IT Risk Management
VerifiedAdded on 2023/04/21
|13
|3585
|456
AI Summary
This document provides an overview of IT risk management and its importance in ensuring the security and integrity of data in an organization. It discusses the risk assessment process, categorized risks, threats, and vulnerabilities, as well as mitigation strategies. The document also includes a literature review on protection mechanisms, such as multi-factor authentication, to enhance system security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student:
Name of the University:
IT Risk Management
Name of the Student:
Name of the University:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IT RISK MANAGEMENT
Executive Summary
Software House is such a company which is provided internet based solutions to make
improvement in the business functions. The organization is provided with applications support to
the clients. In the organization, code furthermore credentials is accumulated on servers, which
are openly available via the Internet. The organization has a significant venture in this data,
therefore both integrity as well as confidentiality is required in the organization. Staffs can
manage server infrastructure, however management is rather lacked with many public
transversely the organization deliberating organizational passwords. The possible risks in the
organization are infrastructure, services and data, supervision, security, backup furthermore
failure recovery and network moreover physical location. There are also risks of individual
workstations and passwords. Within the organization, there is also no formal on boarding and off
boarding processes and there is close to no such organizational polices within the organization.
The risks are categorized based on software related risks, network and database based risks. It is
required that the organization can direct risk assessment for both system and client. The risk
assessment can manage risks and then reduce then based on their impact on the selected
organization. A future planning is needed in the internet based system as risks and vulnerabilities
can create problem to the system.
Executive Summary
Software House is such a company which is provided internet based solutions to make
improvement in the business functions. The organization is provided with applications support to
the clients. In the organization, code furthermore credentials is accumulated on servers, which
are openly available via the Internet. The organization has a significant venture in this data,
therefore both integrity as well as confidentiality is required in the organization. Staffs can
manage server infrastructure, however management is rather lacked with many public
transversely the organization deliberating organizational passwords. The possible risks in the
organization are infrastructure, services and data, supervision, security, backup furthermore
failure recovery and network moreover physical location. There are also risks of individual
workstations and passwords. Within the organization, there is also no formal on boarding and off
boarding processes and there is close to no such organizational polices within the organization.
The risks are categorized based on software related risks, network and database based risks. It is
required that the organization can direct risk assessment for both system and client. The risk
assessment can manage risks and then reduce then based on their impact on the selected
organization. A future planning is needed in the internet based system as risks and vulnerabilities
can create problem to the system.
2IT RISK MANAGEMENT
Table of Contents
1.0 Introduction................................................................................................................................3
2.0 Risk assessment process............................................................................................................3
3.0 Categorized risks, threats and vulnerabilities............................................................................5
4.0 Risk severity matrix...................................................................................................................7
5.0 Threat agents of the risks...........................................................................................................7
6.0 Impact on system.......................................................................................................................8
7.0 Mitigating the risks....................................................................................................................8
8.0 Literature review (Protection mechanism)................................................................................9
9.0 Conclusion...............................................................................................................................10
References......................................................................................................................................11
Table of Contents
1.0 Introduction................................................................................................................................3
2.0 Risk assessment process............................................................................................................3
3.0 Categorized risks, threats and vulnerabilities............................................................................5
4.0 Risk severity matrix...................................................................................................................7
5.0 Threat agents of the risks...........................................................................................................7
6.0 Impact on system.......................................................................................................................8
7.0 Mitigating the risks....................................................................................................................8
8.0 Literature review (Protection mechanism)................................................................................9
9.0 Conclusion...............................................................................................................................10
References......................................................................................................................................11
3IT RISK MANAGEMENT
1.0 Introduction
The technical analysis report is based on analyzing the technology environment of small
software house. The software house is working in the inventive software which is planned to
advertise the products in near expectations. With use of the internet, the code and documentation
is being stored on the servers. As the small software house is invested in data, then integrity as
well as confidentiality is most important for the organization. The organization desires to
enhance their customer business with usage of internet.
