Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Technical project paper information systems security

31/10/2020 Client: papadok01 Deadline: 12 Hours

Information System Security
Name

School

Information System Security
Introduction
In a networked organization, there are various kinds of threats that can affect the physical network. The attacks come in two forms; logical and physical attacks. The physical attacks to a network can be in form of natural hazards and hardware threats such as theft, fire, electric fault etc. Logical attacks are mainly the use of a software to attack a network example include the logical bomb, viruses, phishing, network sniffing and man in the middle. For example to mitigate the theft, the following can be employed by an organization; all the doors must remain closed with only authorized personnel to be allowed access, ensure electronic control to rooms, there should be security personnel to monitor the activities in the computer room. In summary the hardware threats involves the physical damage of computer components such as the routers, switches and servers (Tipton & Tipton, 2012).

Physical threats

Most of the physical threats have been outlined above, physical threats can be classified as follows;

Internal: internal threats may come from fire, electric fault, unstable fire supply, a lot of humidity and improper housing.
External: external threats come from outside the organization. Might include floods and lightening.
Human: human threats include vandalism of physical computers and other hardware
Natural disaster

Humans cannot regulate the disasters that happen in the world. The disasters pose a big threat to property and security. The most common disasters include flood and fire.

System failure
System failure can be as a result of poor components used in the servers and other systems. This can cause a failure and, therefore, a threat to the security of a system.
[G1] [G2] [G3]

Vandalism
Thieves can come and steal the whole computer from your store and make a[G4] way with all the required data[G5]

Act of Terrorism
Terrorism attack can create a physical loss to the computers and data.

Logical threats
The logical threat can be through network phishing, the man in the middle, and many others detailed below.
[G6]

Man in the middle
The man in the middle attack happens when the person keeps a connection between the two communicating channels. The assumption is t[G7] he two communication agents is that they communicate but in reality there is a person who might be altering the messages as they pass through the communication channel.
Social engineering[G8]

A social engineering is using human weakness and trust to hack a network or technology protocols. Users generally trust each other and this weakness can be described as phishing. This kind of attack can be prevented through training of the personnel on this type of attacks and their remedy that can be employed in the attacks.
Virus

A computer virus is a program that infects a computer and affects the way the computer carries out its tasks. The computer virus attack can be mitigated using a strong antivirus software that will either neutralize the virus or delete the virus. There are many companies producing the antivirus software, for example, the Avira, Esset Antivirus, AVG and others.
[G9] [G10]

Packet sniffing

An attacker can carry out a protocol analyzer to launch an attack. This is called packet sniffing. Using sniffing the attacker can gather a lot of information on the network such as un-encrypted network passwords, IP addresses using intelligent software that sniffs data. This packet analyzer can be placed using a trusted insider who can then use vulnerabilities to attack the network. This type of attack can be prevented using a strong physical control and a working password policy. Training, in this case, is also important for the employees to know this kind of attack [G11] [G12] [G13] and prevent any chance this type of attack occurring. [G14]

FTP bounce
This kind of attack uses the port command to indirectly attack the target. Once inside the targeted network, the attacker can carry out the attack. This can be prevented by turning off file sharing features in windows.

Security controls for logical threats

Some of the security controls that can be used to mitigate the physical measures have been highlighted above. Though other measures that can be used in the control system include the following;

Training and awareness
Training is the most cost effective and formal way of doing business. Training on the practices to mitigate the physical attacks. It is the best way to make users from mistakes that can lead to phishing and insider attacks.
[G15] [G16]

Policies and procedures
The security procedures must be outlined in order to outline clearly what procedures are required for the organization to remain secure. The users must agree and sign a form in order to continue having access to the computers.

Locking down the server rooms.
Locking up the server rooms ensures nobody gets into the server room. This help in mitigating the threats from unlocked doors. People assigned the rooms must be answerable.
[G17] [G18] [G19]
Set up surveillance
After locking the server room, surveillance is a good idea. If someone could break into the server room, it is likely that he will get caught by the camera. The camera should be placed in a location which make it difficult to operate and even to notice. Also, make sure the main [G20] [G21] server room looks the most valuable items in the server rooms.
[G22] [G23] [G24] [G25]

External contractor
The company can decide to use an external contractor to undertake the security of the information system. This makes the company not liable for its security and makes the company major on its main products.
[G26] [G27]

Authorized Local Network Devices
Access to the Ensure that the only devices connected to the organization’s network are those items provided by the organization. Right from USB used by the employees to the personal laptops, the owners should ensure the devices are free of malware

Operating System Patching/Updating
Updating operating system regularly will help in handling patches. Patching policies should specify the system's that would be vulnerable to attacks and the patches should be monitored.
[G28] [G29]

Operating System Hardening
The hardening of the operating system should improve the ability of the attackers infeasible. There are various hardening techniques that can be employed and these are available from the National Institute of Standards and Technology and American Center for information technology.

Anti-Virus Updating
As the new virus definition come every day, the antivirus definition would continue in the same manner. All users should ensure their PC’s are up to date with the antivirus definition new viruses are discovered every day. To protect the PC further, the organization should monitor the antivirus logs in order to detect any failed update.
[G30]

Change Control Process
Whenever a new person comes into the company, there should be a change control to implement the security control as well. Old passwords should be handed over to the new management and discarded.

Host-based Firewall
Host-based firewalls should run in all computers and laptops assigned to all employees. Apart from the host employees, the firewalls have hashed [G31] algorithms that identify applications such as Trojan Horse.

Send Encrypted Emails;
Only encrypted emails should be sent from the server. Any sensitive data should have a proper email address.

Safe browsing habits
Only official websites should be visited. Adult content should be restricted. Employees should follow organization’s laid down procedures (Hintzbergen, 2010). The prohibited should be clearly checked against the non-prohibited activities. Password protect all devices; all devices should have password protection. Be it smartphone or laptop, all the devices will have to be password protected to avoid being used by untrusted people who might breach security measures.

Sensitive data should be stored on encrypted drives. The drives should be encrypted or have a built-in encryption. The encrypted files will protect the data over the network[G32] .

Strategies for addressing physical threats
If the risk of a physical attack occurs, there is the need for addressing the risk, the risk can either be accepted, ignored or avoided. If only a few systems are affected by the risk, the technician available should physically disconnect the devices. And configure the new connection once more. [G33] The following will need to be focused on; format hard drive and backup any data that may be required; rebuild the system from the ground-up, restore the system to the network and change all administrative passwords of the infected files. Once an operating system is in place, apply the necessary security patches and see if any machine could be having a problem, as a result, change the network passwords and notify other security teams on the occurrence.
[G34] [G35]

Strategies for handling logical threats
The following can be used to prevent the occurrence of the logical risks;

Use of Proxy Servers and filters.
Implementation of the outbound application layer of the proxy servers prevents users from being directed to malicious sites (Roessing, 2010). This implements outbound web servers; as the only computer to connect to the outside networks.

Email Attachment Filtering
Filtering of email attachment ensures that only accepted files are attached to the emails. This will greatly reduce the chances of a computer program that might pose a threat to the computers in the network (Tipton, 2008).

Monitor Logs
The administrators should monitor the logs of the internet users. If the DNS server is monitor[G36] ed, there is a chance of an infection being found before the risk occurs. The following techniques can be employed in monitoring of the DNS server for malicious attack;[G37]

SMTP attempts on connections other than from the SMTP mail gateway;
Excessive scanning on TCP ports 445
Excessive traffic from internal systems.
Excessive traffic from individual or a group of internal systems

Conclusion

The essence of security cannot be taken lightly in an organization. Security measures; both pre-emptive and preventive should be put into place to ensure the data integrity is safeguarded. Both logical and physical security are all important in the information security set-up and both must have mitigation procedures and how to handle the impact should such a risk occur. Different companies develop security policies which must be adhered to in order to make the system secure and employees be made familiar of such procedures (Stefanek, 2002).

References
Hintzbergen, J., Hintzbergen, K., & Smulders, A. (2010). Foundations of Information Security. Zaltbommel: Van Haren Pub.

Roessing, R. (2010). The business model for information security. Rolling Meadows, IL: ISACA.

Stefanek, G. (2002). Information security best practices. Boston [Mass.]: Butterworth-Heinemann.

Tipton, H. (2008). Information Security Management Handbook. Hoboken: Taylor & Francis Ltd.

Tipton, H., & Tipton, H. (2012). Information security management handbook. Boca Raton [u.a.]: CRC Press.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Instant Assignments
Financial Hub
Finance Homework Help
Custom Coursework Service
Writer Writer Name Offer Chat
Instant Assignments

ONLINE

Instant Assignments

Good day dear client, I am a full-time freelance writer with years of experience. My strongest strengths are strong dedication to duty, reliability, quality and excellence. I am going to do an outstanding job for you, kindly PM me and let us commence. Thank you so much in anticipation of your positive response. Thank you very much.

$55 Chat With Writer
Financial Hub

ONLINE

Financial Hub

Hey, I have gone through your job posting and become very much interested in working with you.I can deliver professional content as per your requirements. I am a multi-skilled person with sound proficiency in the English language for being a native writer who worked on several similar projects of content writing and can deliver quality content to tight deadlines. I am available for both online and offline writing jobs with the promise of offering an incredibly responsive and supreme level of customer service. Thanks!

