Professional Documents
Culture Documents
Cryptography
HOMECARE REMOVALS
0
Table of Contents
TASK # 01........................................................................................................................................ 1
Information Assets:....................................................................................................................... 1
Software assets:........................................................................................................................... 1
Hardware assets:......................................................................................................................... 2
TASK# 02......................................................................................................................................... 3
a) RISK CONTROL.......................................................................................................................... 3
Down Time................................................................................................................................... 3
Malicious Software....................................................................................................................... 4
Hacking........................................................................................................................................ 4
SQL Injections:............................................................................................................................. 4
Server Failure............................................................................................................................... 5
Phishing:...................................................................................................................................... 5
b) Relevance of Cyber Essentials , 10 Steps to Cyber Security and BMIS(Business Model For
Information Security...................................................................................................................... 6
c)Encryption................................................................................................................................. 6
Recommendation on encryption...................................................................................................7
CCMP.......................................................................................................................................... 7
TASK # 03........................................................................................................................................ 7
NETWORK DIAGRAM..................................................................................................................... 7
TASK # 04........................................................................................................................................ 8
Maintaining Security......................................................................................................................... 8
TASK # 05........................................................................................................................................ 9
Reflective Commentary.................................................................................................................... 9
Bibliography................................................................................................................................... 10
TASK # 01
services. This report is made to conduct the risk assessment of Homecare Removals Company
Information Assets:
Information is the most important asset for any organization. Homecare removals keep records of
Customers personal information, Employees data, e.t.c. This information is organized and
managed and stored in databases, data files e.t.c. Previous critical information is also stored. It's
Software assets:
below:
2. Financial Systems(sage)
7. Windows 7 Professional
9. Antivirus
10. content management system(WordPress) website of the company for marketing with a
Hardware assets:
Servers, desktops, Workstation computers, and notebook computers, magnetic tapes, disks,
CDs,modems, routers, fax machines, UPS, Power supplies, air conditioners e.t.c.
Viruses
Theft C Medium Low Low
SQL I Low Low Very Low
Injections
02 Data Files Malware I High Low Medium
Hacking C, I, A Medium High High
Malicious C Medium Low Low
Users
Miscellaneou A Low Low Very Low
s errors
03 Information Hardware A,I Medium Low Low
Systems Failure
Software I,A Medium Medium Medium
Failures
Natural A Medium High High
Disasters
04 Emails Phishing C High Low Medium
05 SoftwareSystems Hacking CIA Medium High High
TASK# 02
A) RISK CONTROL
Risk is the possibilities of financial loss to the business.Risk is identified to maintain the financial
loss to the organization.To identify the risk we must find out inadvertent acts, deliberate acts,
natural disasters, technical failures and management failures. Threats and their vulnerabilities are
DOWN TIME
(three-ways-system-downtime-affects-companies)
Providing patch management and anti-virus to confirm your systems area unit protected.
Malicious software is used to collect sensitive information, gain access to confidential data of
computer systems.
Malicious software is also referred to as malware. The different types of malicious software such
as adware, browser hijacking software, spyware, viruses, and also fake security software are
included in the term malware. The security of the computer and privacy is critically affected when
Virus
A virus is a malware but it cannot execute independently. It attaches itself to a program and
HACKING-- Attacks from your network which can be reduced or filtered by using IDS/IPS.
SQL Injections:
Server Failure
A server is a system which responds to the requests sent by a computer in a network to provide
The common security measures for all the servers are strong passwords, patch or
update software, backups, scanning, and so on.
The default settings of the server can leave the Websites open for an attack.
It is important to restrict and edit permissions of the users for all types of
servers.
The common security measures for all the servers are strong password,
patch or update software, backups, scanning, and so on.
Logs and monitoring tools can be used to detect the intrusions, errors or
warnings, and so on.
Phishing:
Phishing is a type of attack which results in loss of information such as credit card information,
Phishing attacks can be detected by using antivirus and firewalls. Sometimes encrypting
techniques are also used to encrypt database with secure http protocol.
b) Relevance of Cyber Essentials , 10 Steps to Cyber Security and BMIS(Business Model For
Information Security.
Although these three models have their own implications but these models share some similarities.
Awareness
Monitoring
Incident Management
Secure Configuration
User Privileges
Boundary Firewalls,
Internal Gateways
c)Encryption
Encryption is a technique which converts data into another form by using some keys patterns so
the information can be read only by the intended recipients. Many software are available that
create strong key by using algorithms so that the key cannot be decryptesd easily by other
Recommendation on encryption
1. IEEE 802.11
2. WEP
3. WPA
4. WPA2
CCMP
CCMP (CCM mode Protocol) is a protocol that implements the standards of the IEEE 802.11i. It is
an encryption protocol. CCMP is designed for Wireless LAN networks. It Uses a 128-bit key and
uses a 128-bit encryption technique. It is more secure than WEP and WPA. It Provides:
TASK # 03
NETWORK DIAGRAM
The company IT infrastructure is disjointed with several servers running different systems i.e.
Accounts system, Moveware logistic System, Domain controller for user authentication.Email is
hosted on separate server running MS exchange in the LAN.The company runs LANs in each
office, with access to the internet via router with a domain controller running Windows Server 2008
R2.The company has e-commerce site which is hosted at head office. Each office has WIFI
system, client PCs and small domain controller for authentication.Currently they are not using any
security device, protocol or anything that means there security is at risk. To make their IT
infrastructure, I recommended them to use Intrusion detection systems, Encryption technique for
secure data transfer and online backup of the data not only at ISP but also on some host cloud.
network in real time by inspecting the traffic on the wire, and generating alerts if
suspicious activities are identified. NIDS can be a regular computer running IDS software, such as
the freeware Snort, an appliance type device running proprietary software, or even a specialized
card built in to a switch or other network element as Cisco has recently introduced.
Securing Switch
Many other strategies for securing access to switch ports are available. Limiting
the MAC addresses that are permitted to communicate on the ports is key to security.
WEP and CCMP encryption techniques can be used to secure data transfer to the the access
points.
TASK # 04
Maintaining Security
Security is a process not a one off task.Homecare Removals security can be maintained by
continuously monitoring the systems.They need to perform scans on timely basis. All the systems
should be kept updated and and virus protected. Most of the employees have no awareness
regarding security measures to keep the information secured from outside threats. They do use
flash drives, personal email accounts and online storage sites for transferring data. Sometimes
thay download irrelevant files that brings malicious softwares with them. The office net should be
secured enough by implementing all possible security measures and by using intranet. In
other words,intranet is a separate world from the internet that reduces the chances that anyone
can hack into your system.It is to be ensured that server is located at secure and remote place
where not every one is allwed to get acces to he server.. Your server is your most valuable piece of
hardware and usually contains all your data and therefore should be as secure as
possible.Moreover, Workstations should also be kept secure from unauthorized access.In last
TASK # 05
Reflective Commentary
Threats bring hidden cost with them which can be more problematic for any company. Home care
Removals is already running on a tight budget. So the company must keep the security high and it
Most of the times I have gone through many security issues such as: 1) the slow working of PC
I solved all these problems by scanning my PC and sometimes by reinstalling the Operating
System.Unwanted popups can be blocked by using ad blockers and by making security of the
browser high.I recovered my email account through my phone number, security questions and by
providing some personal information.Its very necessary to keep your passwords different for your
different accounts.Otherwise If one account get hacked so, the other accounts can easily be
hacked.
If I were to start it again I will use SSL and Host Intrusion Detection/Prevention Systems to make
Bibliography
http://www.globalscape.com/whitepapers/devastating-downtime.aspx
https://www.globalscape.com: https://www.globalscape.com/whitepaper/three-ways-
system-downtime-affects-companies