The report analyzes possible risks and threats which can cause due to usage of the
information system. The possible risks in the organization are related to infrastructure, services
and data, supervision, security, backup furthermore failure recovery and network moreover
physical location. There are also risks of individual workstations and passwords. Therefore, the
report analyzes risks, threats, attacks and security vulnerabilities which are caused in small
software house organization. In this report, the author discusses risk assessment process, risk
severity matrix, threats of identified risks and mitigation of the risks. It also analyzes protection
mechanism in form of the literature review.
2.0 Risk assessment process
Reason (2016) stated that risk assessment is a process to evaluate the risks to safety as
well as health of the workers from the workplace hazards. There are five steps to the risk
assessment which is followed to make sure that the risk assessment is to be carried out
effectively such as:
Identify the risks: The project risks are being identified from the usage of the internet in
the organization (Harrison & Lock, 2017). Identification of the risks is done by analyzing the
entire business functions of small software house such as infrastructure, services and data,
supervision, security, backup furthermore failure recovery and network moreover physical
location, workstations in addition to passwords.
1.0 Introduction
The technical analysis report is based on analyzing the technology environment of small
software house. The software house is working in the inventive software which is planned to
advertise the products in near expectations. With use of the internet, the code and documentation
is being stored on the servers. As the small software house is invested in data, then integrity as
well as confidentiality is most important for the organization. The organization desires to
enhance their customer business with usage of internet.
The report analyzes possible risks and threats which can cause due to usage of the
information system. The possible risks in the organization are related to infrastructure, services
and data, supervision, security, backup furthermore failure recovery and network moreover
physical location. There are also risks of individual workstations and passwords. Therefore, the
report analyzes risks, threats, attacks and security vulnerabilities which are caused in small
software house organization. In this report, the author discusses risk assessment process, risk
severity matrix, threats of identified risks and mitigation of the risks. It also analyzes protection
mechanism in form of the literature review.
2.0 Risk assessment process
Reason (2016) stated that risk assessment is a process to evaluate the risks to safety as
well as health of the workers from the workplace hazards. There are five steps to the risk
assessment which is followed to make sure that the risk assessment is to be carried out
effectively such as:
Identify the risks: The project risks are being identified from the usage of the internet in
the organization (Harrison & Lock, 2017). Identification of the risks is done by analyzing the
entire business functions of small software house such as infrastructure, services and data,
supervision, security, backup furthermore failure recovery and network moreover physical
location, workstations in addition to passwords.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4IT RISK MANAGEMENT
Assess the risks: Once the risks are being identified, there is assessment of system risks.
The assessment of risk is examined with characteristics of the hazardous task to assess the
possible risks (Laudon & Laudon, 2016). The risks are categorized by means of risk severity.
Control the risks: The way to control the system risks are being ranked from high level
of protection as well as low reliability, which is identified as hierarchy of the control. The risk
manager can eliminate hazards that are most effective to control the risks. Measurement of the
project risks is used to lessen the chances of risk occurrence (Soomro, Shah, & Ahmed, 2016).
Monitoring system is used to identify possible project risks.
Review and update the risk assessment: The possible risks and resultant controls modify
quickly in the business environment. It is required for the company to inform the risk assessment
to acclimatize modifications in the project work. Risk assessment tools are used to develop and
update the risks (Peltier, 2016).
Elimination of risks: The system risks are mitigated and eliminated by use of risk
management tool such as risk management matrix so that possible actions are taken to reduce the
risks. All the project risks are mitigated before it provides a huge effect on the company.
Elimination of the risks is planned for enhancement of the security (Nazareth & Choi, 2015). The
risk mitigation strategies help the company to offer security to the system against possible
system risks.
Assess the risks: Once the risks are being identified, there is assessment of system risks.
The assessment of risk is examined with characteristics of the hazardous task to assess the
possible risks (Laudon & Laudon, 2016). The risks are categorized by means of risk severity.
Control the risks: The way to control the system risks are being ranked from high level
of protection as well as low reliability, which is identified as hierarchy of the control. The risk
manager can eliminate hazards that are most effective to control the risks. Measurement of the
project risks is used to lessen the chances of risk occurrence (Soomro, Shah, & Ahmed, 2016).
Monitoring system is used to identify possible project risks.
Review and update the risk assessment: The possible risks and resultant controls modify
quickly in the business environment. It is required for the company to inform the risk assessment
to acclimatize modifications in the project work. Risk assessment tools are used to develop and
update the risks (Peltier, 2016).
