Assessing Information And Network Security Software And Applications
- December 21, 2023/ Uncategorized
Objectives of the Report
Question:
Discuss about the Information Technology and Network Security.
Security has become a top most concern in the information and communication technology, societal development and economic environments recently. Data and information transfer is being done through information systems and networks now which was impossible a few years ago. Information systems and networks have been expanding expeditiously coupled with increasing number of network users and transaction values has led to rise in concerns about their security. When a business is planning to expand its operations information security is one key prerequisite that has to be critically considered.
This study is about an organization in Melbourne Australia that deals with development and customization of network and information security applications and software. Its customers are from the major cities of Australia and ranges from small to medium sized firms. Currently, it majors in projects to develop in-house software or liaises with bigger companies to offer custom-off-the-shelf applications. The company currently wants to expand and identify other options to venture in other than application development in the next five years to other parts of Australia and the rest of the world.
The company is considering diversifying its operations into offering information and network security to online business that require maintaining online security for such firms including customer database and websites.
This report is focused on assessing information and network security software and applications currently I the market. It also focuses on identifying the success and failure factors in different industries.
The objective of this report includes; investigation of the possibility of expansion, identification and assessment of information and network security used across the world, recommendation on how these software and application can be used to expand the company, and analysis of risks associated with the recommendation.
Information security refers to guarding information systems from unauthorized access, modification, use, destruction or disclosure of data within these systems. On the other hand, network security refers to any activity structured to guard and protect the integrity and usability of network data and information. (Cole, 2013).
People using technology should have a wide knowledge about the critical aspects and important standards and how to implement specific procedures in order to stay secured of threats and attacks. Over the years’ information theft, manipulation and destruction has been on the rise for individual gain or greed. Exchange of digital information across the globe is happening every second for example when one swipes a credit card a lot of information is distributed like transaction details are sent to their mail addresses, and other several things happen. It is the duty of the associated companies and organization to make sure that such information is kept private and confidential. (Subil, & Suku, 2014).
Information Security Objectives
Information security objectives
A company that aims to implement a working internet service provider should possess clear goals pertaining security and plan of action to which the management have agreed upon. If disagreements exist among the management, it may cause security of the information to be at risk and dysfunctional. The crucial aspect that a security expert should have in mind always is that him/ her having knowledge on security administration convention will enable him to include in the draft documentation and assures plenum, practicality and quality. (Subil, & Suku, 2014).
Making the language of policies simple and easy to understand smoothens the differences and assures agreement among the management staff.
According to Kizza, (2017), information security should be designed to achieve the three main objectives:
Confidentiality – data and information about persons, properties, places that have been declared private should not be disclosed to outside parties and must be solely accessed by authorized parties only.
Integrity – accuracy and completeness of data and information should be kept as it is through this that important decisions are made by companies, governments and individuals on the way forward.
Availability –this objective ensures that data and information is available to authorized users at all times so as not to delay company’s operations and execution of duties.
Information and network security accomplishes four fundamental functions for any organization which assures safety of application activities implemented in the company’s infrastructure, safeguards collected data and information, technology properties and guarantees functionality of the company’s operations. (Stewart, 2014).
It allows the safe running of application activities invoked in the form’s it systems. For data and information to be kept safe, enterprises must have put in place suitable applications and structures like firewalls and antiviruses. Software installed should also be protected beside data and information as they may lead to loss or destruction of critical resources. (Vacca, 2013).
Data and information left exposed can be penetrated and accessed by anybody. If unauthorized users get hold of such information, it can cause severe damage both to the business and individuals and may lead to drastic loses in the business. Information security software makes sure that suitable and crucial information is protected at all cost. Furthermore, protecting business data is a duty and ensures that confidentiality aspect is kept. (Eunice & Kermarrec, 2014).
In an enterprise, information is a crucial resource and is vital for the business operations and thus should be safeguarded from any unauthorized access. Interconnection among several businesses in the same field is rapidly increasing and thus widens vulnerability and threat index of organizational data and information. Competitors may decide to create destruction like hacking, denial of service attacks and use of malicious codes across the network. (Gupta, Agrawal & Yamaguchi, 2016)
Fundamental Functions of Information and Network Security in Enterprises
An organization keeps a lot of information about their clients which are extremely important like, credit cards information and it is the duty of the company to ensure that such data is always kept safe and secured from any unauthorized access by third parties which may use this personal information for impersonation. It is the duty of both general and IT management to make sure that information security objective and goal are met at all time, that is, confidentiality, integrity and availability. (Sasith, Chris, & Pubudu, 2016).
