User Account

All Pages

Explain the backup and recovery services

Assignment Help Management Information Sys
Reference no: EM133712561

Information Systems Security

Learning Outcome 1: Demonstrate a thorough knowledge of important security tools such as authentication, access control, and cryptographic techniques used within information systems.

Learning Outcome 2: Analyse and explain various security technologies, scanning and probing tools to master the best practices in protecting information.

The Report: You are working in a financial company called Resimac (resimac.com.au). "Resimac Group is a leading alternative lender for residential mortgages and asset finance in Australia and New Zealand, with a broad suite of competitive, award-winning products that cater to diverse customer types and needs".
The company has a small data centre in its own premises.
The company uses the cloud services of AWS and Microsoft Azure. Moreover, they use Google services.
The company is connected with Macquarie bank for borrowing money and paying back the money loans. (site to site VPN)
The company has branches in New Zealand / Auckland, in Melbourne, in Tasmania and in Perth.
The branches are connected with each other using WAN connection.
A diagram shows the network map at the end of this document.
The company setup a separate VLAN for IP telephony, so they can connect their own branches over the WAN line.
There are some web app services running in-premises such as resimac-v1.apexgroupportal.com.
Resimac implements Citrix Gateway as a Single Sign on to allow own customers accessing home loans held through other partners such as ING, AMS, StarNet, Adelaide Bank, LinkLoan and Volt.
Recently, you have been designated to work as a cybersecurity engineer. The company has already been certified with PCI-DSS, and now it is the time to certify itself with ISO27001.
You have been asked to participate in the Business Continuity Plan documentations, and mainly in Risk Management.
The risk management and analysis will help the organization to get certified with ISO27001.
There are around 35 PC's and 20 Laptops for the company's employees. The PC's are from (HP Z1 G9 Core i7 Workstation, 16GB 512GB 1TB Win10/11 Pro), while the laptops are: XPS 15 Laptop

Resimac has the following services on the cloud:

#.

Software Description

Software type

Cloud Service

1

Microsoft Active Directory

AD - Backup

Azure

2

Microsoft Dynamic 365 CRM

CRM

Azure

3

CustomerZone web App

RDS (Microsoft SQL),

S3 storage, Windows Server + IIS

AWS

4

Dashboard web App

RDS (Microsoft SQL),

S3 storage, Windows Server + IIS

AWS

5

Broker web App

RDS (Microsoft SQL),

S3 storage, Windows Server + IIS

AWS

6

Partner Branded web App

RDS (My SQL),

S3 storage, Ubuntu + Apache server

AWS

7

CustomersZone Mobile App

CustomerZone - Mobile

Google - Firebase

Resimac had the following major security incidents since 2018.

#.

Description

Attack

No. of times

Loss

1

Sniffing Citrix Gateway as MItM

MitM

15

$12,300.00

2

Unauthorized access to the customers portal system by resetting customers password

Brute Force attack

13

$6,300.00

3

Phishing emails with scam invoices

Invoice Fraud

16

$8,600.00

4

Phishing emails with scam invoices

Replay attack

14

$9,600.00

5

Sniffing company emails

Sniffing Attack

7

$11,000

6

Blocking AWS services- No WAF implemented

DDoS attack

5

$3,480.00

7

Changing DNS A records (one DNS only)

DNS poisoning

1

$1,500.00

8

Unauthorized access to the production system

Brute Force Attack

20

$16,200.00

9

SQL Injection - on Cloud and In-premise

SQL Injection

9

$12,000.00

10

APT clients attack

Malware attacks as APT's

20

$20,000.00

11

Malware attack

Viruses, Trojan, Worms

9

$15,000.00

12

Encrypting files

Ransomware

12

$11,000.00

13

Access in-premise database

Backdoor attack and stole 10,000 records

2

33,300.00

14

Access Cloud database

No White list in RDS

3

$15,000

According to the above information, you need to write around 2000 words report about the security and privacy control for federal information system. You need to complete the followings:

Use the framework addressed in NIST SP 800-53 document to conduct access control, and Risk Assessment.
List all assets available in the organization.
Choose the appropriate Acs, between AC-1-AC-25.
Describe RA-3, RA-5, and RA-6 in details

Re-draw the network design with your recommendations. For example, ePO McAfee, Anti-Spam, second firewall, SD-WAN, Zero-trust gateway, SAML with SSO, two exchange emails instead of one, encrypting data.... etc
After drawing the suggested network plan, explain the new things that you added to the network.
Add extra security services to the cloud and give that in priorities. Fr example the first year, the second year...etc

Conduct a quantitative analysis to decide whether to replace WAN with SD-WAN or not. Currently WAN is connected to all branches and costs Resimac around $3500 / Month. The failure time since 2018 was a total of 13 days and 15 hours, which cost around $35,000

Explain the backup and recovery services by explaining the Identification of control and recovery strategies.

Reference no: EM133712561

Questions Cloud

Describe each of the metrics you selected : Create a presentation in the format of your choice that does the following: Describe each of the metrics you selected.
Skin cleansing product for preoperative patients to use home : The hospital EBP Council has completed EBP initiative to determine the best skin cleansing product for preoperative patients to use at home
Facility offers numerous continuing education programs : Jared works as a certified nursing assistant at a large long-term care facility. The facility offers numerous continuing education programs,
Discuss the role of translational research : Discuss the role of translational research in advancing equitable access to healthcare and preventative services and policies based on population health.
Explain the backup and recovery services : MBIS4006 Information Systems Security, Australian Institute of Higher Education - Explain the backup and recovery services by explaining the Identification
Education department plan to use knowledge-to-action : Nurses in the education department plan to use the knowledge-to-action (KTA) framework to implement an evidence-based practice change
Current practices of blood pressure measurement frequency : Evaluate whether the current practices of blood pressure measurement frequency in the medical-surgical units is the best practice.
Resulting in blue color change to specimen : The nurse performs a fecal occult blood test (FOBT) on a client's stool specimen, resulting in blue color change to the specimen.
Completed upper gastrointestinal x-ray : A client has completed an upper gastrointestinal x-ray, small bowel series, and lower gastrointestinal x-ray.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Counterintelligence initiatives

Counterintelligence initiatives - Explain What counterintelligence initiatives might you suggest I undertake?

  How would apply mis solutions to improve this business

Choose an existing/real-world business which we did not discuss this term. Now, explain how you would apply MIS solutions to improve this business.

  Rei''s supply chain management and method of distribution

REI's Supply Chain Management/Channel/Method of Distribution - how they use supply chain management and if it works well or could it use any improvements.

  Explain each stage of the management plan

You have recently started your own software design company. You discover that your local DMV is looking to build a system that will allow receptionists to check customers in quickly. Explain each stage of the management plan and justify your ratio..

  Technology industry and research methods

Technology Industry and Research Methods - Draw at least one comparison and one distinction or contrast between the two.

  Explain the relationship of the scope of a project to work

Identify how project management improves the success of information technology projects. Explain the relationship of the scope of a project to the work breakdown structure. Use technology and information resources to research issues in IT project man..

  Should you have access to those emails and files

Should you have access to those emails and files on a personal device that is accessing the company data via a 3rd party app.

  Produce plans for quality assurance testing

ISYS324 Business Analysis Assignment Task 2. Your role in this project to do the following tasks: Produce plans for Quality assurance testing

  Suggest an effective management information system

Suggest an effective management information system for your organization a multi unitand multi product organization

  Develop a two-component mixture model for compound screening

Explain how the model is used to control the Type-I error, the False Discovery Rate, and the odds ratio.

  Analyze porters five forces model

Analyze Porter's Five Forces Model in relation to competition within the industry of That corporation

  Information system basicsyou are working with a new

information system basicsyou are working with a new employee who has experienced minimal exposure to computers or

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd