Learn smart - Learn online. Upto 88% off on courses for a limited time. View Courses
Error goes here
Please upload all relevant files for quick & complete assistance.
Running head: INFORMATION SECURITY
Name of the student:
Name of the University:
Author note ...
Running head: INFORMATION SECURITY
Name of the student:
Name of the University:
1 IN FORMATION SECURITY
Table of Contents
Introduction: ................................ ................................ ................................ ............................... 2
Security policy: ................................ ................................ ................................ .......................... 2
For security against malware and ransomware: ................................ ................................ ..... 2
Policies and practises for ensuring information security: ................................ ...................... 4
Conclusion: ................................ ................................ ................................ ................................ 5
References: ................................ ................................ ................................ ................................ . 7
2 IN FORMATION SECURITY
Technological development and usage of the information systems has ma de
information one of the most important assets of the industry , business or any organization s
who are ma king use of those technologies for functions and operations. However, the
technologies which has helped in the development of the businesses all around the world has
also let the hackers and intruders one of the most critical threats to the organizations as well.
development of the cyber security policies for the organization sha ll help in reducing the
threats to the organizatio n due to the presence of the se intruders. In this report, security
policy shall be developed for Telstra , which is one of the largest telecommunication
companies in Australia. As a telecommunication company it has to make use of huge amount
of information belonging to various stakeholders, and consumers . Protection of those data is
one of the chief prior ities of the organization and development of a cyber security policy can
help in protecting the systems, information and privacy of the users.
For security against malware and ransomware:
Definition: This security policy shall help in providing security to the systems, hardware and
software, which can in turn protect the valuable information stored within the, systems.
Making use of an tiviruses:
Antivirus is one of the most common, basic yet important aspect of combatting with
issues like malware, ransomware and spyware and viruses. This can help in
preventing the malicious files from entering the system by raising an alert that one is
trying to get an access to the systems.
This software can keep track of the networks and system to check for the suspicious
activities and prevent them from harming the systems.
Users should be strictly restricted from opening files from any unknown sende rs. Any
macros attached to the emails should not be opened at all. The attachments shall be
deleted immediately from the systems, and even from the recycle bin of the computers
to prevent such attacks.
Spam chains shall not be forwarded at any cost and sh ould be deleted immediately or
3 IN FORMATION SECURITY
Data back -up should be generated and kept in secure locations with the name of the
company and the type of data written on the folder. The folder should be secured with
the help of passwords.
As new viruses are being created regularly to impact the operations and functions of
the organizations , the anti -viruses shall be updated regularly as well.
Making use of filters in emails:
Making use of the email filters can help in determining the mail's which can cause threat to
the systems. Graymail can be prevented from entering the inbox. This is essential as it helps
the users to understand the mail's which are essential and the ones which are not. At times
clicking on the wrong links can end u p into initiation or a virus or malware attack in the
systems. These spam filters help in keeping the users safe from unwanted mails and spams.
Making use of firewalls:
Firewalls should be implemented such that the network can protected from the attacks
of the malwares. The firewall creates a partition between the external network and the
systems such that only authentic packets can enter the systems. This prevents the
malicious files from entering the systems right from the beginning.
All though firewall has been installed in the systems, penetration testing should be
performed with the help of the authorised personnel for better result and testing of the
endurance of the firewalls. This can help in finding the flaws of the systems.
Limiting the usage of technologies on premise:
This shall help in making the usage of the technologies on premises clear. The usage of the
external devices is strictly prohibited. This reduced the chances of inserting malwares and
viruses to the systems. The usage of the exter nal USB devices or connecting with
unauthorised wireless devices are prohibited. Using personal devices within the premise
while connecting them to the network or the organization is strictly prohibited.
Making use of Virtual private networks :
Encrypted connection should be used for the purpose of communication and
transaction in the organization. This is the fact that the using VPN helps in keeping
the network private and the organization can securely maintain their online activities
within the systems (Ibrahim , 2017 ). This will help in preventing eaves dropping and
4 IN FORMATION SECURITY
help in maintaining secrecy and confidentiality while making transactions or
communicating confidential messages.
All remote access to Telstra should be done with the help of the secure VPN
co nnection on the company -owned devices which has up -to-date anti -viru ses on the
systems (Skendzic & Kovacic, 2017 ).
Usage of passwords:
Usage of the strong passwords is highly recommended in this case. The passwords are
one of the basic protection criteri a for the organization s. Making use of the strong
passwords can help in providing the preliminary protection against the data breach or
ensuring security of the organizations (Biswas & Biswas, 2017 ).
Using strong passwords is important as it helps in keeping the systems more secure.
Combination of numbers, alphabets and special characters can be considered to be a
strong password . Making use of weak password, comprising only of letters and
numbers can be easier for the attackers to brute force (Stiawan et al. 2019) . Brute
force attacks are common when it comes to the hackers breaking into the systems by
cracking the password. An algorithm can help them to find out the necessary
passwords of the system. The simpler they are, the easier it is to identify them.
Avoiding usage of the passwords like '0000' or '1234' or '[email protected]' etc, can be
easier for the algorithm to guess. Thus , strong passwords should be considered for
system security .
All the p ass words should be altered at least at an interval of 6 months .
Documentation of the Non -expiring passwords shall be done and stored securely. The
stored passwords should be protected with the help of the encryption.
None of the Administrators should avoid the Password Policy for ease of use . Strict
actions should be taken in such cases (Mayer & Volkamer, 2018 ).
Policies and practises for ensuring information security:
Encryption of the data :
The data stored in the systems are sensitive in nature. Thus , en suring that they are p rotected
from unauthorised online accesses is very important. encryption of the data helps in ensuring
security of the information while they are transmitted through network. The attacks like man
in the middle attacks and other take s place in the organizations wh ile they transfer plain text
through the online medium (Zhou et al, 2016) . This information can thus be decoded easily
5 IN FORMATION SECURITY
by the intruders. Encrypting the data with strong encryption algorithms like RSA or any
asymmetric ke y cry ptography can help in maintaining the information secrecy (Zhu & Zhu,
Access control policy implementation:
Defining the access to the systems is essential. The people in charge of the systems or
the areas containing sensitive information, systems and servers should have well
defined permission granted from the authorities. A list shall be created for the
author ized personnel and shall be maintained such that newly authorized employees
or personnel can be immediately added to that very list. The employees who have lost
their authorization are immediately struck off from the list. The list shall be monitored
and reviewed and, where ver necessary, they shall be updated annually (Morelli et al.
The access to the employees or the facilities shall be monitored and controlled by the
organizational administration. The technologies shall be incorporated outside the
doors. For example, usage of the card readers or biometrics outside the doors shall
help in defining the access points within the organization. Authorized entities shall
authenticate themselves at the access points before gaining physical access to these
facilities where the information is stored. The delivery, removal or usage of these
information will be controlled and monitored at these access points as w ell. None of
the activities shall go unnoticed within the organization. None of the systems shall
come inside or get outside the premise without proper authorization from the
authorities of the organization (Moe & Thwin, 2019 ).
For the visitors, permissio n for accessing the systems shall be considered specially.
They shall be able to access the information systems with prior authorization . They
must be identified, and their authorizations must be verified prior to granting
permission to visit the organizat ional facilities. Visitors should be escorted to their
destinations within the organization and their activities shall be monitored to avoid
Thus , for ensuring that the information and the assets of Telstra is protected from the
external intervention and attacks of the hackers, the organization must make use of the
information security and access control policies. The policies are precautionary measures for
6 IN FORMATION SECURITY
the organizations and the organizational employees, starting from the gene ral staffs to the
administrators, all should abide by the polices . This reduces the chances of attacks on the
systems and make the systems secure. Maintaining the confidentiality, integrity and
availability of the data within the organization is the duty of the employees of the
organization. However, the policies are guidelines, security can be ensured when there is
proper follow up taken for ensuring that the guidelines are followed by the employees of the
7 IN FORMATION SECURITY
Biswas, S., & Biswas, S. (2017, November). Password security system with 2 -way
authentication. In 2017 Third International Conference on Research in Computational
Intelligence and Communication Networks (ICRCICN) (pp. 349 -353). IEEE.
Ibrahim, L. (2017). Virtual private network (vpn) management and ipsec tunneling
technology. Middle East, 1.
Mayer, P., & Volkamer, M. (2018, December). Addressing misconceptions about password
security effectively. In Proceedings of the 7th Workshop on Socio -Technical Aspect s
in Security and Trust (pp. 16 -27).
Moe, E. E., & Thwin, M. M. S. (2019). Effective Security and Access Control Framework for
Multilevel Organizations. In Advances in Biometrics (pp. 267 -288). Springer, Cham.
Morelli, U., Ranise, S., Sartori, D., Sciarret ta, G., & Tomasi, A. (2019, September). Audit -
based access control with a distributed ledger: Applications to healthcare
organizations. In International Workshop on Security and Trust Management (pp. 19 -
35). Springer, Cham.
Skendzic, A., & Kovacic, B. (201 7, May). Open source system OpenVPN in a function of
Virtual Private Network. In IOP Conference Series: Materials Science and
Engineering (Vol. 200, No. 1, p. 012065). IOP Publishing.
Stiawan, D., Idris, M., Malik, R. F., Nurmaini, S., Alsharif, N., & Budi arto, R. (2019).
Investigating brute force attack patterns in IoT network. Journal of Electrical and
Computer Engineering, 2019.
Zhou, S., Wei, Z., Wang, B., Zheng, X., Zhou, C., & Zhang, Q. (2016). Encryption method
based on a new secret key algorithm for color images. AEU -International Journal of
Electronics and Communications, 70(1), 1 -7.
Zhu, S., & Zhu, C. (2019). Plaintext -related image encryption algorithm based on block
structure and five -dimensional chaotic map. IEEE Access, 7, 147106 -147118.
Enter the password to open this PDF file:
MyAssignmenthelp.com has gained overwhelming popularity among the students of USA for providing cheap dissertation help without hampering the quality of papers. We are one of the few dissertation service providers who offer the combination of quality and affordability. Hence, we have become most preferred dissertation help provider in Washington, D.C., New York, Chicago and many cities of America. Apart from buying dissertation online, students also can avail editing and proofreading services from us. We also boast a pool of experienced dissertation editors who handle students requests for editing and proofreading.
On APP - grab it while it lasts!
*Offer eligible for first 3 orders ordered through app!
ONLINE TO HELP YOU 24X7
OR GET MONEY BACK!
OUT OF 38983 REVIEWS
Received my assignment before my deadline request, paper was well written. Highly