According to Mivule (2017), creativity in business is acquired through modern technology and continuous internet connection by societies even in bootleg market. Internet criminals are continuously looking for loop holes to get into protected across the globe. Due to increasing challenges in information security, every organization should always remain alert and prepared. The following are some of the threats to data security:
Technology with feeble controls – technology keeps evolving daily and new threats are emerging. Devices with inadequate security features installed in them tend to be vulnerable to these threats when connected to the internet. This tends to demonstrates a very critical risk because every unconstrained interconnection is subject to vulnerability. Fast growth of technology is a tribute to innovators. (Kizza, 2017).
Mobile Malware – security professional have found vulnerability loop holes in mobile gadgets ever since they began accessing the internet. There is a long list of today’s mobile attacks and users tend to ignore the risks they are getting themselves into. Bearing in mind of our strong culture’s dependence on mobile devices and the way internet criminals are targeting them insignificantly develops a dangerous threat to them. (Cole, 2013).
Foreign/ Third-party access – internet criminals get to choose the section with the least protection. They focus on tricking the young generation to falling into their traps. (Mivule, 2017)
Disregarding Proper Configuration – large data equipment is associated with their ability to be built to align with an organization’s requirements. Organizations constantly disregard the significance of setting up security configurations well. (Kizza, 2017)
Out of dated Security programs – updating security programs is a very essential management practice and a required step in safeguarding the company’s information. Programs are built to protect the information systems from known dangers. As such any advanced and recent mischievous lines of code striking an outdated form of security program will go unidentified. (Kumar, Singh & Jayanthi, 2016).
Missing Encryption Capabilities– safeguarding sensitive company information in transfer and at storage is an action that a small number of companies have failed to implement, even though it is efficiency. (Cole, 2017)
Threats to Data Security
Corporate information on Personal gadgets – Whether a company allocates company communication devices like laptops, tablets and phones or not, classified information can still be obtained on private gadgets. Management of mobile equipment continue to restrict operations but limiting this weak points hasn’t been prioritized by several companies. (Stewart, 2014).
Make sure the anti-virus application is always up-to-date- new computer bugs are being distributed and it is important that businesses are safeguarded from these bugs by updating anti-virus software. Organizations should ensure that the devices that lack updated anti-virus software are denied network connection. (Sundar, & Kumar, 2016).
Apply a firewall to safeguard networks- since computer bugs can distribute by other ways other than email, it is essential that undesirable traffic is hindered from accessing the network by use of a firewall. For users that utilize devices like personal firewall, laptops or PCs for jobs at home that are away from the protection of the organizations network, should be installed to make sure the devices are safeguarded. (Radia, 2016).
Filter all email traffic- outgoing and incoming email should be refined for computer viruses. This filter should appealingly be at the circumference of the network to avoid computer bugs. Emails with some file possessions normally used by computer bugs to spread themselves, for instance SCR, EXE, and .COM files, should also be blocked from accessing the network. (Stewart, 2014).
Teach all users to be cautious of suspicious e-mails- make sure that all users are aware to avoid opening unexpected attachments on an email. Even when the email is appearing from a known source, alertness should be practiced when accessing attachments in emails. Criminals take advantage of the trust planted in an email to trick people into opening an attachment or a link. (Sundar, & Kumar, 2016).
Scan Internet Downloads- make sure that all documents downloaded from the Internet are checked for computer bugs before being employed. Scanning should be performed from one central place on the network to make sure that all documents are properly checked. (Mivule, 2017)
Don’t execute programs of unknown source- It is essential that you apply a trusted origin for your software needs. This is to make sure that all software configured can be dependable and that its origin can be proved to be authentic. Apart from making sure that the right licensing agreements are established, adopting a trusted supplier can assist in minimizing the risk of software infected with a bugs endangering your business. Awareness on running computer programs from known source or trustworthy persons or company should be created. (Gupta, Agrawal & Yamaguchi, 2016).