$55 Chat With Writer
Finance Homework Help

ONLINE

Finance Homework Help

I have a Master’s degree and experience of more than 5 years in this industry, I have worked on several similar projects of Research writing, Academic writing & Business writing and can deliver A+ quality writing even to Short Deadlines. I have successfully completed more than 2100+ projects on different websites for respective clients. I can generally write 10-15 pages daily. I am interested to hear more about the project and about the subject matter of the writing. I will deliver Premium quality work without Plagiarism at less price and time. Get quality work by awarding this project to me, I look forward to getting started for you as soon as possible. Thanks!

$55 Chat With Writer
Custom Coursework Service

ONLINE

Custom Coursework Service

Hey, Hope you are doing great :) I have read your project description. I am a high qualified writer. I will surely assist you in writing paper in which i will be explaining and analyzing the formulation and implementation of the strategy of Nestle. I will cover all the points which you have mentioned in your project details. I have a clear idea of what you are looking for. The work will be done according to your expectations. I will provide you Turnitin report as well to check the similarity. I am familiar with APA, MLA, Harvard, Chicago and Turabian referencing styles. I have more than 5 years’ experience in technical and academic writing. Please message me to discuss further details. I will be glad to assist you out.

$55 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Werner ladder instructions - Franklin and higginbotham from slavery to freedom pdf - English - Policy/Regulation Fact Sheet - Kmno4 and feso4 titration - Should a firm invest in projects with npv $0 - Symbolism of storms in literature - What are suvat equations - Fulminated mercury with a little tweak of chemistry - Homeless bird chapter 8 summary - Zf s5 39 transmission - George harrison's autobiography crossword clue - Nutanix xtreme computing platform - Aubin grove train station - Jakemans cough sweets sainsbury's - Does a weak entity need a partial key - How to solder resistors together - Separating iron filings salt and sand - Elektra products inc case for critical analysis - Powder by tobias wolff guided reading answers - How many strings of eight uppercase english letters are there - Logbook format for laboratory - Appropriate interventions for self harm - Physical and chemical changes worksheet 8th grade answers - T7-DQ1 Organizational Structure Discussion Post - Stanley macadam pty ltd - Sentencing Discrepancy - Mark 8 manifoil lock - Marketing grewal 1e - Freckles daycare tweed heads - Christmas tree replacement hinge pins - Team dynamics summary soc 110 - Lifelong learning in medicine and nursing - WEEK 2 DISCUSSION - What is pearl's traumatic experience - Central limit theorem ti 83 - Data Science and Big Data - Ben weiss fractal app - How does a colorimeter work - Tina jones musculoskeletal - ALGORITHMS AND COMPLEXITY - English for further study - What does daforest stand for - POWER POINT - What is a production cost report - Operational - Article Critique - Kmtc line vessel schedule point to point - What does kinder bueno mean in english - Dr laurel young rheumatologist redcliffe - Carrefour in asia case analysis - Distance vector routing algorithm in c - Telstra prepaid mobile broadband plus - Travelrite seniors tours 2021 - Springboard english grade 9 answer key - Ni usb 6212 pinout - Magnesium reacts with silver nitrate solution - Week 1 Art Discussion - Opposites attract and likes repel - Coping strategies for graduate nurses - Article reflection - Racv emergency roadside assistance - Collision theory of reaction rates - Week 6 Discussion 1 Reflecting on Your Coursework - Paper writing - 80 96 in simplest form - An urn contains n white and m black balls - Picking out a Capstone Project Writing Service - Lamar swimwear comprehensive problem - Don t panic end poverty summary - Chris langan 1 vs 100 - A world history in 6 glasses sparknotes - Cranial release technique practitioners - Air force nurse officer - Pat maths 4th edition test 4 - The moral side of murder - Wireshark lab dns v7 0 solution - MGT312T Week 2 Discussion - 5 pages Analysis Of Poverty And Crime - Mitel 5330 feature codes - Catch 22 character map - Maxwell boltzmann distribution catalyst - Methods for managing conflict army - Single moms ministry ideas - 34.62 ml of 0.1510 m - Thomas hill green might agree with which of the following? - Saxophone woodwind family instruments - General liman von sanders - Riverbed modeler academic edition 17.5 license - Viavi onx 620 manual - Job duty task analysis - D addario string tension chart - Business of Sport - Where is gerber baby food made - Senior year memory book - Research paper Emerging Threats - What is the difference between football and basketball - De montfort hall parking - Becoming nicole chapter 1 summary sparknotes - Journal Entry