Elimination of risks: The system risks are mitigated and eliminated by use of risk
management tool such as risk management matrix so that possible actions are taken to reduce the
risks. All the project risks are mitigated before it provides a huge effect on the company.
Elimination of the risks is planned for enhancement of the security (Nazareth & Choi, 2015). The
risk mitigation strategies help the company to offer security to the system against possible
system risks.
5IT RISK MANAGEMENT
Figure 1: Risk assessment process
(Source: Nazareth & Choi, 2015, pp-129)
3.0 Categorized risks, threats and vulnerabilities
Following are the risks, threats and vulnerabilities which are identified in the small
software house business organization such as:
Infrastructure risks: The small software house is used amount of servers to achieve the
core business. The risk is that the servers are not administration with newest operating system
along with it is not being patched. The machines are publicly accessible to address and it can
access starting the internet. There is no such continuation of both hardware and software as some
of the servers are more than five years older such as Sparc Station. Therefore, proper
maintenance of those servers is not done in the organization.
Services and data risks: The data are gathered on disks in numeral of various boxes. The
organization has internet occurrence via web page as well as mail server. It is assumed that there
is no such redundancy or be unsuccessful over the disks, therefore when the disk goes bad, then
there is loss of data along with the service linked with it goes fail. When there is susceptibility in
the data by which the attacker can access to the devices along with there is transform in value.
The privacy of data is compromised over the organizational network. Each of the devices used in
this network should have own security terms and conditions.
Administration threats: Most of the staffs those are working in the association know root
and government passwords to the network servers. With use of telnet and rsh, the direction of
hosts is being performed via the network tools. Administrators perform bad job while
administrating the machines as the disks are filled and there is lot of active but unused accounts.
System administration in the organization is a high risk. External hackers are being compromised
the desktop machines. The administrators are convinced that the servers are not negotiated yet.
As the host is negotiated, then administrators disable hack and carry on to permit the machine to
be used.
Security risks: Small software house has no firewall and security system so that it can
protect the system and network from being hacked. The services which are accessible by the
Figure 1: Risk assessment process
(Source: Nazareth & Choi, 2015, pp-129)
3.0 Categorized risks, threats and vulnerabilities
Following are the risks, threats and vulnerabilities which are identified in the small
software house business organization such as:
Infrastructure risks: The small software house is used amount of servers to achieve the
core business. The risk is that the servers are not administration with newest operating system
along with it is not being patched. The machines are publicly accessible to address and it can
access starting the internet. There is no such continuation of both hardware and software as some
of the servers are more than five years older such as Sparc Station. Therefore, proper
maintenance of those servers is not done in the organization.
Services and data risks: The data are gathered on disks in numeral of various boxes. The
organization has internet occurrence via web page as well as mail server. It is assumed that there
is no such redundancy or be unsuccessful over the disks, therefore when the disk goes bad, then
there is loss of data along with the service linked with it goes fail. When there is susceptibility in
the data by which the attacker can access to the devices along with there is transform in value.
The privacy of data is compromised over the organizational network. Each of the devices used in
this network should have own security terms and conditions.
Administration threats: Most of the staffs those are working in the association know root
and government passwords to the network servers. With use of telnet and rsh, the direction of
hosts is being performed via the network tools. Administrators perform bad job while
administrating the machines as the disks are filled and there is lot of active but unused accounts.
System administration in the organization is a high risk. External hackers are being compromised
the desktop machines. The administrators are convinced that the servers are not negotiated yet.
As the host is negotiated, then administrators disable hack and carry on to permit the machine to
be used.
Security risks: Small software house has no firewall and security system so that it can
protect the system and network from being hacked. The services which are accessible by the
6IT RISK MANAGEMENT
network servers are available via use of internet. There is also no emails and virus defense in the
association.
Backup and disaster recovery risk: The organization does not contain some backup and
failure recovery system so that it can take a backup of the data. When the data is lost, the user
cannot able to access the data as no backup copy of data on the tape or hardware disk is taken.
Figure 2: Backup and disaster recovery
(Source: Safa & Von Solms, 2016, pp-449)
Network and physical location threat: The server and network infrastructure are situated
in workplace as other communications as well as organizational employee. The servers are on
similar network as user workstations along with there is no such safety of network.
