Saturday, December 7, 2019

Effective Security Management Butterworth -Myassignmenthelp.Com

Question: Discuss About The Effective Security Management Butterworth? Answer: Introduction The IT services can prove beneficial to any operations, it can flourish the business growth as well as the marketing share of the entire company. The cloud technology can add more benefits to their services. The report will, however, discuss the threats, vulnerabilities as well as the security features on diminishing those risks. Thus the IT services can give them the competitive edge and these factors will be broadly discussed in the report. Review in regards to the financial services The risks associated with the financial services must be assessed accordingly and should act upon it responsively. The systematic risks The systematic risks are typically those risks on which the individual and the organisation has no control. The risks that are associated with systematic risks are war, interest rates and the recession. All these risks generally take place due to the external factors and these factors can prove disastrous to any industry and o any enterprise to a greater extent (Wu Olson, 2015). The risks are divided into- market risk, purchasing risk, and the interest rate risk. No one has any clue for the following risk. The Unsystematic risks The unsystematic risks are the risks which are under control and can be diminished within time, the risks can be managed well by the employees and the executives and the managers of the company. The unsystematic risks are liquidity risk, operational risk and the financial risk (McNeil, Frey Embrechts, 2015). The effect is minimal compared to the systematic risks which are beyond control. Relevant risk The relevant risks are those risks that can be controlled, thus the unsystematic risks are considered as the relevant risks. The risks generally involve the regulatory risks, legal risk, solvency risk and the operational risk (Lam, 2014). These risks must be detected at first, then they should be assessed accordingly and lastly, they should be controlled. Strategic risk Aztek if not take a proper decision and this faulty decision and faulty strategy can lead to project failure and ultimately can lead to delay in project deadline. The project failure can lead to and reputation of the company (Chance Brooks, 2015). Thus it can affect the IT services severely. For this reason, a proper decision must be made, the right strategy can save a lot of money and protect the reputation of the enterprise. Market risk The price of the products if gets increased can affect any organisation adversely and Aztek is no exception. The market risk is correlated with the financial risk, market risk, equity risk and the interest rate risk (Chance Brooks, 2015). The market risks get aroused due to the abnormal price rise of the resources and the commodities. Credit risk The credit risk arouses if the lender gives money to the borrowers and borrowers fail to repay the loan somehow. The risks arise when the lender sends the money and borrowers fails to meet the expectation of the lender. In this case, the lender loses all the money and the interests along with it. All the countries' legal compliance is almost same and Australia should follow the compliance as well. This legal compliance can help them to run the business in well-secured manner and also fast (Bromiley et al., 2015). The external risks can prove a disastrous effect on the enterprise and can the threats and the risks can be augmented. The internal risks within the enterprise are- The transparent techniques and procedures follow through The communication procedure Aztek must adopt some advanced strategies to meet the goals of the company, should act proactively so that the companys projects can get executed with lesser risks and lesser hassles. The employees should take the approach to educate his employees as the employees if have the required knowledge to defend the threats and the vulnerabilities on the projects the company can be greatly furnished (Sadgrove, 2016). They too adept with the IT services they are desiring. The market shares of Aztek and the core business activities can furnish as a whole. Government regulations Australias federal body have applied rules and policies and every organisation must follow those rules to get the productivity benefits. Even Aztek can carry out their financial services in more proficient manner. They can also carry out business activities more ethically. Thus they should act energetically and must follow these rules (Sadgrove, 2016). The rules if followed can benefit them as well as their clients. The parameters that must be followed are- The rules and the policies must be revised thoroughly and only based on that they must take the best decisions that can help to gain the financial benefits as well as clients appraisal. They must look upon the policies as that can help them in conducting the business operations. The risks that have the possibility to incur must be assessed as soon as possible and based on that the financial risks must be assessed and properly mitigated timely otherwise the threats and the risks can spread their wings and can make a devastating effect (Bolton, Chen Wang, 2013). iii. Aztek must consider the best solutions possible that it can help them to run the business operations without any hassle, thus company's monitory losses can be checked, the reputation can be protected. Best practices Aztek must follow the best practices that can benefit them in the long run. The challenges that Aztek faced must be well noticed by Aztek and Aztek must discuss all the aspects of IT services with the investors and the stakeholders for the best possible outcome. The report showcases all the benefits of the IT services (Bolton, Chen Wang, 2013). Along with the benefits, they must focus on the security model via which they can get the maximum productivity. Review of project along with the current security measures The IT services that Aztek has planned to conduct are the installation of the application server, the proper management system of the desktop. Aztek also has planned to perform the network configuration as well. Aztek needs to consider the various parameters of the IT services and the risks associated with it as that can help them to conduct the business activities in the more flourished way (Ali, Warren, Mathiassen, 2017). There are various strategies that they have planned that help them in coming future. The stakeholders involve the The government agencies must work in collaborate manner and should work in related to the outsourcing of IT services The management team of Aztek iii. The staffs of Aztek The clients of Aztek The investors of Aztek Analysing threats, vulnerabilities and the final outcome Like every other organisation, Aztek should have an effective strategy to defend the threats, vulnerabilities of the enterprise and implement a security model so that they can effectively carry on their business activities in the agile and effective way. In this way Aztek can get the desired outcome they want, the productivity of the company can be greatly embellished due to the security model. The threat and the vulnerabilities removal can facilitate the entire Aztek and Aztek's clients. Aztek deals with clients of entire Australia, they deal with the financial activities too (Rittinghouse Ransome, 2016). Thus security is a great concern and they must be careful about the data as is those data got breached they can get into trouble. That is why they must assess the threats at first and then applying suitable solutions must remove the risks and the threats incurred. Aztek should know that the risks if not get mitigated in time can create havoc. The entire system and the database can get threatened by the malicious activities of the hacktivists. This can lead to a huge lot of money (Choo, 2014). This can affect their reputation to the utmost. Thus they must implement a security model to assure their enterprise core activities. They should also listen to the clients and should work as per demands. The Azteks security model is based on the below parameters- Strategies for detecting the objectives- To meet the objectives and goals proposed by the company, a security model must be configured as this secured model can save them from all kinds of vulnerabilities or loopholes of the system. The assessment of applications- Aztek must be choosy while choosing applications for their enterprise. The assessment of risks and thereafter choosing appropriate applications for the enterprise can assist them in procuring the goals they want. The business operations can be flourished to the utmost (Islam et al., 2016). The best effective plan can help them to ensure safety and security and at the same time can help them to enjoy the best IT services. The highlight of the features of the security objectives- Aztek conducts financial activities and their database contains all the financial data. Also, their database contains their clients' sensitive data and the information. These data can get breached if Aztek deals with the data inattentively (Choo, 2014). Thus they must act responsively and proactively and should deal with the data in fast and effective manner. The client's data must be safe all the time and it is the duty of the clients to look after that Identification of threats Phishing attacks- The phishing is one of the deadliest attacks from which the Aztek clients can suffer, the attackers can hack the Aztek's clients' database and can rob Aztek's clients' vital data. The attackers mainly copy one's website HTML code and make a similar website which is the original website's copycat, thus the attackers can make a fake website out of it and fools the Aztek's clients in a similar fashion (Albakri et al., 2014). Another type is sending spam emails and cheat the Azteks' clients. The innocent Aztek clients click on the link and surf the website and fall into the trap of attackers. Data Packet Sniffing- The attackers taking advantage of the insecure network can carry on their unscrupulous activities and in this case, the data flow through the insecure network got hijacked and in this case too there is a high chance that the sensitive credentials of the Azteks clients can get compromised. IP spoofing- IP spoofing must be added to the list as it provides the same disastrous effect (Albakri et al., 2014). The attackers basically hide in the background and carry on their unscrupulous activities, for this reason, Aztek fails to discover the source where the malicious activities are going on, the hacktivist take the advantage of this and prey on the Aztek's clients and make their life miserable. Port Scanning- This is another kind of threat of Aztek where the hacktivist can identify the services carrying on in the premises of Aztek. The port scanning methods let them know the services