Information security policy is defined as a set of policies which is used by an organization to secure and private their data or information. The security of information is one of the crucial problems in this modern generation and most of organizations are facing the issue of cyber-attack. It is observed that the rate of cyber-crimes is growing very fast and lack of security is a big problem that increases such kind of threats. The main objective of this report is to develop information security policies for Xero organization and analysis the risk associated with this organization. Xero is a software development organization that provides information and technology services to their consumers but this company is facing various cyber-threats such as malware attack, denial of service attack and many more. This report is producing security policies that address the threats and vulnerabilities faced by Xero organization and also describing the various kinds of cyber security threats.
It is a New Zealand public organization which offers cloud-based services to small and medium companies. Xero organization has many offices in Australia, United State, and the U.K. and South Africa and this is listed on the Australian securities exchange. The products of this organization are completely based on software as a service and the main headquarter of Xero is placed in New Zealand. In the year 2016, it opened their first Asia office in Singapore and it provides accounting software products to their consumers and most of the small business sectors use this accounting software to improve the efficiency of the business. The main problem faced by this organization is that they are not able to handle malware and DDOS attack due to which they lost their personal information's. In the year 2017, this hacker attacked this organization and they produced 1 Tb traffic signals and transferred on their computer networks. Due to which around 15 minutes their websites went to down and consumers did not access their accounts. To avoid such kind of problems Xero organizations require modern security tools and technologies and they can develop security policies to handle security threats.
Information security policy is a set of rules and regulation enacted by a company to ensure that their employees and workers use authentic servers and networks and it also helps to address the security-related issues (Bulgurcu, Cavusoglu, & Benbasat, 2010). Xero is a kind of IT organization that provides communicates with numbers of consumers in every hour for which they require to secure the data or information. To avoid the issue of a data breach this report will develop security policies and strategies and this section will identify the methods to improve the security of data.
There are many objectives of information security policies which are described below:
This security policy applies to all data or information of Xero, computer networks, employees of the organization, and supplied under contract on it.
Access control policy and authority
Generally, an information security policy has a hierarchical pattern which means their employees are bound not to share or transfer the information of an organization. Xero organization communicates with numbers of small business sectors and their employee's share personal details due to which the issue of cyber-threat increases. Mainly a senior manager has authority to access personal accounts and make a decision-making process to share data or information but Xero provided authority to their employees to access private accounts (Ericsson, 2010). Due to which several employees provided their details on third party websites and they can suffer from the issue of cyber-crime. Therefore, the logic demands that security policy should address each basic operation in Xero organization with the proper specification that will illuminate their authoritative status.
Classification of data
Classification of data is one of the best steps to maintain a large amount of data sets and most of the organization used this process to maintain the efficiency of computer servers. Xero organization interacts with many users and companies and they store a huge quantity of data sets for which they required data classification approach. Classification of data provides a platform to protect user's data from cyber-crimes and this policy can arrange the entire set of data. There are few steps involves in this security policy which are described below:
Large risk class: in which data or information protected by state and federal legislation and payroll, financial and private details are also involved
Confidential class: in this type of class data is not enjoy the honour of being below the wing of low and data manager can judges that it should protect Xero information from unauthorized servers.
Class public: this kind of information or data can be freely transferred.
Xero can classify their data into different data sets, for example, the classification confidential, restricted and many more. By using these kinds of approaches they can address the problem of data breach and complexity related issues.
Information and communication technology developed numbers of security tools and approaches to address the security threats and vulnerabilities which are described below:
Xero is one of the largest business industry that develops accounting related software's and they also provide SaaS services to their consumers. For which they used many software's and networks to control and monitor their personal accounts and they can upgrade security systems to maintain security issues. Employees of this organization should update software on regular basis and Xero can hire an IT team to handle the security of computer networks. They can also design and implement advanced security systems, for example, databases, sensitive devices and components and information system (Hsu, Shih, Hung, & Lowry, 2015).
The information and technology team of Xero organization can test that all security devices and programmes are turned on and they are working properly. This kind of security policy will include a visual inspection of any control system that can be utilized to determine whether the systems are in a working situation or not (Ifinedo, 2012). Xero should check and test this kind of issue on regular basis and update computer software regularly.
It is one of the common security policy which is used by many organizations and Xero can adapt this technique to secure employees personal data or information. They can design modern security related approaches by which employees and workers can access their accounts more effectively. This organization provide information and technology services to their users and many small companies use their software's in the computer for which they required a passwords based system to secure communication system between employees and users. Therefore, Xero can develop this kind of policy to control and manage security-related issues and they should ensure that employees use a strong password and do not share with anyone.
It is one of the best ways which is used by Xero to communicate with their clients and customers and also provide users support facility. For which they required a process to manage their private emails and message and information and technology developed a robust technique to secure employees emails. It is observed that most hackers send unwanted emails on employee's accounts and enter into their computer system due to which users can lose their personal details (Krutz, & Vines, 2010). If Xero developed an E-mail security algorithm then they can save their personal chats and information and senior manager should ensure that employees use only authentic networks during the communication process.
It is a very important security step which is used by most organizations to protect data or information from hackers. It provides a way to improve the overall communication system and secure user private information's. In this kind of process, the data of employee’s converts into a form of specific code which and transfer from supplier to consumers and attackers are not able to read this code without their permission. Xero can develop this type of technique because mostly they communicate with their customers by using internet connectivity and mobile networks and they should ensure that their employees avoid the use of third-party applications.
The main purpose of this technique is to improve the security of computer networks and it provides an authorized server to their consumers. Xero developed numbers of software and IT products for which they required an authentic network that can handle the security threats and risks associated with computer devices. They can adopt this kind of security system to reduce cybersecurity issues and vulnerabilities (Mármol, & Pérez, 2009). The main role of this technique is to identify the third party websites or application and it is observed that many Xero employees use third-party websites for communication purpose that are developed by attackers. There are numbers of Australian organization that display their company name in green colour which shows that they use digital certification process to manage the unauthentic signals.
This is a very important step in information security that provides a way to verify the identities of Xero websites and their accounts. Xero organization can evolve this type of security process because it has the ability to detect and monitor fraud links and traffic signals by which employees can secure their personal data or information. One time password is one of the best examples of authentication approach and most of the organization provided this process during the generation of new accounts (Rhee, Kim, & Ryu, 2009). Xero provides the accounts facility on their website by which users can create their accounts for which they required an authentication process. They can adopt a biometric recognition system to improve the security of computer networks and IT team should ensure that employees used only their authentic identity to access organization accounts. Information and technology developed many biometric systems that can be implemented for Xero such as fingerprint, iris, and face recognition and hand geometry (Workman, Bommer, & Straub, 2008)
The main purpose of this security policy is to reduce the denial of services and malware attack and many organizations used this technology. It is observed that Xero provide multiple login attempts to their employees and works that create uncertainty of networks which is also increasing the issue of cyber-attack. To avoid such kinds of issues the senior manager of this organization can reduce numbers of login attempts by which they can enhance the privacy of their networks (Siponen, & Vance, 2010). It has the capability to address the brute-force attack which is a very serious problem for any organization that blocks the peripheral devices of employees.
In this advanced generation information and technology produced numbers of antivirus and software to avoid the security-related issues. Generally, Xero stored their personal data into computer devices and they do not use any protection software which can increase the problem of a data breach. Firewall, cryposense, web titan, and log360 all these are very popular software that can be used to detect unwanted signals and unauthorized networks in computer devices (Workman, 2008). All these applications run into the background of computer and identify the spam links or malware signals and provide a notification on the screen of the computer by which employees can block these networks.
There are numbers of potential threats and vulnerabilities occur into Xero organizations that are described below:
In the field of the information system, unauthorized access is a most common security threat which is very dangerous for computer networks. Xero is suffering from this type of security threat that detects the employee's computing devices and enters into their networks by using malicious software (Siponen, & Vance, 2014). In which hackers produce an unauthentic website or server and send to the users accounts after that consumers use these signals by which they lose their personal information.
It is a type of nasty software that enters into the employee's computer devices without taking their permission and it also spread from one location to another. It is investigated that the few viri can cause severe harm that may affect the computer program and overall performance. Recently Xero observed that their computer devices are not working properly and employees are facing the issue of performance which occur due to viruses. This type of problem may affect the computer system and users can lose their private data (Siponen, Mahmood, & Pahnila, 2014).
It is a very common type of security threat that occurs due to lack of security and hackers target on the user's peripheral devices. Xero communicates with their users by using websites and computer blog and they are suffering from the problem of DDOS attack. In which hackers send spam or fraud emails to the employees and they click on unwanted links due to which hackers store their personal information (Sommestad, Hallberg, Lundholm, & Bengtsson, 2014). Generally, hackers use malware software to produce traffic signals and first they detect the location of computer networks after that they encrypt all private details.
Malicious is kind of hacking software that produce a large amount of traffic and unauthentic servers which are used to block the computer networks. Generally attacker target on the website of Xero after that they reduce the performance of wireless networks and hack login ID and passwords of their computer devices (Von Solms, & Van Niekerk, 2013). Most the hackers use malicious software because it has the ability to break the security of user's devices and few employees of Xero use third-party application which are developed by malware that store user's personal information.
It is also called a security threat that increases due to use of unauthentic servers and Xero organization is facing this issue from last few years. In which hacker utilize more complex algorithm that detects and identify the login ID and password of employee's accounts. Attackers are able to encrypt the user's personal information and they can control the communication process between employees and consumers (Wall, Palvia, & Lowry, 2013).
Xero is facing the issue of cyber-crime and data breach due to which they can lose their personal data and value in the market. It is observed that lack of security is a very common problem because most Xero employees use unauthentic servers that are developed by attackers and they lost their personal information (Warkentin, & Willison, 2009). To avoid such kind of problem information and technology provide numbers of steps and tools which are described below:
It is observed that most the consumers use very low password system and they do not use any backup plan due to which they face the problem of hacking. For Xero, it is very important to check and security programmes after that the management team should adopt an IT team that can handle the security-related issues. there are many ethical and legal issues occur due to cyber-security threats, for example, data breach, security theft, loss of personal e-mails, and reduce the privacy of computer devices (Yeh, & Chang, 2007). All these issues and problems can be resolved by above security policies and it is recommended that Xero can adopt the advanced computer networks and security tools to handle the data breach issues. Encryption and cryptography both are very popular technologies which can be used for Xero organization and they provide a platform to identify the key factors that increase cyber-crimes. The employees of Xero should ensure that they use only authentic servers and if any malware signals attacks on their networks then contact with IT teams.
Security of data is very common and biggest problem for every organization because hackers use advanced algorithm to attack the computer devices of consumers. In the last few years security related issues like data breach and threats are growing very fast and the main reason for this increment is lack of security. This report is completely based on information security threats and issues and with the help of this paper readers can enhance their knowledge in the area of the information system. Xero is a software company that provide IT related services to their customers but in the last few years, they are facing the issue of cyber-threat. This report explained the threats and vulnerabilities of the information system and developed security policies to address such kinds of problems. There are main three problems occur in computer networks, for example, DOS attack, sniffer and malicious attack which are described in this report. The management team of Xero should ensure that their employees avoid the use of third-party applications and use firewall and cryptography technology to address the issue of cyber-security.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioural information security research. computers & security, 32, 90-101.
Ericsson, G. N. (2010). Cybersecurity and power system communication—essential parts of a smart grid infrastructure. IEEE Transactions on Power Delivery, 25(3), 1501-1507.
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviours in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviours and social controls in information security policy effectiveness. Information Systems Research, 26(2), 282-300.
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behaviour and the protection motivation theory. Computers & Security, 31(1), 83-95.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Mármol, F. G., & Pérez, G. M. (2009). Security threats scenarios in trust and reputation models for distributed systems. computers & security, 28(7), 545-556.
Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behaviour. Computers & Security, 28(8), 816-826.
Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, 12(3), 487-502.
Siponen, M., & Vance, A. (2014). Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations. European Journal of Information Systems, 23(3), 289-305.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224.
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), 42-75.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cybersecurity. computers & security, 38, 97-102.
Wall, J. D., Palvia, P., & Lowry, P. B. (2013). Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9(4), 52-79.
Warkentin, M., & Willison, R. (2009). Behavioural and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), 101-105.
Workman, M. (2008). Wisecrackers: A theory?grounded investigation of phishing and pretext social engineering threats to information security. Journal of the American Society for Information Science and Technology, 59(4), 662-674.
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in human behaviour, 24(6), 2799-2816.
Yeh, Q. J., & Chang, A. J. T. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480-491.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2020). Managing Information System And Security Policies. Retrieved from https://myassignmenthelp.com/free-samples/mgmt6013-managing-information-system-and-security-policies.
"Managing Information System And Security Policies." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/mgmt6013-managing-information-system-and-security-policies.
My Assignment Help (2020) Managing Information System And Security Policies [Online]. Available from: https://myassignmenthelp.com/free-samples/mgmt6013-managing-information-system-and-security-policies
[Accessed 06 April 2020].
My Assignment Help. 'Managing Information System And Security Policies' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/mgmt6013-managing-information-system-and-security-policies> accessed 06 April 2020.
My Assignment Help. Managing Information System And Security Policies [Internet]. My Assignment Help. 2020 [cited 06 April 2020]. Available from: https://myassignmenthelp.com/free-samples/mgmt6013-managing-information-system-and-security-policies.
You probably require accounting help if your assignment is pertaining to M.Y.O.B. online. Since M.Y.O.B. (Mind Your Own Business Australia) has a widespread operation and cloud computing applications, the task might be challenging for you. Here is where experts at MyAssignmenthelp.com come in to gather factual information from various resources. Our academic writers will be able to provide M.Y.O.B. help through graphs, charts and financial reports. Moreover, we utilize powerful plagiarism software to check for the authenticity of the content. We strive to provide unique assignments to help the students earn exemplary grades.
Answer: Implementation of CRM System in Sydney Harbor Marriot Hotel Introduction The upcoming pages of the report deal with implementation of CRM (Customer Relationship Management) in Sydney Marriot by making use of SDLC Model. The report begins with an analysis of internal and external environment of Marriot group (Evanoff 2016). Apart from this, it tends to highlight the importance of new CRM system for achieving its required goals. As per...Read More
Answer: Introduction: ERP or the Enterprise Resource Planning generally refers to the system which acts as a silver bullet for each and every problem that are faced by various organizations. the implementation of the ERP system is generally associated with providing the organizations with offers related to the chances of re-engineering the business process along with helping in coordination of the systems that are located in different geographi...Read More
Answer: Security Risk Assessment Security Risks, Threats and Vulnerabilities The assessment of security risks would be based on the identification, assessment and implementation of the key controls of security within the various applications used by the industry. With the carrying out of the risk assessment within the organisation, it would be beneficial for performing a risk assessment . This form of risk assessment would be able to supp...Read More
Answer: Introduction: Australian Plastic Fabricators is one of the dynamic plastic fabrication company which is located in Sydney’s city fringe and is one of the Greater West supplying acrylic shop fittings to Sydney retail and shop fitting businesses. The organization is also considered to be the one stop shop for meeting all the needs related to Acrylic. Without any kind of doubt this organization can be considered to be the market le...Read More
Answer: Introduction The main aim of this project to develop the crack some passwords on different levels of a website. The implementing the project we can used for the ten levels that are includes are cryptography, directory traversal, sql injection, malicious redirects, Burp suites, Nmap, session management, information gathering, reporting.Postings are refreshed day by day and are utilized to spread and encourage further web hacking. Pract...Read More
Just share your requirements and get customized solutions on time.
Our writers make sure that all orders are submitted, prior to the deadline.
Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.
Feel free to contact our assignment writing services any time via phone, email or live chat.
Our writers can provide you professional writing assistance on any subject at any level.
Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.
Get all your documents checked for plagiarism or duplicacy with us.
Get different kinds of essays typed in minutes with clicks.
Calculate your semester grades and cumulative GPa with our GPA Calculator.
Balance any chemical equation in minutes just by entering the formula.
Calculate the number of words and number of pages of all your academic documents.
Our Mission Client Satisfaction
The work that was done was more than satisfactory. I am very pleased with this assignment. Thank you very much!
So glad I trusted MAH tutoring services!! Their expertise is incomparable!! My tutor was amazing!!!
AWESOME SERVICES!! Excellent tutor results! I can totally see why they are referred to as expert tutors! They know their stuff!! THANKS MAH!!
Received high marks. Paper was done quickly and the writer did a great job and listened to all my notes.