Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Page | 1 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX PRV12007; CRICOS 03048D Unit Code and Title:...

1 answer below »
Page | 1
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX
PRV12007; CRICOS 03048D
Unit Code and Title: SBM4304 IS Security and Risk Management
Assessment 3: Applied Project
Due date: Week 13
Group/individual: Individual
Word count / Time provided: 2500 words
Weighting: 50%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7
Course Learning Outcomes: CLO-1, CLO-2, CLO-3, CLO-4, CLO-9
Graduate Attributes: GA-52, GA-10, GA-11, GA-12
Assessment Details:
This assessment is designed to assess your technical skills in investigation IS security, risk threats and
management to an organization. The assessment is also assessing your skills to evaluate risk
management techniques and IS auditing. You are required to select an organization that uses
information systems to perform daily business operations. You have to identify the most valuable
assets for the organisations and investigate the security threats and mitigation techniques. You have
also to propose/evaluate the risk management techniques adopted by the selected organization to
ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and
processes used by the organization and investigate the impact of human factors on security and risk
management.
Task Specifications
This assessment includes two tasks as follows:
Task-1:
Each student should select an organisation. The organization must provide information systems
services to the staff and customers. You have to write a report to answer the followings related to
the selected organization:
1. Network devices are highly vulnerable and can be exposed. Discuss two types of threats
against network routers/switches of the selected organization. Illustrate how these devices
are vulnerable to destruction and abuse.
2. Propose with justification two types of network security devices can be used to control
security and mitigate threats related to the web and email servers.
3. Assume the organization used Windows server 2016 to host the organization web site.
Discuss how the organization can ensure the availability of the web service using windows
server 2016.
4. Discuss the impact of employee on information security of the selected organization.
Provide risk management recommendation to reduce the risk of employee.
Assessment-3 Details
Page | 2
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX
PRV12007; CRICOS 03048D
5. Windows server 2016 supported with different tools for auditing. Illustrate windows server
2016 auditing tools and discuss how they can be used by the selected organization to
monitor and analyzing the web server and email server problems.
You may need to make some assumptions with the required justifications.
Task-2:
Use the online encryption tool at: https:
www.tools4noobs.com/online_tools/encrypt to
encrypt your student ID and name using Data Encryption Standard (DEC) according to the
following table:
Table 1: Encryption student details using DEC
Item Settings/Result
Key SBM4304
Algorithm Data Encryption Standard
Mode CBC
Encode the output using Base64
Text to encrypt {Student ID:Student name}
Encrypted with dec (Result) {Encrypted text}
You have to replace:
• {Student ID:Student name} with your student ID and your name
• {Encrypted text} with the encrypted text
In your report, you have to provide:
1. Table-1 with completed fields with a support of screenshot of encryption website.
2. Screenshot demonstrate the verification of your work by decrypting the cipher obtain in
Table-1 using: https:
www.tools4noobs.com/online_tools/decrypt
Please note you have to use Harvard reference style and the report should be submitted as a Word
file.
In completing this assessment successfully, you will be able to investigate IS security, risk threats and
propose the suitable security controls, which will help in achieving ULO-1, ULO-2, ULO-3, ULO-4 , ULO-
5, ULO-6 and ULO-7, this in turn will help you in achieving CLO-1, CLO-2, CLO-3, CLO0-4 and CLO-9,
which collectively with other unit learning outcomes will help in achieving GA-52, GA-10, GA-11 and
GA-12.
https:
www.tools4noobs.com/online_tools/encrypt
https:
www.tools4noobs.com/online_tools/decrypt

Page | 3
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX
PRV12007; CRICOS 03048D
Marking Information: The applied project will be marked out of 100 and will be weighted 50% of
the total unit mark.
Marking
Criteria
Not satisfactory
(0-49%) of the
criterion mark)
Satisfactory
(50-64%) of the
criterion mark
Good
(65-74%) of the
criterion mark
Very Good
(75-84%) of the
criterion mark
Excellent
(85-100%) of the
criterion mark
Introduction
(5 marks)
Poor Introduction with
i
elevant details
Introduction is
presented
iefly and
is missing the report
outline
Introduction is
generally presented
along with the report
outline
Introduction is well
written, and the
eport outline is also
discussed
Introduction is very
well written, and the
eport outline is also
discussed
Threats against
network
outers/switches
(15 marks)
Poorly discussion about
threats and not related
to routers/switches
Brief discussion about
threats and not
elated to
outers/switches
Good discussion about
threats related to
outers/switches
Well discussion about
threats related to
outers/switches
Excellent discussion
about threats with
clear specifications
elated to
outers/switches
Network security
devices
(15 mark)
Poor discussion about
network security devices
with i
elevant
information
Brief discussion about
network security
devices
Generally good
discussion network
security devices
Very clear discussion
about network
security devices
A very clear and in-
depth discussion
about network
security devices
Availability of the
web service
(10 mark)
Lack of evidence of
understanding of
availability for web
service.

Evidence of basic
understanding of
availability of the web
service with limited
examples.
Evidence of good
understanding and
identification of
techniques to improve
the availability of the
web service

Very clear
understanding and
identification of
techniques to improve
the availability of the
web service
Has excellent
understanding and
identification of
techniques to improve
the availability of the
web service
Impact of
employee on
information
security
(15 mark)
Lack of evidence of
understanding of impact
of employee on
information security
Evidence of basic
understanding of
impact of employee
on information
security
Evidence of good
understanding of
impact of employee
on information
security
Very good
understanding of
impact of employee
on information
security
Excellent
understanding of
impact of employee
on information
security
Windows server
2016 auditing tools
(10 mark)
Lack of evidence of
understanding of audit
process
Evidence of basic
understanding of
audit process and not
elated to the selected
sector.
Good understanding
of audit process with
discussion related to
the selected sector
Very good
understanding of
audit process with
discussion related to
the selected sector
Excellent
understanding and
demonstration of
audit process related
to the selected sector
Student details
encryption (Table-1
and Screenshot)
(10 mark)
Lack of evidence of using
the website for
encryption
Table -1 not
completed or with
e
ors.
Table -1 completed
with many settings
e
ors.
Table -1 completed
with some settings
e
ors.
Table -1 completed
co
ectly with co
ect
esult.
Verification by
decryption
(10 mark)
Lack of evidence of
understanding of the
process of decryption
with no screenshot
Screenshot is provided
with not complete or
inco
ect settings and
not related to Table-1
Screenshot is provided
elated to Table-1
with some settings
e
ors
Screenshot is provided
elated to Table-1 but
with inco
ect result.
Screenshot is provided
elated to Table-1
with co
ect result.
Summary
(5 marks)
Summary not
elating to the
eport
Brief summary of the
eport with some
elevance
Generally good
summary of the
eport
A section clearly
summarizing the
overall
contribution
A section very
clearly
summarizing the
overall
contribution
References using
Harvard style
(5 marks)
Lacks consistency
with many e
ors.
Unclear
eferencing/style
Generally good
eferencing/style
Clear referencing/
style
Clear styles with
excellent source
of references.
sbm4304-assessment-3-details-oday-gnrhh5yc.pdf
Answered Same Day May 10, 2021 SBM4304

Solution

Amit answered on May 14 2021
152 Votes
Title of the assignment: IS Security and Risk Management
Student’s name:
Professor’s name:
Course title: SBM4304
Date: 5/14/2019
Table of Contents
1.    Task number 1    3
2.    Introduction    3
3.    Identification of threats to IT devices and recovery methods    3
4.    Mitigation of security threats web server and email server    5
5.    Windows server 2016 to ensure availability of web service    5
6.    Kogan organization employees impacting information security    6
7.    Recommendations to Kogan employees to reduce faced possible risks    7
8.    Auditing tools provided by Windows server 2016 for analysis for email server and web server    8
9.    Task number 2    9
10.    Tool based encryption and decryption    9
11.    Conclusion    10
12.    References:    12
1. Task number 1
2. Introduction
The IT operations are the basic requirement of today’s organizations and various devices are deployed by organizations to maintain their IT services. The implementation of various devices makes chances of security threats to the network and IT services. The organization named “Kogan” which is a large retail store for electronics and groceries is selected organization for completing my report. Kogan is using window server 2016 for providing IT services and holding the databases. The web services provided by Kogan ensure its availability to the Australian citizens. This Kogan organization is maintaining large number of employees in its stores, so, IS mechanism is impacting them. With security recommendations to Kogan’s employees, the availability of its web services and effective business operations can be assured. The attached auditing tool to window server easily finds the issues to security and operational flow. The issues related to web server and emails to employees can also be audited with these tools.
3. Identification of threats to IT devices and recovery methods
Kogan is a large retail store for electronics and groceries and most of its business operations are based on the IT services maintained with web server. If any vulnerability is occu
ed to the network devices, then gateways for security threats are open. Most of the security threats to such type of organizations are occu
ed through the used routers and switches in the IT network. The Kogan organization can also face security threats with possible vulnerabilities in these devices. The possible threats to Kogan organizational network through these devices are can be of following types:
1) Hijack the organizational network devices: The attackers make attack to these devices by using the falsified IP and data packets. The probability equations are applied by attackers for finding the IP sequences. After making co
ect prediction, attackers use IP spoofing to attack the organizational network. Once the attacker is having access to router or switch, then, he / she can make any unauthorized alteration to network. Attacker performs replay attacks, unauthorized access attack to databases, hijack the session or can cause death attack to complete network.
2) Attacks with prototype: The network devices routers and switches provide their services to Kogan organization with their defined protocols. The uses, reliability and devices security and availability are maintained with different protocols. The attacker performs security threats by attacking the used protocols in these devices. These attacks have the intension of making rerouting the data packets. The re-routed data packets can easily be used by attackers.
The selected network devices have different methods for detection of any possible attacks. Some automatic functions are involved and attached to these devices which start working in case of any possible attack. The used methods by these devices for avoiding the possible attack on them are explained below:
1) In case of any attack to these devices, the rerouting and passing work to nea
y device is mainly performed. The device which is attacked
eaks all its connections and acts as the dead device and does not provide any critical services. The parallel device providing services to network and acting as the backbone over takes the tasks of that device and effect of attack is minimized.
2) These devices also perform IP fragmentation for avoiding attacks on them. The network traffic is filtered by these devices before allowing them to pass the IT network. The implemented fragmentation easily denies the suspicious IP and its activities by using its layers. The detection of un-fragmented IP with layer number 4 easily detects any attack to devices.
4. Mitigation of security threats web server and email server
At Kogan organization, maintaining security to deployed servers is considered as the most important aspect. Kogan organization makes implementation of security devices to maintain security of their servers. The below explained security devices are used by Kogan organization for archiving the desired security level to its servers:...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Attach File