Question? Call Us  +1 (817) 546-4770

SBM4304 IS Security And Risk Management

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

SBM4304 IS Security And Risk Management

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

SBM4304 IS Security And Risk Management

0 Download12 Pages / 2,982 Words

Course Code: SBM4304
University: Asia Pacific International College is not sponsored or endorsed by this college or university

Country: Australia


Task Specifications
You should select an organisation. The organization must provide information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:

One of the most common malwares in network information systems is ransomware. Discuss the working mechanism of ransomware and illustrate any three tools your organization can use to tackle the ransomware attack.

Network devices are highly vulnerable and can be exposed. Discuss three types of threats against network routers and switches of the selected organization. Illustrate how these devices are vulnerable to destruction and abuse.

Assume the organization used Windows server 2012 to host the organization web site. Discuss how the organization can ensure the reliability and availability of the web service.

Microsoft Exchange server is used by the organization to provide email services to the staff. Illustrate the ways the organization used to ensure confidentiality and integrity for the staff email (with justification and diagrams).

Discuss and prioritize the threats and the possible types of malware and security issues related to web mail and webserver of the selected organization.

One of the primary ways to ensure IT business continuity is to provide redundancy and fault tolerance. Propose two approaches your organization can use to improve the availability of email server. Justify your answer with the support of diagrams.

Discuss the impact of employee on information security of the selected organization. Provide risk management recommendation to reduce the risk of employee.

Illustrate how the logs records including security, access, and event can be help in monitoring and analyzing the web server and email server problems.

Discuss in detail how the audit log reports can be useful for performing auditing analysis, supporting the organization’s internal investigations, and indenting operational trends and log-term problems. In particular for the email and web server issues.

Propose with justification five types of network security devices can be used to control security and mitigate threats related to the web and email servers.


The rising complexity of business operations in organizations requires equally effective measures and mitigations strategies. Managing the efficient flow of processes within an organization calls for the incorporation of constructive management strategies which plays a crucial role in ensuring that errors are minimized and a good return on investment registered. The incorporation of information technology in business operations has led to the emergence of technology aided business processes. Most organizations have since introduced the use of information systems in a bid to increase the efficiency levels of its operations. This is because information systems are vital in increasing convenience levels by producing good and accurate results within a short period of time at relatively affordable costs. Despite the advantages that come with the use of information systems in organizations, there are a number of shortcomings that accompany the use of information systems in business operations. The rise of cyber crime and the increasing number of technology experts has consistently placed organizational data at risk of intrusion. This paper focuses outlines some of the challenges associated with the use of information systems in business operations (Ashforth and Kreiner, 2010). The report also outlines a number of mitigation strategies which can be implemented in these organizations in order to enhance long lasting resolutions. The report is given with reference to Apple, one of the leading multinational technology companies.
The report seeks to address the following objectives:

To identify the various Information system assets within Apple Company as an organization that uses IS to moderate operations.
To outline the possible threats that places the organization at risk of losing its data through intrusion of the information systems.
To identify the possible mitigation strategies which can be implemented by the organization to minimize the threats and risks while enhancing the security of the systems.

This threat serves as one of the leading vices in the area of cybercrime.  Ransomware is the type of virus that attacks the systems of an organization hence hindering the users from accessing their own files (Arai, 2010). In this case, the user is required to offer a ransom in order to be allowed to open their files. The mechanism here entails the malicious access of an organization’s crucial files by unauthorized parties. Once the criminal has control over the files, the ask for ransom before allowing access.
Working Mechanism
Ransomware often get into an organization’s system through phishing emails which may contain malicious attachments and scam. Accessing and opening these mails allows the malware to access and encrypt the organization’s files. The other possible entry point is through drive-by downloading. This happens when one visits an infected cite where the malware downloads and installs itself without the knowledge of the user. Other entry methods include the social media as well as instant messaging applications.
Tools for tackling ransomware
A common tool is proper education and increase of awareness among the company workers on the threats associated with ransomware. Apple can conduct adequate training and exposure may play a crucial role in stopping the workers from accessing cites and engaging in activities that may make the organization vulnerable (Bettig, 2010).
AVGs ransomware decryption tools
The second approach involves the use of decryption tools for instance AVGs ransomware tools. This software is helpful especially after attack as it helps to decrypt and there set the affected files free from the malware.
Avast anti-ransomware tools
This tool is helpful in preventing the organization from invasions by malicious software. The antivirus resolves the risk by detecting and blocking the ransomware before they are unknowingly downloaded and installed into an organization’s system. The increasing use of social media platforms also increases an organization’s risk of invasion. It would therefore be important for Apple to install the most effective tools which would be helpful not only in detecting and blocking the entry of the virus but also by decrypting and removing the ones that are already installed (Burk and Mark, 2009).
Threats against network routers and switches
At Apple Company International, there are routers and switches which are configured to respond to Simple Service Delivery Protocols over the internet. Many attackers take advantage of these routers by creating high traffic, usually more than what would be the case using the original bandwidth. Once they interfere with the system, the attacker then use DDoS to send the malware to a third bird computer. In this strategy, the attacker sends requests which contain a spoofed Internet Protocol address to a third party computer (Dubin, 2009). The computer then sends responses to the spoofed address instead of the originally intended destination. The spoofed address is usually that of the intended victim which is Apple in this case. The third party computer can therefore be used to transfer the malicious software into the system of the intended victim.  At the same time, there are technology regulated switches within organization mostly operated by computers which contain specific encryptions fitting the purposes. Since the systems depend on computer generated instructions, there is constant access to the internet especially when there is need for updating. The malware can be downloaded into the system files in this process thereby compromising the original codes. Research indicates that through the routers and switches, the attackers launch less powerful attacks. However, the impacts that come with these attacks may end up aggravating hence the need for the right mitigation strategies.
Ensuring reliability and availability of web service
Reliability of a web service involves the tendency of a web service to remain effective in serving the interests of the users. This therefore implies that the interface ought to be user friendly and its access should not be accompanied by infections from malicious software. To enhance a reliable web service, Apple Int. needs to develop a platform in which the users obtain high levels of satisfaction with minimal errors. On the other hand, web service availability implies the web uses should be in a position to speedily access the contents of the web services. This indicates that for Apple to achieve effective web service availability, accessing the platform should not be hindered heavy traffic. Apple Company being an international organization has a huge number of users who depend on its web service. The service ought to involve an efficient interface where users take the shortest time to gain access and obtain the required information about the company (Goldstein and Reese, 2010).
The overview above describes reliability and availabity of a web service based on the ease and speed with which the interface can be accessed. However, a web service is considered reliable when the individuals who access it are not at risk of infection from malicious software. In order to enhance the reliability and availability of its web service, the organization needs to install a running database. This approach involves configuring a reliable messaging service which ensures that the connection and interaction strictly remains between the server and the client. This prevents invasion from third parties hence minimizing any associated risks when it comes to accessing these sites. At the same time, web service availability can be enhanced by changing the width or database columns. This is because the nature of bandwidths used in designing a web service has a special influence on ease of access. Adequate data base columns minimize congestion which in turn improves convenience (Greenhalgh and Rogers, 2010).  
Confidentiality and Integrity of Staff email
There are a number of strategies which the organization can install to ensure that the confidential and integrity of staff email is maintained at all times. To begin with, there is need for staff training on security awareness. This approach enables the staff to engage in email interactions that involve the least risk of infection. Secondly, the organization should implement and maintain access control mechanisms through effective password and resource management. This ensures that each staff member has absolute access to their logging details (Johnason, 2010). These details must never be shared with any other individual as this leads to a breach in the privacy requirements.
The organization also needs to establish dependable identification and authentication methods. This can be achieved by having the details of the staff members stored in a database and only retrieved in occasions when authentication is required and absolutely at the request of the user. The last strategy that can be put in place to enhance confidentiality of staff emails is by installing and using effective devices which are free from infection by any unwanted software. For instance, when the sending of emails is done be don through a computer device, the organization needs to install the right anti-virus tools which are vital in shielding the staff and other device users from attacks and related risks (Klerck, 2009). In a nut shell, it is the core mandate of the organization to protect its users by installing systems which have proven effectiveness in eliminating the threats associated with sending and receiving emails.
Types of malware and security issues related to email and Webserver
Ransomware: Cyber criminals use malicious attachment to lure email users into downloading and installing malware into their systems. The malware then attacks and affects files within the system leading to security issues within the organization. This type of malware encrypts files before demanding fees to enhance restoration.
Phishing: This involves the use of malicious and majorly psychological manipulations to lure victims into issuing crucial information about them which the criminals then use for malicious purposes.
Spoofing: In this case, hackers use addresses which are very similar to the legitimate ones hence deceive their victims into using them. This form of malware invasion occurs mainly because email lack effective address authentication mechanism
Whaling: This is a cyber criminal strategy which is mainly aimed at invading big companies. The type of system invasion is also referred to as business email compromise. The attacker sends an email to an individual within the organization giving instructions that are capable of effecting a transaction. The various types of malware have been arranged in order of increasing priority which implies that whaling poses the biggest security threat to business organizations. In addition to losing grip of crucial information, the organization incurs losses in large amounts as a result of business email compromise (Schechter, 2010).
Approaches to improve server availability
There are various approaches which can be used to enhance server availability. In this case, we highlight two of these. The first approach involves eliminating single points of failure. This strategy involves identifying the specific areas within the system which hinder its effective performance. These points of failure are then eliminated and replaced with more efficient ones. The diagram below indicates a simplified system with each component strategically placed. This structure makes it easy to identify and hence eliminate the points of weakness.
The second approach involves implementing geographic redundancy. In this strategy, the organization can enhance the availability of the web service by hosting its application in two different geographical areas. To enhance high performance, the application ought to be hosted at a position that is geographically close to the end users and consumers. This method does not only provide an effective alternative in case a link fails but also contributes in the general improvement in the performance of the system.
Use of log records
As a strategy for enhancing the performance of web and email servers,  an organization may use the approach of log records to monitor past activities and hence not the areas that require the necessary adjustment. Log records are obtained when the application is configured to record activities within a given time base. These logs are then stored in retrievable databases hence can be user at a later level especially during analysis. Log records play a crucial role in helping the organization to identify the specific points of weakness which are some of the causes of server problems.
Audit log reports are crucial in enhancing analysis and monitoring. As a mitigation strategy to ensure reliability of web and email servers, noting the points of weakness ought to be followed by constant updating of the system (Schechter, 2010). In order to effectively achieve this, it is vital to perform the necessary system audits which go a long way in helping an organization to note the specific components of the system that may require adjustment of overhaul. Audit log reports offer important facts which when retrieved and analyzed places the organization in a better position to effectively manage the issues related to its information system security.
Impact of human factors on IS related security risk and management
Information systems generally involve operations that revolve around people within an organization and its surrounding. This there reveals that there are a number of human factors which have either a direct or indirect impact on management of information systems, security issues and related risks.
To begin with, the confidentiality of data and crucial information about an organization majorly depends on the integrity of the people with the organization. Authentication and security mechanism require that individuals ought to treat confidential information with the right sensitivity. This prevents attackers from gaining access into the system. If there is a traitor within an organization who as well has crucial data regarding the information systems then the security of such systems become threatened (Klerck, 2009).
Secondly, the number of people using a particular interface influences the level to which the system’s security can be maintained. A system accessed by many individuals may often be prone to attacks especially in cases where the established measures are not as effective as required. In addition to enhance system availability, there is need for effective management strategies which ensure that the number of individuals using a system at a given time is properly controlled through valid security measures (Klerck, 2009).
Lastly, the success of risk and system security management depends on the willingness of people especially workers within an organization to embrace the organization’s stated security policies and regulations. The policies are only effective when each stakeholder remains commitment and supportive to their implementation. In a nut shell, individual and corporate behaviors among people within an organization have a special way of influencing the extent to which risk management strategies shall be achieved.
Proposed Network security devices
To enhance system security, there is need to have the most effective security devices which do not only prevent invasion by malware but also undo the ones that have been accidentally installed into the system (Dubin, 2009). The following are the proposed security devices:
Firewalls: These are applications which are installed into the system to regulate the sites and addresses which can be accessed or responded to by the user. Firewalls are crucial in blocking the intrusion of malicious software into a system.
Antivirus scanning device: This devices is essential in the detection of unwanted software through scanning, the devices is able to identify the files and applications whose inclusion into the system may threaten the security. The device doesn’t only identify the malware but also blocks their entry hence securing the email and web servers.
Penetration testing device: This device is used to gain access to the system peripherals to aid in detecting the system problems and their possible causes. Once the anomaly has been identified, the organization can then establish the effective mitigation strategies aimed at enhancing system performance.
Vulnerability assessment appliance: The device works on the same principle as the penetrating devices. Through scanning, the device is able to point out the prevalent system issues before delivering the necessary counter strategy.
Intrusion detector: This device identifies the applications and elements whose interaction with the system may pose security threats. Intrusion detectors are helpful in identifying the malicious attachments usually sent through emails with the core intention of hacking a system.
System security is a crucial requirement in successful management. This is because a secure system has a central influence on the flow of other processes within the organization. Identifying the various aspects which compromise system security is a step in the right direction. Apart from highlighting the information system security issues, the report also details the various mitigation strategies which can be implemented to obtain long lasting solutions. The details of the report would therefore be important for a manager seeking to enhance the performance of their systems by minimizing the related security threats.
To enhance information system security and risk management, the organization should:

Conduct training on security awareness which improves staff commitment to security enhancement.
Implement and also maintain the most effective mechanisms of access control.
Develop and establish policies and standards as well as guidelines on security related strategies.
Establish the right change control procedures to help in improving the weak points of the system.

Ashforth, B and Kreiner, G. (2010). How can you do it? Dirty work and the challenge of constructing a positive identity. Academy of Management Review, 24(3), p. 413-434.
Arai, H. (2010). Intellectual Property Policies for the Twenty-First Century. The Japanese Journal of Experience in Wealth Creation, 2(1), p. 23-24.
Bettig, R. (2010). Critical Perspectives on the History and Philosophy of Copyright” The Political Economy of Intellectual Property, 2(1), p. 9.
Burk , L and Mark, A. (2009).  The Patent Crisis and How the Courts Can Solve It. US: University of Chicago Press.
Dubin, R. (2009). The World of Work: Industrial Society and Human Relations. Englewood Cliffs: Palgrave.
Goldstein, L and Reese, R (2010). Copyright, Patent, Trademark and Related State Doctrines: Cases and Materials on the Law of Intellectual Property. New York: Foundations.
Greenhalgh, C and Rogers, M (2010). Innovation, Intellectual Property, and Economic Growth. New Jersey: Princeton University Press.
Johnason, P. (2010). Human resource management in changing organizational contexts.  Human resource management. 2(1), p. 19-37.
Klerck, G. (2009). Industrial relations and human resource management.  Human resource management. (1), pp. 238-259.
Schechter, R. (2010). Intellectual Property: The Law of Copyrights, Patents and Trademarks. New York:Wadsworth.

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.


Yes, alert me for offers and important updates


Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 12 pages


*The content must not be available online or in our existing Database to qualify as

Cite This Work
To export a reference to this article please select a referencing stye below:


My Assignment Help. (2021). IS Security And Risk Management. Retrieved from

“IS Security And Risk Management.” My Assignment Help, 2021,

My Assignment Help (2021) IS Security And Risk Management [Online]. Available from:[Accessed 18 December 2021].

My Assignment Help. ‘IS Security And Risk Management’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. IS Security And Risk Management [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from:

.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}


Thank you for your interest
The respective sample has been mail to your register email id


$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1

Account created successfully!
We have sent login details on your registered email.



Often times, students face problems with how to start a paper. Sometimes, they have no prior knowledge of paper writing conventions or how to place the arguments or cite facts and information. Despite being taught by teacher, many falter and in turn mess with their grades. Hire our experts to know how to write a research papers, create a research paper template paper outline and even draft the entire paper from a scratch. Certain things are not be experimented when grades are at stake and a research paper is offcourse not a thing to be tried like a novice. Get seasoned help from those who have helped students ace grades in research papers for past 10+ years.

Latest Management Samples

div#loaddata .card img {max-width: 100%;

MPM755 Building Success In Commerce
Download :
0 | Pages :

Course Code: MPM755
University: Deakin University is not sponsored or endorsed by this college or university

Country: Australia

The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…

SNM660 Evidence Based Practice
Download :
0 | Pages :

Course Code: SNM660
University: The University Of Sheffield is not sponsored or endorsed by this college or university

Country: United Kingdom

Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :

Course Code: BSBHRM513
University: Tafe NSW is not sponsored or endorsed by this college or university

Country: Australia

Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :

Course Code: MKT2031
University: University Of Northampton is not sponsored or endorsed by this college or university

Country: United Kingdom

Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :

Course Code: MN506
University: Melbourne Institute Of Technology is not sponsored or endorsed by this college or university

Country: Australia

An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 


Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

PROJ6016 Employer Based Project

Free Samples PROJ6016 Employer Based Project .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PROJ6016 Employer

Read More »

PPMP20009 Marking Rubric

Free Samples PPMP20009 Marking Rubric .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PPMP20009 Marking Rubric

Read More »