IS Security And Risk Management: TechnologyOne Essay

Question:

Discuss about the IS Security and Risk Management for TechnologyOne.

Answer:

Introduction

The TechnologyOne is one of the most advanced and the well-known organisation in the Australia which is providing software and the Information security support to the staffs and the customers. The information system of the organisation is used extensively in its business and internal operations infrastructure. The information system of the organization includes database server where various secure information and data like employee data, customer data and personal information, business strategies, analytics reports and others. The data is used by the organisation for the purpose of the analysis and hence trying providing better experience to the stakeholders.

This report is used to analyze the main threats and the risks that are associated with the organisation information security standards and how the organisation over comes the same. Further, the report also focuses on common network vulnerabilities and how the organisation can use different network settings and devices to ensure proper network security. Information about the redundancy and fault tolerance, and approaches that the organisation can use for elimination the error from the system of the organisation. Information about the network security devices that can help the organisation in managing and migrating any of the risk is discussed in the paper further. Additionally, various types of the threats and the types of the malware that can affect the normal working of the organisation are also discussed in the report.

Common malwares

Malware is a type of malicious software that is hostile for the computer system, which includes the computer viruses, Trojan horses, ransom wares, spywares and others. Malware is the sort form or the umbrella term f-or the malicious software. Malwares have the ability to infect an entire information system and cause serious damage to the data and files contained inside the server. Malware are the types of the programs that is designed in such a way that it can block the users of a system or a server from accessing the system or copy files from the system without the approval from thee users or inject some malicious files that may harm the system (Saeed, Selamat and Abuagoub 2013). Some of the common types of the malwares that can harm any of the systems in the organisation are

  • Adware- This are the types of the malware that when any system provide different kind of adds continuously and hence irritate the user. The examples of adware consist of pop-up ads on the websites as well as advertisements displayed by software. In addition, software as well as applications offer free versions that come bundled with adware like 7search, A.Kaytri and Aartemis Search.
  • Bot- This is a kind of program that is designed for the purpose of entering any system any system for injecting something other.Conficker is one of the tricky things to predict. It is a threat that seems, surface, advanced, and ends up mounting an overwhelming attack.
  • Ransom ware- This blocks the servers of and asks for money in exchange of unblocking the systems. NotPetya is one of the examples of ransom ware that started as a fake Ukranian tax software update and infect several computers.
  • Spyware- The programs steals information from the system of the servers and pass it to hackers(Kim and Kim 2015). CoolWebSearch is one of the spyware that may hijack web searches, home page as well as internet explorer setting.

Network Types

A network is defined as a system that is commonly used to connect various computers and peripheral devices using the internet services. The connections are not only from the computers but also from the printers, or the fax machines among the others (Ahmed and Kanhere 2013). Some of the very common network devises that are used by the organisation for the purpose of the daily work are

  • Hub- The hub is the central point of the network to which all other systems of organization are connected (Thakur 2015). The purpose of the hub is to control the data types known as the frames. When a hub receives a frame it amplifies it and forwards it to the destination port.
  • Switch- A MAC Bridge which is commonly known as the switch helps in the connection of the network devises (Tan Li and Dong 2016). Multiple cables are connected to the switch that controls the entry and exit of data as per user requirements.
  • Router- A router is a device that acts like an amplifier. It receives data packets from a single connection and forwards it to the devices connected. One of the common example of this is the WI-FI router, the device collects the data from the LAN cables and forwards it as Wi-Fi signals to the devises that are connected.

Windows Server 2012 and reliability of web services

Windows Servers are the most powerful versions of desktop OS & are designed to handle corporate networking, Internet Hosting, Databases, and Enterprise-Scale Messaging more efficiently. Windows Server 2012 is the latest version of Windows Server, formerly codenamed as Windows Server 8. Windows Server improvise overall upgrades in cloud computing & Cloud Storage Infrastructure. In addition to this, it should be noted that the widows server 2012 is a dedicated server and also the server performs various services such as hosting the web the services. Dedicated Server is a server hosting service exclusively owned by a single owner. Window Dedicated Server is the server operating system owned and released by Microsoft, the original owners of Windows operating system. Window Dedicated server supports Microsoft web development tools as no other server can support. Web development tools like Front page or Visual Interdev. are supported only by a Window server. Window dedicated server supports Microsoft share point services that is very important for sharing communication and information. Share point is an information sharing platform developed by Microsoft that can only be run on a Window dedicated server with a Window operating system. Hence the web services provided by the Windows Server 2012 are very reliable and the availability of the web services are also provided by these servers. Hence, the organizations should keep in mind that the servers are maintained properly and the services are updated regularly. This would keep up with the reliability and the availability of the servers. The organizations should also ensure that the data of the servers are backed up regularly and also data restore policies are well defined and the staffs should be well aware of the policies that would keep up with the reliability of the servers.