Figure 3: Network and physical location
(Source: Hsu et al., 2015, pp-289)
network servers are available via use of internet. There is also no emails and virus defense in the
association.
Backup and disaster recovery risk: The organization does not contain some backup and
failure recovery system so that it can take a backup of the data. When the data is lost, the user
cannot able to access the data as no backup copy of data on the tape or hardware disk is taken.
Figure 2: Backup and disaster recovery
(Source: Safa & Von Solms, 2016, pp-449)
Network and physical location threat: The server and network infrastructure are situated
in workplace as other communications as well as organizational employee. The servers are on
similar network as user workstations along with there is no such safety of network.
Figure 3: Network and physical location
(Source: Hsu et al., 2015, pp-289)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7IT RISK MANAGEMENT
Individual workstations and passwords threat: Each of employees is working in the
organization has desktop computer. The computers are organizing vanilla installation of
windows such as operating system which is not patched because of installation. Each of the
workers keeps data on the hosts within the home directory which is not to be back up. The
organization is not consisted any hard and fast rules of passwords, and they are used password in
person’s name. Therefore, there is risk of data stolen from the database system.
4.0 Risk severity matrix
Type of risks Possibility
(High= 5 and
low= 1)
Severity
(High= 5 and
low= 1)
Possible handling
Infrastructure risk 3 4 Mitigation
Services and data risk 4 4 Mitigation
Administration risk 3 3 Avoidable
Security risk 4 5 Mitigation
Backup and disaster recovery risk 2 4 Avoidable/
Mitigation
Network and physical location risk 3 4 Mitigation
Individual workstations and passwords 5 5 Mitigation
Table 1: Risk severity matrix
5.0 Threat agents of the risks
Hackers: This group is included malicious individuals, and employees of the
organization. The employees involved in the organization have access to user’s data to
troubleshoot their requests plus inquiries from the clients (Jiang et al., 2015). The hacker can
able to change information over network, which is a threat comes from the third party access.
Malicious insiders: The attacker can cause difficulty to the system as they can have
information and access to the user’s structure. The insiders are threat agent as they can
compromise over the security and network server without causing any attacks (Nagaraju &
Parthiban, 2016). Mainly, the employees working in the organization are malicious insiders.
Individual workstations and passwords threat: Each of employees is working in the
organization has desktop computer. The computers are organizing vanilla installation of
windows such as operating system which is not patched because of installation. Each of the
workers keeps data on the hosts within the home directory which is not to be back up. The
organization is not consisted any hard and fast rules of passwords, and they are used password in
person’s name. Therefore, there is risk of data stolen from the database system.
4.0 Risk severity matrix
Type of risks Possibility
(High= 5 and
low= 1)
Severity
(High= 5 and
low= 1)
Possible handling
Infrastructure risk 3 4 Mitigation
Services and data risk 4 4 Mitigation
Administration risk 3 3 Avoidable
Security risk 4 5 Mitigation
Backup and disaster recovery risk 2 4 Avoidable/
Mitigation
Network and physical location risk 3 4 Mitigation
Individual workstations and passwords 5 5 Mitigation
Table 1: Risk severity matrix
5.0 Threat agents of the risks
Hackers: This group is included malicious individuals, and employees of the
organization. The employees involved in the organization have access to user’s data to
troubleshoot their requests plus inquiries from the clients (Jiang et al., 2015). The hacker can
able to change information over network, which is a threat comes from the third party access.
Malicious insiders: The attacker can cause difficulty to the system as they can have
information and access to the user’s structure. The insiders are threat agent as they can
compromise over the security and network server without causing any attacks (Nagaraju &
Parthiban, 2016). Mainly, the employees working in the organization are malicious insiders.
8IT RISK MANAGEMENT
Network and server: The internet is obtainable for all the users moreover network, server
is associated up with internet, therefore there is difficulty related to internet connections with the
network (Alhakami, 2016). Network attacks can steal information from network as the attacker
can reach out throughout network as it causes threaten to the system.
