases the confidence and decision abilities of management and
stakeholders, enhances easy recovery abilities in cases of disruption and ensure smooth flow of
company’s processes and activities among others. However, it has some disadvantages, for
example, because technology evolves and so does threats, therefore, information security
features must be upgraded frequently which makes the organization to incur extra costs, a system
can be vulnerable if its users fails to adhere to some security protocol, and use of many
passwords could slacken business operations.
Recommendation
My recommendation to the company include the following; install firewalls, up-to-date powerful
antiviruses, install intrusion prevention and detection mechanism, and perform regular data and
information backups to ensure that in case of any data loss they can quickly recover. Also
disaster recovery techniques should be put in place. The company should also consider acquiring
network application security such as DefensePro. This application ensures real time protection
from threats like network anomalies, network slow time, malwares and other upcoming internet
threats. It is also inbuilt with mechanisms that can prevent and detect attacks. Perform a risk
assessment to identify the impact and likelihood of threats and vulnerabilities to business
processes and goals.
The company should also ensure that an action plan has been developed the enhance cost
friendly controls and security infrastructure reduces threats. System administration should be
consistently performed. Re-evaluation, maintaining and monitoring of entire system security
procedures. Antiviruses and operating systems should be configured for scheduled updates.
measures. Without accurate, and up-to-date information businesses cannot work well or make
important decisions. This reason gives organizations to take information security as a very
important aspect to them. In addition, application safety is one of the most essential components
in carrying on a healthy business. As cyber threats rise in frequency, severity, and sophistication,
program and network security remedies require to meet and beat these changeful attacks.
Radware’s series of DDoS guardianship and Web program security contribution support
integrated network and application security remedies structured designed to safeguard
information and programs everywhere. It provides a multi-vector threat discovery and mitigation
remedies, managing network layer and server threats, malware procreation and interruption
activities. (Liang, Yuanmo, Hongtu, Yicheng, Fangming, & Jianfeng, 2014)
Information systems always under constant attacks from all corners like hacking, and tapping
into firm’s networks, denial of service attacks. Since the company holds very critical and private
data, it is its responsibility to ensure that such information is secured at all times. Organization’s
data centers should be physically secured apart from logically protecting it from imminent
attacks over the network and internet. For a business to operate efficiently, the data should
always be up to date and always available.
Information security have numerous advantages including: protecting data information,
computers and company’s network from unauthorized entry and access, integrating security
controls makes a company competitive in the market place, makes a company reputable and
gives it a good image, increases the confidence and decision abilities of management and
stakeholders, enhances easy recovery abilities in cases of disruption and ensure smooth flow of
company’s processes and activities among others. However, it has some disadvantages, for
example, because technology evolves and so does threats, therefore, information security
features must be upgraded frequently which makes the organization to incur extra costs, a system
can be vulnerable if its users fails to adhere to some security protocol, and use of many
passwords could slacken business operations.
Recommendation
My recommendation to the company include the following; install firewalls, up-to-date powerful
antiviruses, install intrusion prevention and detection mechanism, and perform regular data and
information backups to ensure that in case of any data loss they can quickly recover. Also
disaster recovery techniques should be put in place. The company should also consider acquiring
network application security such as DefensePro. This application ensures real time protection
from threats like network anomalies, network slow time, malwares and other upcoming internet
threats. It is also inbuilt with mechanisms that can prevent and detect attacks. Perform a risk
assessment to identify the impact and likelihood of threats and vulnerabilities to business
processes and goals.
The company should also ensure that an action plan has been developed the enhance cost
friendly controls and security infrastructure reduces threats. System administration should be
consistently performed. Re-evaluation, maintaining and monitoring of entire system security
procedures. Antiviruses and operating systems should be configured for scheduled updates.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: Professional Skills in Information Technology 11
Procedures for preventing, detecting, responding, and reporting should be implemented. Backup
procedure and guidelines should be developed, implemented and documented and employees
should be trained on these guidelines. Backup media should be stored on locations away from the
company and test them regularly to confirm their capacity to restore or bring back crucial
resources.
References
Cole, E. (2013). Network security bible. Hoboken, N.J: Wiley.
Gunnam, G., & Kumar, S. (2017). Do ICMP Security Attacks Have Same Impact on
Servers?. Journal of Information Security, 8, 274-283. doi: 10.4236/jis.2017.83018.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. Hershey: Information Science
Reference.
Kizza, J. M. (2017). Guide to computer network security.
Kumar, G. D., In Singh, M. K., & In Jayanthi, M. K. (2016). Network security attacks and
countermeasures.
