Technical Requirements and Software

Running head: INFORMATION SECURITY Information security Name of the student: Name of the University: Author note: 1 IN FORMATION SECURITY Table of Contents Introduction: ................................ ................................ ................................ ............................... 2 Security policy: ................................ ................................ ................................ .......................... 2 For security against malware and ransomware: ................................ ................................ ..... 2 Policies and practises for ensuring information security: ................................ ...................... 4 Conclusion: ................................ ................................ ................................ ................................ 5 References: ................................ ................................ ................................ ................................ . 7 2 IN FORMATION SECURITY Introduction: Technological development and usage of the information systems has ma de information one of the most important assets of the industry , business or any organization s who are ma king use of those technologies for functions and operations. However, the technologies which has helped in the development of the businesses all around the world has also let the hackers and intruders one of the most critical threats to the organizations as well. development of the cyber security policies for the organization sha ll help in reducing the threats to the organizatio n due to the presence of the se intruders. In this report, security policy shall be developed for Telstra , which is one of the largest telecommunication companies in Australia. As a telecommunication company it has to make use of huge amount of information belonging to various stakeholders, and consumers . Protection of those data is one of the chief prior ities of the organization and development of a cyber security policy can help in protecting the systems, information and privacy of the users. Security policy: For security against malware and ransomware: Definition: This security policy shall help in providing security to the systems, hardware and software, which can in turn protect the valuable information stored within the, systems. Making use of an tiviruses:  Antivirus is one of the most common, basic yet important aspect of combatting with issues like malware, ransomware and spyware and viruses. This can help in preventing the malicious files from entering the system by raising an alert that one is trying to get an access to the systems.  This software can keep track of the networks and system to check for the suspicious activities and prevent them from harming the systems.  Users should be strictly restricted from opening files from any unknown sende rs. Any macros attached to the emails should not be opened at all. The attachments shall be deleted immediately from the systems, and even from the recycle bin of the computers to prevent such attacks.  Spam chains shall not be forwarded at any cost and sh ould be deleted immediately or regularly. 3 IN FORMATION SECURITY  Data back -up should be generated and kept in secure locations with the name of the company and the type of data written on the folder. The folder should be secured with the help of passwords.  As new viruses are being created regularly to impact the operations and functions of the organizations , the anti -viruses shall be updated regularly as well. Making use of filters in emails: Making use of the email filters can help in determining the mail's which can cause threat to the systems. Graymail can be prevented from entering the inbox. This is essential as it helps the users to understand the mail's which are essential and the ones which are not. At times clicking on the wrong links can end u p into initiation or a virus or malware attack in the systems. These spam filters help in keeping the users safe from unwanted mails and spams. Making use of firewalls:  Firewalls should be implemented such that the network can protected from the attacks of the malwares. The firewall creates a partition between the external network and the systems such that only authentic packets can enter the systems. This prevents the malicious files from entering the systems right from the beginning.  All though firewall has been installed in the systems, penetration testing should be performed with the help of the authorised personnel for better result and testing of the endurance of the firewalls. This can help in finding the flaws of the systems. Limiting the usage of technologies on premise: This shall help in making the usage of the technologies on premises clear. The usage of the external devices is strictly prohibited. This reduced the chances of inserting malwares and viruses to the systems. The usage of the exter nal USB devices or connecting with unauthorised wireless devices are prohibited. Using personal devices within the premise while connecting them to the network or the organization is strictly prohibited. Making use of Virtual private networks :  Encrypted connection should be used for the purpose of communication and transaction in the organization. This is the fact that the using VPN helps in keeping the network private and the organization can securely maintain their online activities within the systems (Ibrahim , 2017 ). This will help in preventing eaves dropping and 4 IN FORMATION SECURITY help in maintaining secrecy and confidentiality while making transactions or communicating confidential messages.  All remote access to Telstra should be done with the help of the secure VPN co nnection on the company -owned devices which has up -to-date anti -viru ses on the systems (Skendzic & Kovacic, 2017 ). Usage of passwords:  Usage of the strong passwords is highly recommended in this case. The passwords are one of the basic protection criteri a for the organization s. Making use of the strong passwords can help in providing the preliminary protection against the data breach or ensuring security of the organizations (Biswas & Biswas, 2017 ).  