End users: Each of the internet system is consisted end users those can access to the data
and information stored in the system. When the user gets wrong motive to use the system, then
they can access to the information and share those information with others. The end user does
not have any security as well as privacy access of the sensor from system, and then the user
breaks the system by fulfilling their wrong motive (Kgogo, Isong, & Abu-Mahfouz, 2017). The
users can keep less secured password for the system which becomes easier for the attacker to
steal information from the system and get access to system account.
6.0 Impact on system
Identified project risks can cause high impact on the system as the impact of those risks
can cause loss of data and information along with security breaches. Malicious insider is a high
risk for the organization as the employees working in the organization has wrong motive, then it
is probable that the employee can change information. The system’s information changes
without any restriction when the system user is behind the risks, and then it can have a high
impact on the system (Rajkumar & Umamaheswari, 2015). Weak password is set for the system;
therefore anyone can access to the data and steal the information in the system. The organization,
Software house can measure severity of the risks and take actions to mitigate those risks.
7.0 Mitigating the risks
Type of risks Possible mitigation of the risks
Infrastructure risk Proper maintenance of hardware and software should do and the servers like
Sparc Station are upgraded as per organizational requirements. The
organization should upgrade with latest infrastructure with advanced
technology.
Services and data
risk
The integrity of data is to be done and there is maintenance of redundancy and
fail over the disk.
Network and server: The internet is obtainable for all the users moreover network, server
is associated up with internet, therefore there is difficulty related to internet connections with the
network (Alhakami, 2016). Network attacks can steal information from network as the attacker
can reach out throughout network as it causes threaten to the system.
End users: Each of the internet system is consisted end users those can access to the data
and information stored in the system. When the user gets wrong motive to use the system, then
they can access to the information and share those information with others. The end user does
not have any security as well as privacy access of the sensor from system, and then the user
breaks the system by fulfilling their wrong motive (Kgogo, Isong, & Abu-Mahfouz, 2017). The
users can keep less secured password for the system which becomes easier for the attacker to
steal information from the system and get access to system account.
6.0 Impact on system
Identified project risks can cause high impact on the system as the impact of those risks
can cause loss of data and information along with security breaches. Malicious insider is a high
risk for the organization as the employees working in the organization has wrong motive, then it
is probable that the employee can change information. The system’s information changes
without any restriction when the system user is behind the risks, and then it can have a high
impact on the system (Rajkumar & Umamaheswari, 2015). Weak password is set for the system;
therefore anyone can access to the data and steal the information in the system. The organization,
Software house can measure severity of the risks and take actions to mitigate those risks.
7.0 Mitigating the risks
Type of risks Possible mitigation of the risks
Infrastructure risk Proper maintenance of hardware and software should do and the servers like
Sparc Station are upgraded as per organizational requirements. The
organization should upgrade with latest infrastructure with advanced
technology.
Services and data
risk
The integrity of data is to be done and there is maintenance of redundancy and
fail over the disk.
9IT RISK MANAGEMENT
Administration risk The administrators should be trained to administer the machines.
Security risk The organization should implement firewall and security system so that all the
data are secured. There should be also email and virus protection within the
organization.
Backup and disaster
recovery risk
The organization should implement backup and disaster recovery systems/
procedures.
Network and
physical location
risk
Proper encryption of the network is taken so that no third party person can
access to the data.
Individual
workstations and
passwords
The password should be strong so that third party person cannot able to access
the information. There should be implementation of advanced encryption
procedures in the organization.
8.0 Literature review (Protection mechanism)
Software House provides solutions to the internet system applications to their clients. The
risks are identified which can provide high impact on the system. Internet of Things (IoT) system
is a solution over the network as the risks affect the system. IoT solutions allow the organization
to be focused on outcomes as there is facilitated digital journey (Schilling, 2015). The service
enables the organization for transformation of the business requirements in aggressive
differentiators. As a protection mechanism to the system, system authentication is implemented.
It is a process to provide the individuals access to the system based on user’s identification. It
can provide authentication to the resources such as computer system, network and server and
database (Satyanarayana, Manasa, & Chandana, 2017). Authentication technology provides
access control over the system by authorizing and seeing that user’s credentials should match
with database credentials of authorized users and data authentication servers.