Liang, H., Yuanmo. Z., Hongtu, L., Yicheng, Y., Fangming, W., & Jianfeng, C. (2014)
Challenges and Trends on Predicate Encryption—A Better Searchable Encryption in
Cloud. Journal of Communications, 9(12), 908-915. Doi: 10.12720/jcm.9.12.908-915
Mivule, K. (2017). Web Search Query Privacy, an End-User Perspective. Journal of Information
Security, 8, 56-74. http://dx.doi.org/10.4236/jis.2017.81005
Pubudu, K., Chris, P., & Sasith M. (2016). Cybersecurity: A Statistical Predictive Model for the
Expected Path Length. Journal of Information Security, 07,112-128.
doi: 10.4236/jis.2016.73008
Radia, P. (2016). Network Security: PRIVATE Communication in a PUBLIC World. Pearson
India.
Sasith M., Chris P., & Pubudu, K. K. (2016). Stochastic Modelling of Vulnerability Life Cycle
and Security Risk Evaluation. Journal of Information Security, 07, 269-279.
doi: 10.4236/jis.2016.74022
Stewart, J. M. (2014). Network security, firewalls, and VPNs, second edition. Burlington, MA:
Jones & Bartlett Learning.
Procedures for preventing, detecting, responding, and reporting should be implemented. Backup
procedure and guidelines should be developed, implemented and documented and employees
should be trained on these guidelines. Backup media should be stored on locations away from the
company and test them regularly to confirm their capacity to restore or bring back crucial
resources.
References
Cole, E. (2013). Network security bible. Hoboken, N.J: Wiley.
Gunnam, G., & Kumar, S. (2017). Do ICMP Security Attacks Have Same Impact on
Servers?. Journal of Information Security, 8, 274-283. doi: 10.4236/jis.2017.83018.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. Hershey: Information Science
Reference.
Kizza, J. M. (2017). Guide to computer network security.
Kumar, G. D., In Singh, M. K., & In Jayanthi, M. K. (2016). Network security attacks and
countermeasures.
Liang, H., Yuanmo. Z., Hongtu, L., Yicheng, Y., Fangming, W., & Jianfeng, C. (2014)
Challenges and Trends on Predicate Encryption—A Better Searchable Encryption in
Cloud. Journal of Communications, 9(12), 908-915. Doi: 10.12720/jcm.9.12.908-915
Mivule, K. (2017). Web Search Query Privacy, an End-User Perspective. Journal of Information
Security, 8, 56-74. http://dx.doi.org/10.4236/jis.2017.81005
Pubudu, K., Chris, P., & Sasith M. (2016). Cybersecurity: A Statistical Predictive Model for the
Expected Path Length. Journal of Information Security, 07,112-128.
doi: 10.4236/jis.2016.73008
Radia, P. (2016). Network Security: PRIVATE Communication in a PUBLIC World. Pearson
India.
Sasith M., Chris P., & Pubudu, K. K. (2016). Stochastic Modelling of Vulnerability Life Cycle
and Security Risk Evaluation. Journal of Information Security, 07, 269-279.
doi: 10.4236/jis.2016.74022
Stewart, J. M. (2014). Network security, firewalls, and VPNs, second edition. Burlington, MA:
Jones & Bartlett Learning.
Running head: Professional Skills in Information Technology 12
Subil, A. & Suku, H. (2014). Cyber Security Analytics: A Stochastic Model for Security
Quantification Using Absorbing Markov Chains. Journal of Communications, 9(12), 899-
907. Doi: 10.12720/jcm.9.12.899-907
Sundar, K., & Kumar, S. (2016). Blue Screen of Death Observed for Microsoft Windows Server
2012 R2 under DDoS Security Attack. Journal of Information Security, 7, 225-231.
doi: 10.4236/jis.2016.74018.
Talabis, M., & Martin, J. (2013). Information security risk assessment toolkit: Practical
assessments through data collection and data analysis. Amsterdam: Elsevier.
Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan
Kaufmann Publishers is an imprint of Elsevier.
Subil, A. & Suku, H. (2014). Cyber Security Analytics: A Stochastic Model for Security
Quantification Using Absorbing Markov Chains. Journal of Communications, 9(12), 899-
907. Doi: 10.12720/jcm.9.12.899-907
Sundar, K., & Kumar, S. (2016). Blue Screen of Death Observed for Microsoft Windows Server
2012 R2 under DDoS Security Attack. Journal of Information Security, 7, 225-231.
doi: 10.4236/jis.2016.74018.
Talabis, M., & Martin, J. (2013). Information security risk assessment toolkit: Practical
assessments through data collection and data analysis. Amsterdam: Elsevier.
Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan
Kaufmann Publishers is an imprint of Elsevier.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.