Make common backups of critical information- It is essential to make sure that regular duplicates of important documents are stored either on removable media like tapes or portable drives to make sure there is availability of a trusted origin for information in the occasion that the network is corrupted with a computer bug. Backups will also enhance the organization to put back systems to software that are free from infection of computer bugs. Backups should be stored in a securely offsite to enhance added security. In case a major calamity happens to the organization, like the building going on fire, the information will remain secured in the safe offsite area and can be reestablished faster in a new facility. (Talabis, & Martin, 2013).
Types of Controls
Security controls can be grouped depending on the functionality; they include administrative, preventive, deterrent, detective or recovery and according to area/ platform of use; they include technical, physical or administrative. Technical controls include authentication systems, file encryption system, firewalls or intrusion detection systems. Physical controls entails structures as air conditioners, doors, flood protection, fire extinguishers and secure facilities. Administrative controls include information security guidelines, procedures and policies developed by the company. (Gunnam, & Kumar, 2017).
Preventive Controls
These are the first level defense mechanism that attackers meet. It tries to block any unauthorized access by implementing access control. It may be physical- like burglar proofing, technical- like firewalls or administrative- like security procedures and clearances. (Talabis, & Martin, 2013).
Detective Controls
As the name suggests this security layer is structure so as to identify and detect any intrusion in to the system and alert the implementation of counter measure by information security team. It includes; file integrity, cryptographic check sums, audit trials among others. (Gupta, Agrawal & Yamaguchi, 2016).
Corrective Controls
These type of controls are used to try cure the system intrusion and violation that has already occurred to the system. It tries to fix the violated system status. They may be technical or administrative and widely varies. (Gupta, Agrawal & Yamaguchi, 2016).
Deterrent Controls
These controls are implemented so as to deter and discourage attacker from performing a particular violation or intrusion. Examples include sound security systems like alarms and lights. (Talabis, & Martin, 2013).
Recovery Controls
They are almost similar to corrective but in this case recovery controls try to restore the normalcy of system functionality and resources like data, information and applications. Examples include data backups, emergency key management, disaster recovery and many others. (Gupta, Agrawal & Yamaguchi, 2016).
|
Preventive |
Detective |
Corrective |
Deterrent |
Recovery |
|
Firewalls |
Back up data restoral |
Alarms |
Back up data restoral |
|
|
Intrusion prevention systems |
System monitoring |
OS Upgrade |
Motion detectors |
|
|
Security Guards |
Motion detectors |
Antiviruses |
Flashing Lights |
|
|
Antiviruses |
Check sums |
Vulnerability mitigation |
||
|
Security awareness Training |
Intrusion detection Systems |
Table 1: Summary of Types of Controls
DefensePro
DefensePro is an actual-time, trait-based threats mitigation gadget that safeguard the organizations infrastructure against application and network slow time, data theft, software vulnerability exploitation, network anomalies, malware distribution and other upcoming cyber-threats. (Kizza, 2017).
Mitigation Service threats
Mitigation Service is completely controlled, composite solution conjoining always-on discovery and alleviation with cloud-built volumetric DDoS threat coming up and ERT premium controlled support. (Radia, 2016).
Cloud WAF Service
Cloud WAF Service supply enterprise-brand, constant flexible web program security, supplying full inclusion of OWASP Top ten attacks and automatically adjust guardianship to upcoming threats and safeguarded assets. (Kizza, 2017).
Conclusion
Keeping company’s system safe and protecting its data and information in the current business world is taken to be very essential and important. Many companies including telecommunication frim as are prioritizing system security controls. It is also critical and necessary to have security experts who can develop, analyze and implement security procedures, guidelines, policies and measures. Without accurate, and up-to-date information businesses cannot work well or make important decisions. This reason gives organizations to take information security as a very important aspect to them. In addition, application safety is one of the most essential components in carrying on a healthy business. As cyber threats rise in frequency, severity, and sophistication, program and network security remedies require to meet and beat these changeful attacks. Radware’s series of DDoS guardianship and Web program security contribution support integrated network and application security remedies structured designed to safeguard information and programs everywhere. It provides a multi-vector threat discovery and mitigation remedies, managing network layer and server threats, malware procreation and interruption activities. (Liang, Yuanmo, Hongtu, Yicheng, Fangming, & Jianfeng, 2014)
Information systems always under constant attacks from all corners like hacking, and tapping into firm’s networks, denial of service attacks. Since the company holds very critical and private data, it is its responsibility to ensure that such information is secured at all times. Organization’s data centers should be physically secured apart from logically protecting it from imminent attacks over the network and internet. For a business to operate efficiently, the data should always be up to date and always available.