Exchange servers

The Microsoft exchange server is a software that is developed by the Microsoft for the purpose of exchanging mails, and calendaring servers. The servers requires the original Microsoft platforms for running the software (Elfassy2013 ). The exchange servers are the proprietary protocols commonly known as theMessaging Application Programming Interface or the MAPI. Although the servers also supports the Post office Protocol or POP, Internet Messaging Access Protocol or the IMAP and also the SMTP protocols. Some of the security measures that the organisations can take in order to ensure proper confidentiality and the integrity for the staff emails are:

  • The accounts that are used in the exchange servers must have the minimum number of the permissions granted to perform the given sets of the task.
  • The servers must only be started when required(Snehi and Dhir 2013).
  • The administration permissionsmust be set according to the scope of the changes and the objects that are needed to be modified.
  • The servers encrypts all other messaging paths and must not be encrypted.
  • Integrity of the staff email services: For marinating the integrity of the mail services provided to the staffs of the organization, the organization should maintain an efficient password policy so that the staffs do not create an easy password. Also it should be noted the organization should involve security measures so that the staffs can-not access the profile of other staffs so that the data integrity and the privacy of the staffs are maintained.

Security issues related to web mail and webserver

The webservers and the web mails have strong security checks yet there sometimes are some of the major problems that comes up with the servers. Some of the major problems that the webmail and the server faces are provided below and the threats are prioritized according to their impact:

  • Threats to the data leaks- There may be cases where the data are leaked to outside the organisation and this data may be used against the organisation. It is to be made sure by the employees of the organisation no vital information about the servers and the organisations are to share.
  • Spam mails: Spam mails are some of the major reasons for the purpose of the inserting malicious files in the systems and for obtaining personal information’s, the employees of the organisation are advised not to respond to any of the spam mails even open it.
  • DOS threats: Denial of service is one of the major threat to many of the system in recent times (Koh, and Im 2014). In this system if there is a dos attack system fails to recognise the admins and denies many of the functions in the machine. If there is any case of the dos attack the IT department must be immediately informed about the same in order to remove the threat immediately.
  • Threats of Malware: Malwares the programs that are made for the purpose of the hacking a system. No foreign items are too inserted in the organization system without permissions.
  • Unauthorised access to the data: If someone outside the organisation gains the access to the sources and the webmail server passwords, he may use the data for the purpose of stealing the data from the servers. This might result in huge loss to the organisation as by this technique, the foul player may get the access to the data that may be misused further (Bakla, ?eki? and K?ksal 2013). This is to be ensured that the email ids and the password safe and must change the password frequently.
  • Server performance and stability: IF the servers in the organisation are performing poorly and if any online notices any fault in the systems, must inform the IT department at first (Sharma and Yadav 2015).

Redundancy and fault tolerance

Fault tolerance: It is the property of a system that enables it to function normally even if some of the components of the system have failed. The faults can be categorised in three different forms such as the Transient faults, intermittent faults, Permanent fault (Technologies CSNT)s. In first two types of the faults, the systems work under extreme pressure and with low quality and in the case of the permanent faults the fault is potential and the system stops working.

Redundancy: This is one of the major faults in the server, the fault is that a single piece of information is expressed many times (Mirafzal, 2014). This may happen due to many reason like the system errors in reading, human faults and most importantly the malwares that duplicated the data. The redundancy errors must be reduced for maintaining normal system operations.

The approaches that may help in the process of the reducing the faults, redundancy and increase the fault tolerance is the process of the fault avoidance and fault removal and the Time redundancy.

Impact of human factors

Other than the system errors there are many human factors that leads to many of the error in the information systems. Human may do errors which may in turn harm the machines and rise to many other problems. The humans have designed the entire systems of the organisation, but the same humans are sometimes the reasons for the error (Egwutuoha et al. 2013). On the other hand in the process of the risk management, human factors plays an important role. Some techniques that helps in the process of the risk management are the avoidance, this is one of the best technique by which the risks can be managed and the humans plays an important role in this techniques. Other than this one of the other major technique that is useful is the loss prevention and the loss reduction (Norouzizadeh et al. 2016). IF there are chances of any loss, then human can assume that the risk can happen and avoid the same. In the process of the loss reduction, if any loss is induced the in the human factor can help lot in the process of the loss prevention.

