IS Security and Risk Management Assignment - Applied project
Task Specifications
Each student should select an organisation. The organization must provide information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:
1. Describe the most common malwares and threads against the IS that effect the organization operations.
2. Network devices are highly vulnerable and can be exposed. Identify three types of network devices used by the selected organization. Illustrate why these devices are vulnerable to destruction, error, abuse, and system quality problems.
3. Assume the organization used Windows server 2012 to host the organization web site. Discuss how the organization can ensure the reliability and availability of the web service.
4. Microsoft Exchange server is used by the organization to provide email services to the staff. Illustrate the ways the organization used to ensure confidentiality and integrity for the staff email.
Assume you are working at the IT department of this organization. Many staff reported that the organization website is not responding many times, or it takes long time to open a webpage. In addition, other staff reported that they are unable to login using their user name and password to access their email after they responded to an email from IT department for account updating.
5. Discuss and prioritize the threats and the possible types of malware and security issues related to web mail and web-server.
6. One of the primary ways to ensure IT business continuity is to provide redundancy and fault tolerance. Propose two approaches your organization can use to improve the availability of web and email servers. Justify your answer with the support of diagrams.
7. The impact of human factors and organizational issues on IS-related security and risk management.
8. Illustrate how the logs records including security, access, and event can be help in monitoring and analyzing the web server and email server problems.
9. Discuss in detail how the audit log reports can be useful for performing auditing analysis, supporting the organization's internal investigations, and indenting operational trends and log-term problems. In particular for the email and web server issues.
10. Propose with justification five types of network security devices can be used to control security and mitigate threats related to the web and email servers.
You may need to make some assumptions with the required justifications.
Report Layout -
The report should be organised using the following headings and guidelines:
1. A Cover Title Page
2. Introduction
- should clearly define the aims and objectives of the report.
3. Common malwares and threads against organization Information systems.
4. Identification of networking devices.
- why these devices are vulnerable to destruction, error, abuse, and system quality problems.
5. Discussion on how the organization can ensure the reliability and availability of the web service.
6. The ways to ensure confidentiality and integrity of the staff email.
7. Discussion and prioritize the threats and the possible types of malware and security issues related to web mail and web-server.
8. Proposal of two approaches to improve the availability of web and email servers. (with justification and diagrams).
9. Impact of human factors and organizational issues on IS-related security and risk management
10. Illustration the use of logs records including security, access, event in monitoring and analyzing the web server and email server problems.
11. Discussion in detail the use of audit log reports for performing auditing analysis, supporting the organization's internal investigations, and indenting operational trends and log-term problems. In particular for the email and web server issues.
12. Proposal of five network security devices to control security and mitigate threats related to the web and email servers.
13. Conclusions and Recommendations
- A summary of your findings and your recommendations regarded the security and risk management.
14. Reference