Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Technical project paper information systems security

31/10/2020 Client: papadok01 Deadline: 12 Hours

Information System Security
Name

School

Information System Security
Introduction
In a networked organization, there are various kinds of threats that can affect the physical network. The attacks come in two forms; logical and physical attacks. The physical attacks to a network can be in form of natural hazards and hardware threats such as theft, fire, electric fault etc. Logical attacks are mainly the use of a software to attack a network example include the logical bomb, viruses, phishing, network sniffing and man in the middle. For example to mitigate the theft, the following can be employed by an organization; all the doors must remain closed with only authorized personnel to be allowed access, ensure electronic control to rooms, there should be security personnel to monitor the activities in the computer room. In summary the hardware threats involves the physical damage of computer components such as the routers, switches and servers (Tipton & Tipton, 2012).

Physical threats

Most of the physical threats have been outlined above, physical threats can be classified as follows;

Internal: internal threats may come from fire, electric fault, unstable fire supply, a lot of humidity and improper housing.
External: external threats come from outside the organization. Might include floods and lightening.
Human: human threats include vandalism of physical computers and other hardware
Natural disaster

Humans cannot regulate the disasters that happen in the world. The disasters pose a big threat to property and security. The most common disasters include flood and fire.

System failure
System failure can be as a result of poor components used in the servers and other systems. This can cause a failure and, therefore, a threat to the security of a system.
[G1] [G2] [G3]

Vandalism
Thieves can come and steal the whole computer from your store and make a[G4] way with all the required data[G5]

Act of Terrorism
Terrorism attack can create a physical loss to the computers and data.

Logical threats
The logical threat can be through network phishing, the man in the middle, and many others detailed below.
[G6]

Man in the middle
The man in the middle attack happens when the person keeps a connection between the two communicating channels. The assumption is t[G7] he two communication agents is that they communicate but in reality there is a person who might be altering the messages as they pass through the communication channel.
Social engineering[G8]

A social engineering is using human weakness and trust to hack a network or technology protocols. Users generally trust each other and this weakness can be described as phishing. This kind of attack can be prevented through training of the personnel on this type of attacks and their remedy that can be employed in the attacks.
Virus

A computer virus is a program that infects a computer and affects the way the computer carries out its tasks. The computer virus attack can be mitigated using a strong antivirus software that will either neutralize the virus or delete the virus. There are many companies producing the antivirus software, for example, the Avira, Esset Antivirus, AVG and others.
[G9] [G10]

Packet sniffing

An attacker can carry out a protocol analyzer to launch an attack. This is called packet sniffing. Using sniffing the attacker can gather a lot of information on the network such as un-encrypted network passwords, IP addresses using intelligent software that sniffs data. This packet analyzer can be placed using a trusted insider who can then use vulnerabilities to attack the network. This type of attack can be prevented using a strong physical control and a working password policy. Training, in this case, is also important for the employees to know this kind of attack [G11] [G12] [G13] and prevent any chance this type of attack occurring. [G14]

FTP bounce
This kind of attack uses the port command to indirectly attack the target. Once inside the targeted network, the attacker can carry out the attack. This can be prevented by turning off file sharing features in windows.

Security controls for logical threats

Some of the security controls that can be used to mitigate the physical measures have been highlighted above. Though other measures that can be used in the control system include the following;

Training and awareness
Training is the most cost effective and formal way of doing business. Training on the practices to mitigate the physical attacks. It is the best way to make users from mistakes that can lead to phishing and insider attacks.
[G15] [G16]

Policies and procedures
The security procedures must be outlined in order to outline clearly what procedures are required for the organization to remain secure. The users must agree and sign a form in order to continue having access to the computers.

Locking down the server rooms.
Locking up the server rooms ensures nobody gets into the server room. This help in mitigating the threats from unlocked doors. People assigned the rooms must be answerable.
[G17] [G18] [G19]
Set up surveillance
After locking the server room, surveillance is a good idea. If someone could break into the server room, it is likely that he will get caught by the camera. The camera should be placed in a location which make it difficult to operate and even to notice. Also, make sure the main [G20] [G21] server room looks the most valuable items in the server rooms.
[G22] [G23] [G24] [G25]

External contractor
The company can decide to use an external contractor to undertake the security of the information system. This makes the company not liable for its security and makes the company major on its main products.
[G26] [G27]

Authorized Local Network Devices
Access to the Ensure that the only devices connected to the organization’s network are those items provided by the organization. Right from USB used by the employees to the personal laptops, the owners should ensure the devices are free of malware

Operating System Patching/Updating
Updating operating system regularly will help in handling patches. Patching policies should specify the system's that would be vulnerable to attacks and the patches should be monitored.
[G28] [G29]

Operating System Hardening
The hardening of the operating system should improve the ability of the attackers infeasible. There are various hardening techniques that can be employed and these are available from the National Institute of Standards and Technology and American Center for information technology.

Anti-Virus Updating
As the new virus definition come every day, the antivirus definition would continue in the same manner. All users should ensure their PC’s are up to date with the antivirus definition new viruses are discovered every day. To protect the PC further, the organization should monitor the antivirus logs in order to detect any failed update.
[G30]

Change Control Process
Whenever a new person comes into the company, there should be a change control to implement the security control as well. Old passwords should be handed over to the new management and discarded.

Host-based Firewall
Host-based firewalls should run in all computers and laptops assigned to all employees. Apart from the host employees, the firewalls have hashed [G31] algorithms that identify applications such as Trojan Horse.

Send Encrypted Emails;
Only encrypted emails should be sent from the server. Any sensitive data should have a proper email address.

Safe browsing habits
Only official websites should be visited. Adult content should be restricted. Employees should follow organization’s laid down procedures (Hintzbergen, 2010). The prohibited should be clearly checked against the non-prohibited activities. Password protect all devices; all devices should have password protection. Be it smartphone or laptop, all the devices will have to be password protected to avoid being used by untrusted people who might breach security measures.

Sensitive data should be stored on encrypted drives. The drives should be encrypted or have a built-in encryption. The encrypted files will protect the data over the network[G32] .

Strategies for addressing physical threats
If the risk of a physical attack occurs, there is the need for addressing the risk, the risk can either be accepted, ignored or avoided. If only a few systems are affected by the risk, the technician available should physically disconnect the devices. And configure the new connection once more. [G33] The following will need to be focused on; format hard drive and backup any data that may be required; rebuild the system from the ground-up, restore the system to the network and change all administrative passwords of the infected files. Once an operating system is in place, apply the necessary security patches and see if any machine could be having a problem, as a result, change the network passwords and notify other security teams on the occurrence.
[G34] [G35]

Strategies for handling logical threats
The following can be used to prevent the occurrence of the logical risks;

Use of Proxy Servers and filters.
Implementation of the outbound application layer of the proxy servers prevents users from being directed to malicious sites (Roessing, 2010). This implements outbound web servers; as the only computer to connect to the outside networks.

Email Attachment Filtering
Filtering of email attachment ensures that only accepted files are attached to the emails. This will greatly reduce the chances of a computer program that might pose a threat to the computers in the network (Tipton, 2008).

Monitor Logs
The administrators should monitor the logs of the internet users. If the DNS server is monitor[G36] ed, there is a chance of an infection being found before the risk occurs. The following techniques can be employed in monitoring of the DNS server for malicious attack;[G37]

SMTP attempts on connections other than from the SMTP mail gateway;
Excessive scanning on TCP ports 445
Excessive traffic from internal systems.
Excessive traffic from individual or a group of internal systems

Conclusion

The essence of security cannot be taken lightly in an organization. Security measures; both pre-emptive and preventive should be put into place to ensure the data integrity is safeguarded. Both logical and physical security are all important in the information security set-up and both must have mitigation procedures and how to handle the impact should such a risk occur. Different companies develop security policies which must be adhered to in order to make the system secure and employees be made familiar of such procedures (Stefanek, 2002).

References
Hintzbergen, J., Hintzbergen, K., & Smulders, A. (2010). Foundations of Information Security. Zaltbommel: Van Haren Pub.

Roessing, R. (2010). The business model for information security. Rolling Meadows, IL: ISACA.

Stefanek, G. (2002). Information security best practices. Boston [Mass.]: Butterworth-Heinemann.

Tipton, H. (2008). Information Security Management Handbook. Hoboken: Taylor & Francis Ltd.

Tipton, H., & Tipton, H. (2012). Information security management handbook. Boca Raton [u.a.]: CRC Press.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Instant Assignments
Financial Hub
Finance Homework Help
Custom Coursework Service
Writer Writer Name Offer Chat
Instant Assignments

ONLINE

Instant Assignments

Good day dear client, I am a full-time freelance writer with years of experience. My strongest strengths are strong dedication to duty, reliability, quality and excellence. I am going to do an outstanding job for you, kindly PM me and let us commence. Thank you so much in anticipation of your positive response. Thank you very much.

$55 Chat With Writer
Financial Hub

ONLINE

Financial Hub

Hey, I have gone through your job posting and become very much interested in working with you.I can deliver professional content as per your requirements. I am a multi-skilled person with sound proficiency in the English language for being a native writer who worked on several similar projects of content writing and can deliver quality content to tight deadlines. I am available for both online and offline writing jobs with the promise of offering an incredibly responsive and supreme level of customer service. Thanks!

$55 Chat With Writer
Finance Homework Help

ONLINE

Finance Homework Help

I have a Master’s degree and experience of more than 5 years in this industry, I have worked on several similar projects of Research writing, Academic writing & Business writing and can deliver A+ quality writing even to Short Deadlines. I have successfully completed more than 2100+ projects on different websites for respective clients. I can generally write 10-15 pages daily. I am interested to hear more about the project and about the subject matter of the writing. I will deliver Premium quality work without Plagiarism at less price and time. Get quality work by awarding this project to me, I look forward to getting started for you as soon as possible. Thanks!

$55 Chat With Writer
Custom Coursework Service

ONLINE

Custom Coursework Service

Hey, Hope you are doing great :) I have read your project description. I am a high qualified writer. I will surely assist you in writing paper in which i will be explaining and analyzing the formulation and implementation of the strategy of Nestle. I will cover all the points which you have mentioned in your project details. I have a clear idea of what you are looking for. The work will be done according to your expectations. I will provide you Turnitin report as well to check the similarity. I am familiar with APA, MLA, Harvard, Chicago and Turabian referencing styles. I have more than 5 years’ experience in technical and academic writing. Please message me to discuss further details. I will be glad to assist you out.

$55 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Runway threshold markings width - Death of a salesman questions and answers - Chase bank watchung plaza nj - Carriage in lathe machine - Need by Monday - What is the fundamental challenge of dashboard design? - Ned kelly death cause - 21 why is jem so upset about the knothole - Scope of Practice and Patient’s Healthcare Accessibility - Ashtabula clerk of courts - In my craft or sullen art analysis - Air france annual report - Amazon com inc retailing giant to high tech player - DAta mining week 2 assignment - Long island head start - How much do teacher aides get paid qld - Exercise physiology major deakin - Criminal Law 2 page essay - Autonomic reflex arc example - Pa state police southwest training center - Dr zhen rong siow - Athlean x max size results - Shark bite hydraulic press - Retribution, deterrence, punishment - Information systems used daily - The mask you live in questions - 11 in roman numerals - You own a stock portfolio invested percent - Dna restriction enzyme simulation answers - Powered by rovi passport guide 6.0 - Crohn's disease case study - Empowering leadership and effective collaboration - Wk3/dis/reply/cf - Speaking Assignment - How do uniforms help students academically - Assignment - Why is my printer in error state canon - Which of the following can lead to partial dependencies - Celf 5 record form 2 - Shear over comb technique - I m not scared themes - Walden university georgia - Excel qm in excel 2016 - Secret life of the brain the baby's brain - Apply moderate effect smartart style powerpoint - Week 3 Discussion - Chart of roman numerals - 1.5 kw electric motor - Although appealing to more refined tastes - Homework Question - 125 nine mile road tynong - Federal safeguards for financial managers - Marketing excellence nike case study solution - Persuasive speech on sleep - Pro quip platinum diesel jerry can - Tic tac toe android source code download - Occupational psychology stage 2 - Bill gates leadership style - Supplies balance sheet or income statement - Dublin city council planning applications - 4/47 roslyn st brighton - After reading the introduction from Imagined Communities and watching/reading "La Marseillaise", respond to the following question in a paragraph or two (a double-spaced page or less) - Building certifier moreton bay - Micrologic 6.0 e manual - Is c6h12o6 a strong electrolyte - Ethics of Journalism - Factor completely 2x2 28x 98 - Web server plugin for websphere application server - Presented below is the adjusted trial balance of kelly corporation - Abstract - Data-driven decision making - What is 0.4 is 10 times as much as - Choo choo ch boogie form - Quiznos mission statement - Half wave rectifier experiment discussion - Icandy apple 2 pear seat unit age - Siprotec 5 application notes - Why information system is vulnerable - The ecuadorian rose industry case study answers - Hot fm radio toowoomba - A6 dimensions in inches - Ahima data quality management model - Tim van der steene - Watch blue gold world water wars - Week 5 socioautobiography audio powerpoint - Qantas brand values - E safety powerpoint presentation - Monotype corsiva history - From gene to protein transcription and translation lab answers - How could you detect the presence of the so42 ion - Generative questions for boards - Power supply polarity symbol - Formal and informal learning environment - Agriculture machine with name and uses - Which of the following is a "focusing step" of dr. eli goldratt's theory of constraints? - 2 14 alluring court jimboomba - Crane lifting crane falls in water - Merck and co case study - Overall financial attractiveness of the proposed venture - The keeper of the bees 1925 first edition