and the vulnerabilities residing within the services. Backdoors- The backdoors are created within the website during the development stage, the web developers for their advantage to see the code and regulate the code and to assess whether the website is executing properly or not (Sennewald Baillie, 2015). This backdoor can prove disastrous if the hacktivist takes advantage of it. Identification of vulnerabilities Predictable session identifiers- Base 64 usage can let the attackers recognise the session identifiers, they also reverse engineered the algorithms and modify it and carry on their malicious activities. Dependence on client-side validation- The browser history and settings of Aztek clients can get hijacked and thus, the privacy and security of the system of Aztek and the database of Aztek can get endangered. iii. SQL injection- Another noteworthy threat is SQL injection. The hackers can gain the credentials of the clients exploiting the account of the clients. Unauthorised execution of operations- The authentication can be severely violated due to the attack of the hacktivists and Aztek can face the disaster (Albakri et al., 2014). Cross-site scripting- The attackers purposefully rob the useful cookies form ones system browser and make the whole system vulnerable, they have the web development knowledge (Peltier, 2016). They have the knowledge and skills of scripting language, they have the knowledge of scripting language, they have the knowledge of CSS and HTML and they can use all their knowledge to exploit ones system. Issues related to uploading- The malware can prove disastrous to the Azteks clients. The attackers via XSS and the Trojans can expose Aztek client's system. vii. Issues related to logging out- The clients sometimes feel too lazy to log out of the system, the attackers can gain into the Aztek account via an insecure network and can rob the important data of the database, thus the clients' data can get breached (Sennewald Baillie, 2015). viii. Passwords- The clients sometimes set very easy predictable passwords for their system which can be guessable and thus the system becomes vulnerable to attack. The lazy approach from the clients can prove dangerous (Rittinghouse Ransome, 2016). The hackers via brute force method can gain access to the system and expose the vulnerabilities residing within the database and the system of Aztek. The unencrypted passwords- The clients unknowingly store passwords in their system as they tend to forget the password. The attackers attack the system via virus and malware and Trojan virus and acquire those files where the password is written. Also, the hackers search for the hidden files in the system where the password is saved in unencrypted form. Phishing attack- The phishing attack is another noteworthy mention which is a disastrous one, the hackers send spam emails to the clients of Aztek claiming that they are sending emails from Aztek (Almorsy et al., 2016). The clients can unknowingly enter those malicious sites and thus can lose confidentiality and lose all the credentials and can even lose all the sensitive data. The absence of account lockout- The account lockout absenteeism can lead to cybercrime attack. xii. Not showing the previous sessions- The innocent clients unknowingly can enter their personal information again and again and thus risks their own privacy. In this way by catering the username, password the clients can get into trouble and their confidential data can get breached (Ahmad Maynard, 2014). xiii. No appropriate settings for cookie security: The hackers can develop a channel for Aztek clients and the server and via this channel, the browser cookies get transmitted (Siponen Mahmood Pahnila, 2014). The hackers first exploit the system and gain access to those browser cookies and this way threats can spread all over Aztek. xiv. Weak cyphers- The hacktivist can crack the SSL key and gain into the system of Aztek's clients, they can even keep track of the data being transmitted through the network of Aztek's clients. Thus it can be a threat to both Aztek and Aztek's clients The management team of Aztek should take effective decision to mitigate the risks related to financing and the IT services. The executive should act in a proactive manner. They also should have sound knowledge on the security and the control measures via which the information security system can be greatly embellished. They must follow the federal body's rules and policies as that can give them the option to run the business activities more securely and ethically and effectively. They must take up the code of practice that is based on ISO strategy and they can gain huge benefits by this methodology (Chen et al., 2013). The risks residing within the Aztek premises can be checked to a greater extent with the help of this method. For this reason, they must adopt the control measures and should follow the guidelines effectively to make the required changes to enhance the quality of IT services. Aztek can enjoy the cloud technology and this can cater Aztek with the best services that they can get. The cloud technology can help them to communicate with the clients throughout day and night. Also, the cloud technology can make their business procedures fast and effective. However, they should be mindful of the problems related to cloud computing. All they need is fast bandwidth and fast and secure network connectivity to carry out their business activities (Sawik, 2013). The below factors must be considered while carrying out the business activities and they are- Issues which is related to integrity Company trust The transparency that to be followed by Aztek and third party outsourced companies Confidentiality Use of the features available for IT services Availability of the options The above factors suggest that Aztek must take up the effective decision strategy to carry out their business. The effective decision strategy can also help them to fight with the system and the database loopholes or vulnerabilities (Pascoal, 2012). The outsourced tasks can be largely benefitted due to the methodology and decision they adopted. For this reason, to get the maximum productivity and the advantages, Aztek must take up the effective service level agreement (Dotcenko, Vladyko Letenko, 2014). The approach can help them to overcome the barriers and can help them in the long run. Security measures to check the threats associated with Aztek Managing an accurate inventory of control system devices: Aztek should not allow their computer nodes to stay connected with any kind of wired or wireless network partly if gets connected to any sort of network partly then the hackers will get the opportunity to grasp over the insecure network (Kimwele, 2014). Therefore, Aztek must keep an eye on the system nodes whether they are connected as a whole and should check whether they are partly connected or not, otherwise via those loopholes the hackers can enter the system. Developing network boundaries: The network boundaries are there to assure security to the system and the database and to detect any defects within the security framework model (Fenz et al., 2014). These are the controls that are used to filter out the inbound and outbound traffic. The firewall is network boundary equipment and is used to check the malicious data flow and in this way, the network must be governed. iii. Using Secure Remote Access methods: Aztek should use the Virtual Private Network as they are known to cater the secure channel via which they can carry on their business operations. The Aztek clients can conduct all the financial activities in a safe and secure manner, they can also protect and safeguard their system due to this secure channel (Crossler et al., 2013). Aztek can safely use the printers and websites connecting to the Internet due to this secured channel. Establishment of role-based access controls: The clients should be given certain permission to use the database and system and that should not exceed. The employees should also be given the permission to access the database according to their job role. In this way, the hackers' entry can be checked to an extent. Thus Aztek can carry out their business activities in a secure manner (AlHogail et al., 2015). This initiative also let us know that the malicious activities of the hackers. Aztek can also utilize the logging capabilities and via this method, Aztek can enhance their security in their office premises. Use of strong passwords: The clients must act in a proactive manner while using the Aztek system. They must utilize a password which is not predictable, cannot be guessed easily and cannot be predicted so easily that is why the password which the clients set must contain at least one big case letter, one small-case letter and one symbol, and the password must be overall eight digits long. The password set by the clients cannot be anyones one place or anyones name (Bell, Ndje Lele, 2013). Thus setting a strong password they can assure safety and security of them and also Aztek, otherwise, the weak password can lead to vulnerabilities like hacking of one's personal data. Thus they all must be careful while choosing the password for their system. Installation of antivirus software: Aztek must not deny the positive effect of antivirus software. Aztek must choose antivirus software wisely otherwise there is a chance their vital data can get breached. They must know that the antivirus software is capable to defend that malicious software those try to enter the system. The system can get overall security due to the approach. They also should use the latest hardware, latest software and the latest operating system as this can help them to achieve the goals. They also must update their system and the database regularly along with that they must apply patches (Singh et al., 2013). Thus it will help them to carry out their business activities in agile and effective manner. The outdated software and hardware are threats to any system and Aztek is no exception so they must be careful. vii. Enforcing policies for mobile devices: The mobile devices must have an antivirus installed and along with that the clients must use a strong password for the system. This can save the sensitive information stored in the system by the installation of the aforesaid approach. viii. Cybersecurity: The cybersecurity plays an important role to fight with the hackers. The Aztek employees must know all the security measures as that will help them to carry out their business operations in safe and secure manner. Any hackers if want to gain entry to the system they can get to know the vulnerable attack and also about the vulnerable network (Singh et al., 2013). The cybersecurity team thus can educate the Aztek employees to conduct the business activities Involving executives: The executives can prove to be beneficial while identifying any cybersecurity risks erupt within the system; they can also help to connect to the stakeholders (Bell, Ndje Lele, 2013). The executives are aware of the cybersecurity threats thus can provide best solutions to the check the IT risks and also this effective decision can help them in the long run. Implement a disaster plan beforehand: A disaster management plan must be made as this can help to effectively run the business and to make best decisions, also the companys huge losses can be controlled (Bell, Ndje Lele, 2013). Like any other organisations, a disaster plan is an absolute necessity for Aztek too. Conclusion It can be concluded from the above discourse that they can get significant benefits if adopt the IT services and the cloud technology. The cloud technology can help them in their business in the long run. The cloud technology can assist to cater better IT services thus more productivity can be expected. This can also help them to build a healthy relationship with clients. However, they should be mindful of the risks, threats and the vulnerabilities in relation to IT services. Therefore, they must adopt the security framework model to secure the business process. They can abide by the policies to execute their business process ethically and effectively. The report has highlighted all these aspects in details. References Ahmad, A., Maynard, S. (2014). Teaching information security management: reflections and experiences.Information Management Computer Security,22(5), 513-536. Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., Ahmed, A. (2014). Security risk assessment framework for cloud computing environments.Security and Communication Networks,7(11), 2114-2124. AlHogail, A. (2015). Design and validation of information security culture framework.Computers in human behavior,49, 567-575. Ali, A., Warren, D., Mathiassen, L. (2017). Cloud-based business services innovation: A risk management model.International Journal of Information Management,37(6), 639-649. Almorsy, M., Grundy, J., Mller, I. (2016). An analysis of the cloud computing security problem.arXiv preprint arXiv:1609.01107. Bell, B. G., Ndje, Y. J., Lele, C. (2013). Information systems security management: optimized model for strategy, organization, operations.American Journal of Control Systems an Information Technology, (1), 22. Bolton, P., Chen, H., Wang, N. (2013). Market timing, investment, and risk management.Journal of Financial Economics,109(1), 40-62. Brender, N., Markov, I. (2013). Risk perception and risk management in cloud computing: Results from a case study of Swiss companies.International journal of information management,33(5), 726-733. Bromiley, P., McShane, M., Nair, A., Rustambekov, E. (2015). Enterprise risk management: Review, critique, and research directions.Long range planning,48(4), 265-276. Chance, D. M., Brooks, R. (2015).Introduction to derivatives and risk management. Cengage Learning. Chen, Z., Han, F., Cao, J., Jiang, X., Chen, S. (2013). Cloud computing-based forensic analysis for collaborative network security management system.Tsinghua science and technology,18(1), 40-50. Choo, K. K. R. (2014). A cloud security risk-management strategy.IEEE Cloud Computing,1(2), 52-56. Cremonini, M. (2016). Cloud Security Risk Management.Cloud Computing Security: Foundations and Challenges, 87. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013). Future directions for behavioral information security research.computers security,32, 90-101. Dotcenko, S., Vladyko, A., Letenko, I. (2014, February). A fuzzy logic-based information security management for software-defined networks. InAdvanced Communication Technology (ICACT), 2014 16th International Conference on(pp. 167-171). IEEE. Fenz, S., Heurix, J., Neubauer, T., Pechstein, F. (2014). Current challenges in information security risk management.Information Management Computer Security,22(5), 410-430. Goldstein, A., Frank, U. (2016). Components of a multi-perspective modeling method for designing and managing IT security systems.Information Systems and e-Business Management,14(1), 101-140. Islam, S., Fenz, S., Weippl, E., Kalloniatis, C. (2016). Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners.International Journal of Secure Software Engineering (IJSSE),7(3), 44-73. Kimwele, M. W. (2014). Information technology (IT) security in small and medium enterprises (SMEs). InInformation Systems for Small and Medium-sized Enterprises(pp. 47-64). Springer Berlin Heidelberg. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Latif, R., Abbas, H., Assar, S., Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. InFuture Information Technology(pp. 285-295). Springer, Berlin, Heidelberg. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security planning.Decision Support Systems,55(1), 156-164. Sennewald, C. A., Baillie, C. (2015).Effective security management. Butterworth-Heinemann. Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., Ojha, A. (2013). Information security management (ism) practices: Lessons from select cases from India and Germany.Global Journal of Flexible Systems Management,14(4), 225-239. Siponen, M., Mahmood, M. A., Pahnila, S. (2014). Employees adherence to information security policies: An exploratory field study.Information management,51(2), 217-224. Wu, D. D., Olson, D. L. (2015). Financial Risk Management. InEnterprise Risk Management in Finance(pp. 15-22). Palgrave Macmillan U

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.