Using strong passwords is important as it helps in keeping the systems more secure. Combination of numbers, alphabets and special characters can be considered to be a strong password . Making use of weak password, comprising only of letters and numbers can be easier for the attackers to brute force (Stiawan et al. 2019) . Brute force attacks are common when it comes to the hackers breaking into the systems by cracking the password. An algorithm can help them to find out the necessary passwords of the system. The simpler they are, the easier it is to identify them.  Avoiding usage of the passwords like '0000' or '1234' or '[email protected]' etc, can be easier for the algorithm to guess. Thus , strong passwords should be considered for system security .  All the p ass words should be altered at least at an interval of 6 months .  Documentation of the Non -expiring passwords shall be done and stored securely. The stored passwords should be protected with the help of the encryption.  None of the Administrators should avoid the Password Policy for ease of use . Strict actions should be taken in such cases (Mayer & Volkamer, 2018 ). Policies and practises for ensuring information security: Encryption of the data : The data stored in the systems are sensitive in nature. Thus , en suring that they are p rotected from unauthorised online accesses is very important. encryption of the data helps in ensuring security of the information while they are transmitted through network. The attacks like man in the middle attacks and other take s place in the organizations wh ile they transfer plain text through the online medium (Zhou et al, 2016) . This information can thus be decoded easily 5 IN FORMATION SECURITY by the intruders. Encrypting the data with strong encryption algorithms like RSA or any asymmetric ke y cry ptography can help in maintaining the information secrecy (Zhu & Zhu, 2019 ). Access control policy implementation:  Defining the access to the systems is essential. The people in charge of the systems or the areas containing sensitive information, systems and servers should have well defined permission granted from the authorities. A list shall be created for the author ized personnel and shall be maintained such that newly authorized employees or personnel can be immediately added to that very list. The employees who have lost their authorization are immediately struck off from the list. The list shall be monitored and reviewed and, where ver necessary, they shall be updated annually (Morelli et al. 2019) .  The access to the employees or the facilities shall be monitored and controlled by the organizational administration. The technologies shall be incorporated outside the doors. For example, usage of the card readers or biometrics outside the doors shall help in defining the access points within the organization. Authorized entities shall authenticate themselves at the access points before gaining physical access to these facilities where the information is stored. The delivery, removal or usage of these information will be controlled and monitored at these access points as w ell. None of the activities shall go unnoticed within the organization. None of the systems shall come inside or get outside the premise without proper authorization from the authorities of the organization (Moe & Thwin, 2019 ).  For the visitors, permissio n for accessing the systems shall be considered specially. They shall be able to access the information systems with prior authorization . They must be identified, and their authorizations must be verified prior to granting permission to visit the organizat ional facilities. Visitors should be escorted to their destinations within the organization and their activities shall be monitored to avoid mishaps. Conclusion: Thus , for ensuring that the information and the assets of Telstra is protected from the external intervention and attacks of the hackers, the organization must make use of the information security and access control policies. The policies are precautionary measures for 6 IN FORMATION SECURITY the organizations and the organizational employees, starting from the gene ral staffs to the administrators, all should abide by the polices . This reduces the chances of attacks on the systems and make the systems secure. Maintaining the confidentiality, integrity and availability of the data within the organization is the duty of the employees of the organization. However, the policies are guidelines, security can be ensured when there is proper follow up taken for ensuring that the guidelines are followed by the employees of the organization properly. 7 IN FORMATION SECURITY References: Biswas, S., & Biswas, S. (2017, November). Password security system with 2 -way authentication. In 2017 Third International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN) (pp. 349 -353). IEEE. Ibrahim, L. (2017). Virtual private network (vpn) management and ipsec tunneling technology. Middle East, 1. Mayer, P., & Volkamer, M. (2018, December). Addressing misconceptions about password security effectively. In Proceedings of the 7th Workshop on Socio -Technical Aspect s in Security and Trust (pp. 16 -27). Moe, E. E., & Thwin, M. M. S. (2019). Effective Security and Access Control Framework for Multilevel Organizations. In Advances in Biometrics (pp. 267 -288). Springer, Cham. Morelli, U., Ranise, S., Sartori, D., Sciarret ta, G., & Tomasi, A. (2019, September). Audit - based access control with a distributed ledger: Applications to healthcare organizations. In International Workshop on Security and Trust Management (pp. 19 - 35). Springer, Cham. Skendzic, A., & Kovacic, B. (201 7, May). Open source system OpenVPN in a function of Virtual Private Network. In IOP Conference Series: Materials Science and Engineering (Vol. 200, No. 1, p. 012065). IOP Publishing. Stiawan, D., Idris, M., Malik, R. F., Nurmaini, S., Alsharif, N., & Budi arto, R. (2019). Investigating brute force attack patterns in IoT network. Journal of Electrical and Computer Engineering, 2019. Zhou, S., Wei, Z., Wang, B., Zheng, X., Zhou, C., & Zhang, Q. (2016). Encryption method based on a new secret key algorithm for color images. AEU -International Journal of Electronics and Communications, 70(1), 1 -7. Zhu, S., & Zhu, C. (2019). Plaintext -related image encryption algorithm based on block structure and five -dimensional chaotic map. IEEE Access, 7, 147106 -147118.