Log

In computer science the log files are the records that are kept by the operating system for each and every event that is occurring in the systems. In case of the web servers and the emails servers the log files can be very much useful in terms of the security monitoring. The logs are recorded whenever any of the event takes place in the servers, if there is any false or misuse of the servers from the same can be traced out from the logs of the servers (Dubrova 2013). This can be one of the major security factor as if any one tries to do something wrong in the servers may be caught easily. Other than this, the log files are encrypted files and cannot be accessed from the outside and only the system admins can see and trace the files.

Audit log reports.

The audit log reports displays the audit log events that are generated at the servers, domains by the administrators. The audit reports are used for the for the purpose of the making the system servers more accurate (Vicente 2013). The results of the audits are used for the purpose of testing the systems.

Five type of the network security devises

Five major security devices that can be used by the organisation for eliminating risk related to the web servers are;

  • SOPHOS firewall – The organisation can use this devise for setting up a virtual firewall in the organisation. The firewall check for every incoming and outgoing packets.
  • Anti-virus systems- The antivirus systems are set off software’s that are designed for the purpose of scanning and ejecting spams and other such malwares.
  • Network access control-It permits the administrator to identify different users and machines and find out if unauthorized personnel are trying to gain access to the network. (Proctor and Van Zandt 2018)
  • Wireless Security- Helps in the protection of the wireless systems that are installed in the organisation.
  • Application Security- Helps in the protection of the application from being infected from other devices and the malwares, works somewhat same as the anti-viruses.

Recommendations:

The organisation can eradicate the Microsoft server 2007 and install the latest Microsoft servers that have been introduced by the organisation. Also the organisation must update the operating system of the machines. The organisation can use the help of the cloud servers in order to get the maximum of the modern technology.

Conclusion:

Thus concluding the topic, it can be said that the organisation can use the help of the modern generation for the purpose of updating the systems in order to give the best information system assistance to the users. Adopting the modern technology this will also help the organisation is attracting more and more customers. The organisation needs to set up proper server settings so that any kind of the risk can be avoided by the systems. The organisation also needs propernetwork updated devices for the purpose of advancing the security of in the organisation.

References

Ahmed, S. and Kanhere, S.S., 2013. HUBCODE: hub?based forwarding using network coding in delay tolerant networks. Wireless Communications and Mobile Computing, 13(9), pp.828-846.

Bakla, A., ?eki?, A. and K?ksal, O., 2013. Web-based surveys in educational research. International Journal of Academic Research, 5(1), pp.5-13.

Dubrova, E., 2013. Fault-tolerant design (pp. 55-65). Berlin: Springer.

Egwutuoha, I.P., Levy, D., Selic, B. and Chen, S., 2013. A survey of fault tolerance mechanisms and checkpoint/restart implementations for high performance computing systems. The Journal of Supercomputing, 65(3), pp.1302-1326.

Elfassy, D., 2013. Mastering Microsoft Exchange Server 2013. John Wiley & Sons.

Kim, D. and Kim, S., 2015. Design of quantification model for ransom ware prevent. World Journal of Engineering and Technology, 3(03), p.203.

Koh, E.B., Oh, J. and Im, C., 2014. A study on security threats and dynamic access control technology for BYOD, smart-work environment. In Proceedings of the International MultiConference of Engineers and Computer Scientists (Vol. 2, pp. 1-6).

Mirafzal, B., 2014. Survey of fault-tolerance techniques for three-phase voltage source inverters. IEEE Transactions on Industrial Electronics, 61(10), pp.5192-5202.

Mistry, R. and Misner, S., 2014. Introducing Microsoft SQL Server 2014. Microsoft Press.

NorouzizadehDezfouli, F., Dehghantanha, A., Eterovic-Soric, B. and Choo, K.K.R., 2016. Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms. Australian journal of forensic sciences, 48(4), pp.469-488.

Proctor, R.W. and Van Zandt, T., 2018. Human factors in simple and complex systems. CRC press.

Saeed, I.A., Selamat, A. and Abuagoub, A.M., 2013. A survey on malware and malware detection systems. International Journal of Computer Applications, 67(16).

Sharma, A.K. and Yadav, R., 2015, April. Spam mails filtering using different classifiers with feature selection and reduction technique. In Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on (pp. 1089-1093). IEEE.

Snehi, J. and Dhir, R., 2013. Web client and web server approaches to prevent xss attacks. International Journal of Computers & Technology, 4(2b1), pp.345-352.

Tan, S., Li, X. and Dong, Q., 2016. TrustR: An integrated router security framework for protecting computer networks. IEEE Communications Letters, 20(2), pp.376-379.

Thakur, A., 2015. Open source firewall implementation: replacing traditional firewall with open source.

Vicente, K.J., 2013. The human factor: Revolutionizing the way people live with technology. Routledge.

How to cite this essay: