Delivery in day(s): 3
COIT20249 Professional Skills in Information Communication Technology
1.1 Purpose and Objective
The purpose of this report is to understand the significance of the network and information security. The goal is to pull off the concentration from the triple bottom line aspects that are social, environment and economic to the bottom line aspect that is economic aspect. This is required in order to meet the network and security requirements of the small scale organisation that doesn’t have big budget. The goal is to reduce the changes of malware attacks and enhance the security of the information. The objective of this report is to diversify the businesses of the organisation that is a small scale organisation of Melbourne and was established around 5 years ago. The name of the organisation is “Software Hub” which provides software applications that is specialised in the network and information security aspects. The goal is to expand the scope of the organisation in order to expand its businesses in the upcoming years. The organisation Software Hub is a medium scale organisation that has come into existence from the last five years and now planning for its expansion within the next five years.
The methodology utilised for the collection of information for this report is quite advanced and up to date. As the secondary sources is used for the process of gathering the information which is quite confined and clear. The peer reviewed journals along with the professional and industrial applications will be utilised to evaluate the feasibility of this case study.
The outline of this report which is in relation to the network and information security technologies is the advancement in field of security through which the small scale organisation requirements of security is met within their available budget and time frame.
The information and network security is to maintain the security in order to enhance the efficiency of the applications. Software hub customises and develop the software for the different organisations either it is medium or small scale organisations (Axelrod, 2012).
2.1 Network Security
It is term that describes the procedures and steps that are implemented or executed by the network administrator in order to prevent the unauthorized access or denial the access/attacks by the unknown sources. The administrator of the network ensures the security of the network by making formulations and modifications in the network resources (Azka, et al., 2017).
2.2 Information Security
It is in relation with preserving the information of the organisation. The security of the sensitive and confidential information is required in order to maintain the client’s trust along with the prestige of the Software Hub and other organisations. It constitutes of the processes through which the chances of malware attacks and threats is reduced and prevented at some extent (D. Ju. Chaly, et al., 2015).
The security aspects of the network and information security involve the prevention of unauthorised access, detection and prevention of threats. It establishes that kind of processes in the business through which the network and information assets of the Software Hub are protected (Essaaidi, et al., 2012).
3. Development in the Information and Network Security
The growth and development of the internet and technology enhances the usage of the online services. In this new era of modernization, every organisation is utilising online services for the purpose of processing and exchanging its data. The collection and exchange of data is possible with the use of online services. The information could be confidential and sensitive thus it is required to ensure the security of the information and network. The network is via which the exchange of information takes place and the information is the knowledgeable sensitive business data (Fan, et al., 2017).
The development in the information and network security is a significant process through which the business processes of the Software hub are improved by adopting effective processes. These processes not only support in preventing the chances of the malware and ransom ware attacks but it also enhances the protection of the information and network assets. The advancement in the technology leads to the incorporation of several security prospects of the organisation. The user-behaviour analytics, effective training and learning programs support in improving the security features of the company. The techniques for preventing the loss of data support in minimizing the cyber attacks. Artificial learning and machine learning are some of other advance approaches through which the security of the system is enhanced (Izadi, et al., 2014).
4. Current Applications of Network and Information Security
The current applications in the market that are utilising advance technology in order to ensure its network and information security. The security of the business data is essential as it includes the sensitive and confidential data, if that would be leaked than the prestige of the company will get reduced at major extent. The transfer of the information takes place through the network, the enhanced security of the network could be maintained through the effective usage of the advance strategies and technologies (Nazir, et al., 2013).
4.1 Electronic health record applications in the health care industry
It is an application that consists of the information of the patients and about their treatments. It is the electronic health record that means online records of the patient’s details that is required to be processed effectively. The authorized access process of the system enhances its security. It cannot be logged in by the unauthorized user. It prevents the access of the unwanted and fraud individuals who are in plan of tracking and stealing the information of the hospital. It is required to maintain the security of the information of the hospital for the prestige of the organisation. The heath care industry concentrates on the customisation of in-house applications as these online applications provide easiness in its process of tracking and managing the record of the patients (Orr Hirschauge, 2015).
4.2 Content management system utilisation in the website maintenance
The content management system helps in improving the personalisation of the content of the website. The effective analysis of the requirements of the website helps in enhancing its look and feel. The look and appearance matter in terms of catching the attention of the clients. It also supports in effective management and controlling access of the applications. The access control prevents the malware and unwanted attacks through which the security requirements of the website are enhanced (Tardive, 2015). It is utilised by the web developers and several organisations promoted their businesses online through the websites. CMS software applications supports in enhancing the network security. It effectively identifies the potential risks of the websites and minimizes it at some extent. The website maintenance industry has the concentration on customising off-the-shelf applications as it provide effective formulizations of the website content and enhance its security and performance (Farahmandian, 2016)
4.3 Use of ISSRM Domain model in field of managing risk of the system software
The ISSRM Domain model is used for the effective detection, prevention and mitigation of the risk of the system. The system software developed by the organisations either at the small scale, medium scale or large scale organisations is consisting of threats and vulnerabilities that are mitigated with the effective utilisation of the ISSRM Domain Model. The ISSRM Model is ensures the availability, reliability and integrity of the information. It takes care of the confidentiality of the business data and helps in enhancing the benefits of the organisations. This model is used for the effective management of the risk and the risk treatment strategies adopted by this model helps in reducing the risk of the system software and enhancing the efficiency of it. The ISSRM Domain is in current trend of the market as it is an effective model for ensuring the security of the application. It is utilised by the software industry that focuses on the customization of both the in-house and off-the-shelf applications (Thurm, 2014).
5. Adoption and Utilisation of the Applications
Software Hub is in the market since five years and for its expansion in the next five years, the company requires to adopt the advance technology and security techniques through the security prospects of the organisation is improved. The Software Hub develops and customizes the application and software for the medium and small scale organisations. If it provides the cost effective software to the organisation with the integration of network and information security features than it is an advantageous not only for those organisations but it helps the Software Hub in its growth and expansion (Vaseashta, et al., 2014).
1. The use of authorized access and encryption techniques in the development of the software helps in preserving the confidentiality and reliability of the information.
2. The adoption of the perception of electronic health record application that is consisting of the authorized access helps in preventing the unauthorized access. The usage of this idea supports in detecting the threats and supports in mitigating it at some level.
3. The use of the content management system software application helps in effectively managing the network and security requirements of the site. The adoption of this application by the Software hub helps the organisation in making more clients as it manages the information and network security requirements at low cost. The effective and easy processing of the content and user friendly approaches of this solution helps in the expansion of the organisation (Wood, 2014).
4. The adoption and use of the ISSRM Domain Model by the Software helps the Software Hub it its development. The uses of this model is in reducing the threats, mitigating the risk, adopting the effective risk treatment strategy and much more. It enhances the efficiency of the application and makes it more advanced and secure. The information and network security requirements of the application is effectively managed and processed by this model (Yudichev, & Gorjunov, 2015).
The effective utilisation of these strategies that are mentioned above helps the Software Hub in achieving its target. It supports in its expansion and ensure the security requirements of the applications and software for the small scale organisation which are concerned about the economic aspects of the security. It also met the needs for the software of the medium scale organisations and keep on diversifying its businesses by making formulations in it (Zhang, 2011).
6. Advantages and Disadvantages of the solutions
The advantages and disadvantages of the solutions are as follows:
The advantages of the advanced solutions that are CMS, ISSRM Domain Model and Health Record application are given below:
1. Authorized access prevents unwanted use of the applications and software by the hackers or dubious individuals.
2. Risk and threat mitigation (Aven & Zio, 2014)
3. Security of the network and information by the use of effective strategies.
4. Cost effectiveness
5. Integrity, reliability and availability of the sensitive data (Dang-Pham, et al., 2017)
The disadvantages of the solutions are as follows:
1. Issues with the traceability of risk management plan.
2. Ineffective risk treatment strategies don’t eliminate the complete risk of the software application.
3. The easy passwords in the online record applications increase the chances of data leakage and hamper the security of the business data (McCormac, et al., 2017).
7. Propose Potential Solutions
Potential solutions for reducing the limitations of the applications in order to enhance its effectiveness for the expansion of the Software hub are as follows:
1. Usage of Advance technology
2. Effective training program and appropriate recruitment of skilled employees who are specialists of maintaining the information and network security
3. Strong passwords that must consists of small letters, capital letters, numbers and a special character which should be more than 8 letters.
4. Effective usage and adoption of risk treatment strategies through which the threats of the software is reduced (Marsa-Maestre, et al., 2013).
The considerations vary with the change in the industry. The considerations that the Software hub considers for maintaining its prestige that supports in building the trust of the client and helps in its expansion are given below:
The clients of the Software hub don’t believe much in ethics. The ethical consideration of this organisation is preserving the confidentiality of the information of the clients.
The social consideration is the sustainability in its business processes.
It follows the privacy act and employment act. The consideration of these legal rules and regulation enhances the prestige of the company (Aven & Zio, 2014).
It has been concluded with this report that the network and security requirements for both the in-house and off-the-shelf applications are an important aspect of the customization and development of the software applications. The report focused on maintaining the confidentiality, availability and integrity of the business data with the usage of advance technology and applications through which the organisational businesses are expanded in terms of security of the network and information, productivity and profitability.
9.1 Restating purpose
The purpose of this report was to provide the effective solutions through which the network and information security of the software applications could be enhanced. The goal that has achieved is the availability of the advance techniques and applications through which the development of the business processes of the Software hub could be made possible.
9.2 Key Issues
Key issues that have been stated while conducting the research for this report is to effectively maintain the security aspects at low cost. The limitation of the budget sometimes reduces the efficiency of the software applications. The weak authentication techniques and less efficient risk treatment strategies reduce the chances of mitigation of threats and vulnerabilities (Aven & Zio, 2014).
9.3 Findings and its significance
The finding of this report is the advanced methodologies and applications that supports in ensuring the security of the information. The applications provided in this report helps in the effective processing of the data through which the exchange of data has been possible in a secure way. The extraction and collection of data becomes easy through the adoption of the propose solutions. The customization and development of the software in an effective manner has been achieved in this report. The findings of this report are significant in several manners as it enhances the security features of the applications and fulfils the requirements of the medium and small scale organisations.
The recommendations and the suggestions are provided in order to expand the businesses of the Software Hub. It requires focusing on the economic aspect rather than the entire social, economic and environment aspects of the software application. The need of the small and medium scale organisations that are clients of the Software Hub is to have the software applications that maintain the security and information requirements within the provided budget. The suggestions are in favour of improvising the security requirements of the system through which the advancement of the Software hub is achieved within the next five years.
The recommendations for improving the development process of the Software Hub by making modifications in the propose solutions are as follows:
1. It is recommended that the company effectively uses advance technologies and strategies in a sustainable manner.
2. The strong authentication techniques are required for the protection of the information.
3. The development and customization of the software is achieved at low cost with the fulfilment of network and information security requirements of the software.
4. Adoption of appropriate risk management plan along the effective risk treatment strategies helps in reducing threats and vulnerabilities of the software applications.
Abbass, W., Baina, A. & Bellafkih, M. (2016). Improvement of information system security risk management. IEEE.
Aven, T., & Zio, E. (2014). Foundational Issues in Risk Assessment and Risk Management. Risk Analysis, 34(7), 1164-1172.
Axelrod, C. (2012). Engineering Safe and Secure Software Systems (Artech House information security and privacy series Engineering safe and secure software systems). Norwood: Artech House.
Azka, S Revathi, & Angelina Geetha. (2017). A Survey of Applications and Security Issues in Software Defined Networking. International Journal of Computer Network and Information Security, 9(3), 21-28.
D. Ju. Chaly, E. S. Nikitin, E. Ju. Antoshina, & V. A. Sokolov. (2015). End-to-end Information Flow Security Model for Software-Defined Networks. Modelirovanie I Analiz Informacionnyh Sistem, 22(6), 735-749.
Dang-Pham, D., Pittayachawan, S., & Bruno, V. (2017). Applying network analysis to investigate interpersonal influence of information security behaviours in the workplace. Information & Management, 54(5), 625.
Essaaidi, Ganzha, Paprzycki, Ganzha, M, Paprzycki, M, & NATO Science for Peace Security Programme Content Provider. (2012). Software Agents, Agent Systems and their Applications (NATO Science for Peace and Security Series D: Information and Communication Security). Amsterdam: IOS Press.
Fan, Z., Xiao, Y., Nayak, A., & Tan, C. (2017). An improved network security situation assessment approach in software defined networks. Peer-to-Peer Networking and Applications, Peer-to-Peer Networking and Applications.
Farahmandian, S. & Hoang, D. B. (2016). Security for software-defined (cloud, sdn and nfv) infrastructures – issues and challenges. Computer Science & Information Technology, 6(15), 1-12.
Izadi, M. & Taghva, M. R. (2014). Identification and study of the relationship between factors and dimensions affecting the security of developed information systems using service-oriented architecture. Iranian Journal of Information Processing & Management, 30(1), 285-305.
Marsa-Maestre, De La Hoz, Gimenez-Guzman, & Lopez-Carmona. (2013). Design and evaluation of a learning environment to effectively provide network security skills. Computers & Education, 69, 225-236.
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017). Individual differences and Information Security Awareness. Computers in Human Behavior, 69, 151.
Nazir, Shah, Shahzad, Sara, Nazir, Muhammad, & Rehman, Hanif Ur. (2013). Evaluating Security of Software Components Using Analytic Network Process. Frontiers of Information Technology (FIT), 2013 11th International Conference on, 183-188.
Orr Hirschauge. (2015). WSJ.D Technology: Firewall Pioneer on Defensive --- Check Point Software recognizes growing challenges in network- security industry. Wall Street Journal, p. B.5.
Tardive, G. (2015). 5 reasons to use a content management system. Three Design.
Thurm, S. (2014). CIO Network (A Special Report) --- Information Security? What Security? Ted Schlein on how corporate networks are not nearly as secure as companies think they are. Wall Street Journal, p. R.4.
Vaseashta, A., Susmann, P., Braman, E., & NATO Advanced Research Workshop on Best Practices Innovative Approaches to Develop Cyber Security Resiliency Policy Framework. (2014). Cyber Security and Resiliency Policy Framework (NATO Science for Peace and Security Series - D: Information and Communication Security). Burke: IOS Press.
Wood, M. (2014). Augmenting Your Password-Protected World. The New York Times, p. B6.
Yudichev, R., & Gorjunov, M. (2015). Evaluation and Ranking Functionality of Information Security Tools of Virtualization Software. Automation and Control in Technical Systems, 0(1), 92.
Zhang, F. & Zhang, W. (2011). The application and study of information security technology based on general software platform. Electrical and Control Engineering (ICECE), 2011 International Conference on, 879-881.