Information security have numerous advantages including: protecting data information, computers and company’s network from unauthorized entry and access, integrating security controls makes a company competitive in the market place, makes a company reputable and gives it a good image, increases the confidence and decision abilities of management and stakeholders, enhances easy recovery abilities in cases of disruption and ensure smooth flow of company’s processes and activities among others. However, it has some disadvantages, for example, because technology evolves and so does threats, therefore, information security features must be upgraded frequently which makes the organization to incur extra costs, a system can be vulnerable if its users fails to adhere to some security protocol, and use of many passwords could slacken business operations.
My recommendation to the company include the following; install firewalls, up-to-date powerful antiviruses, install intrusion prevention and detection mechanism, and perform regular data and information backups to ensure that in case of any data loss they can quickly recover. Also disaster recovery techniques should be put in place. The company should also consider acquiring network application security such as DefensePro. This application ensures real time protection from threats like network anomalies, network slow time, malwares and other upcoming internet threats. It is also inbuilt with mechanisms that can prevent and detect attacks. Perform a risk assessment to identify the impact and likelihood of threats and vulnerabilities to business processes and goals.
The company should also ensure that an action plan has been developed the enhance cost friendly controls and security infrastructure reduces threats. System administration should be consistently performed. Re-evaluation, maintaining and monitoring of entire system security procedures. Antiviruses and operating systems should be configured for scheduled updates. Procedures for preventing, detecting, responding, and reporting should be implemented. Backup procedure and guidelines should be developed, implemented and documented and employees should be trained on these guidelines. Backup media should be stored on locations away from the company and test them regularly to confirm their capacity to restore or bring back crucial resources.
References
Cole, E. (2013). Network security bible. Hoboken, N.J: Wiley.
Gunnam, G., & Kumar, S. (2017). Do ICMP Security Attacks Have Same Impact on Servers?. Journal of Information Security, 8, 274-283. doi: 10.4236/jis.2017.83018.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. Hershey: Information Science Reference.
Kizza, J. M. (2017). Guide to computer network security.
Kumar, G. D., In Singh, M. K., & In Jayanthi, M. K. (2016). Network security attacks and countermeasures.
Liang, H., Yuanmo. Z., Hongtu, L., Yicheng, Y., Fangming, W., & Jianfeng, C. (2014) Challenges and Trends on Predicate Encryption—A Better Searchable Encryption in Cloud. Journal of Communications, 9(12), 908-915. Doi: 10.12720/jcm.9.12.908-915
Mivule, K. (2017). Web Search Query Privacy, an End-User Perspective. Journal of Information Security, 8, 56-74. https://dx.doi.org/10.4236/jis.2017.81005
Pubudu, K., Chris, P., & Sasith M. (2016). Cybersecurity: A Statistical Predictive Model for the Expected Path Length. Journal of Information Security, 07,112-128. doi: 10.4236/jis.2016.73008
Radia, P. (2016). Network Security: PRIVATE Communication in a PUBLIC World. Pearson India.
Sasith M., Chris P., & Pubudu, K. K. (2016). Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation. Journal of Information Security, 07, 269-279. doi: 10.4236/jis.2016.74022
Stewart, J. M. (2014). Network security, firewalls, and VPNs, second edition. Burlington, MA: Jones & Bartlett Learning.
Subil, A. & Suku, H. (2014). Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains. Journal of Communications, 9(12), 899-907. Doi: 10.12720/jcm.9.12.899-907
Sundar, K., & Kumar, S. (2016). Blue Screen of Death Observed for Microsoft Windows Server 2012 R2 under DDoS Security Attack. Journal of Information Security, 7, 225-231. doi: 10.4236/jis.2016.74018.
Talabis, M., & Martin, J. (2013). Information security risk assessment toolkit: Practical assessments through data collection and data analysis. Amsterdam: Elsevier.
Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.