Multi factor authentication mechanisms are implemented for the organization as security
measures where the user should offer two various authentication factors to confirm and defend
the user’s qualifications and possessions that the user can able to access. It is a two step
verification step with providing high level of declaration than the authentication methods depend
on the single factor authentication (Majhi & Dhal, 2016). It relies on users providing them with
Administration risk The administrators should be trained to administer the machines.
Security risk The organization should implement firewall and security system so that all the
data are secured. There should be also email and virus protection within the
organization.
Backup and disaster
recovery risk
The organization should implement backup and disaster recovery systems/
procedures.
Network and
physical location
risk
Proper encryption of the network is taken so that no third party person can
access to the data.
Individual
workstations and
passwords
The password should be strong so that third party person cannot able to access
the information. There should be implementation of advanced encryption
procedures in the organization.
8.0 Literature review (Protection mechanism)
Software House provides solutions to the internet system applications to their clients. The
risks are identified which can provide high impact on the system. Internet of Things (IoT) system
is a solution over the network as the risks affect the system. IoT solutions allow the organization
to be focused on outcomes as there is facilitated digital journey (Schilling, 2015). The service
enables the organization for transformation of the business requirements in aggressive
differentiators. As a protection mechanism to the system, system authentication is implemented.
It is a process to provide the individuals access to the system based on user’s identification. It
can provide authentication to the resources such as computer system, network and server and
database (Satyanarayana, Manasa, & Chandana, 2017). Authentication technology provides
access control over the system by authorizing and seeing that user’s credentials should match
with database credentials of authorized users and data authentication servers.
Multi factor authentication mechanisms are implemented for the organization as security
measures where the user should offer two various authentication factors to confirm and defend
the user’s qualifications and possessions that the user can able to access. It is a two step
verification step with providing high level of declaration than the authentication methods depend
on the single factor authentication (Majhi & Dhal, 2016). It relies on users providing them with
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10IT RISK MANAGEMENT
password and second factor is biometric factor such as fingerprint. This security mechanism can
manage exchange of information and data. The system is to be implemented with filter
mechanism like security firewall at the network edge. It can block any types of network traffic
and form barrier among trusted along with un-trusted network. The firewall security can block
spreading of computer attacks (Mateen et al., 2018). The network attacks are not inevitable while
it can be controlled. Anti-malware tools and techniques are used to provide control over malware
attacks. There is upgradation of the organizational infrastructure with advanced technology
implementation with secured business environment. Proxy server mechanism is used as a control
to make sure that there is proper flow of the network traffic among the clients along with servers
(Soni & Xaxa, 2016). It is not revealing information of the devices and attacker cannot be able to
review details of the devices.
Figure 4: Multi-factor authentication mechanism
(Source: Mateen et al., 2018, pp-19)
9.0 Conclusion
It is concluded that Software House has identified possible risks in the organization
throughout risk assessment. Risk assessment can identify the risks to develop secured business
environment. In order to avoid the risks in the project, integration of multi factor authentication
mechanism is taken to help the system protected against the threats and vulnerabilities. It is
recommended to implement protection mechanism with internet technology based system. The
network and physical location is to be implemented with encryption, system firewall and multi
factor authentication procedures. Authentication is implemented in the organization to provide
individual access to the system based on the user identification.
password and second factor is biometric factor such as fingerprint. This security mechanism can
manage exchange of information and data. The system is to be implemented with filter
mechanism like security firewall at the network edge. It can block any types of network traffic
and form barrier among trusted along with un-trusted network. The firewall security can block
spreading of computer attacks (Mateen et al., 2018). The network attacks are not inevitable while
it can be controlled. Anti-malware tools and techniques are used to provide control over malware
attacks. There is upgradation of the organizational infrastructure with advanced technology
implementation with secured business environment. Proxy server mechanism is used as a control
to make sure that there is proper flow of the network traffic among the clients along with servers
(Soni & Xaxa, 2016). It is not revealing information of the devices and attacker cannot be able to
review details of the devices.
Figure 4: Multi-factor authentication mechanism
(Source: Mateen et al., 2018, pp-19)
9.0 Conclusion
It is concluded that Software House has identified possible risks in the organization
throughout risk assessment. Risk assessment can identify the risks to develop secured business
environment. In order to avoid the risks in the project, integration of multi factor authentication
mechanism is taken to help the system protected against the threats and vulnerabilities. It is
recommended to implement protection mechanism with internet technology based system. The
network and physical location is to be implemented with encryption, system firewall and multi
factor authentication procedures. Authentication is implemented in the organization to provide
individual access to the system based on the user identification.
11IT RISK MANAGEMENT
References
Alhakami, W. (2016). Secure MAC protocols for cognitive radio networks.
Harrison, F., & Lock, D. (2017). Advanced project management: a structured approach.
Routledge.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), 282-300.
Jiang, M., He, A., Wang, K., & Le, Z. (2015, November). Two-Way Graphic Password for
Mobile User Authentication. In Cyber Security and Cloud Computing (CSCloud), 2015
IEEE 2nd International Conference on (pp. 476-481). IEEE.
Kgogo, T., Isong, B., & Abu-Mahfouz, A. M. (2017, September). Software defined wireless
sensor networks security challenges. In AFRICON, 2017 IEEE (pp. 1508-1513). IEEE.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
Majhi, S. K., & Dhal, S. K. (2016). Threat Modelling of Virtual Machine Migration
Auction. Procedia Computer Science, 78, 107-113.
Malik, M. H., Raza, S., Akram, K., Rehman, A., Khan, J., & Rafi, M. A. (2016). Congestion
Control in Wireless Sensor Network. International Journal of Computer Science and
Information Security, 14(10), 473.
Mateen, A., Abdul, R. A. U. F., Abdullah, A. H., & Ashraf, M. (2018). Secure data access
control with perception reasoning. ADCAIJ: Advances in Distributed Computing and
Artificial Intelligence Journal, 7(1), 13-28.
Nagaraju, M. S., & Parthiban, D. L. (2016). Robust Multi-factor Authentication Machanism for
Enterprises in Cloud Computing. International Innovative Research Journal of
Engineering and Technology, 2(1).
References
Alhakami, W. (2016). Secure MAC protocols for cognitive radio networks.
Harrison, F., & Lock, D. (2017). Advanced project management: a structured approach.
Routledge.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), 282-300.
Jiang, M., He, A., Wang, K., & Le, Z. (2015, November). Two-Way Graphic Password for
Mobile User Authentication. In Cyber Security and Cloud Computing (CSCloud), 2015
IEEE 2nd International Conference on (pp. 476-481). IEEE.
Kgogo, T., Isong, B., & Abu-Mahfouz, A. M. (2017, September). Software defined wireless
sensor networks security challenges. In AFRICON, 2017 IEEE (pp. 1508-1513). IEEE.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
Majhi, S. K., & Dhal, S. K. (2016). Threat Modelling of Virtual Machine Migration
Auction. Procedia Computer Science, 78, 107-113.
Malik, M. H., Raza, S., Akram, K., Rehman, A., Khan, J., & Rafi, M. A. (2016). Congestion
Control in Wireless Sensor Network. International Journal of Computer Science and
Information Security, 14(10), 473.
Mateen, A., Abdul, R. A. U. F., Abdullah, A. H., & Ashraf, M. (2018). Secure data access
control with perception reasoning. ADCAIJ: Advances in Distributed Computing and
Artificial Intelligence Journal, 7(1), 13-28.
Nagaraju, M. S., & Parthiban, D. L. (2016). Robust Multi-factor Authentication Machanism for
Enterprises in Cloud Computing. International Innovative Research Journal of
Engineering and Technology, 2(1).
12IT RISK MANAGEMENT
Nazareth, D. L., & Choi, J. (2015). A system dynamics model for information security
management. Information & Management, 52(1), 123-134.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rajkumar, E., & Umamaheswari, A. (2015). To Improve A Quality Of Service In Hybrid
Networks Using Bac Machanism. Int. J. Adv. Eng, 1(3), 420-423.
Reason, J. (2016). Managing the risks of organizational accidents. Routledge.
Safa, N. S., & Von Solms, R. (2016). An information security knowledge sharing model in
organizations. Computers in Human Behavior, 57, 442-451.
Satyanarayana, K. V. V., Manasa, C., & Chandana, R. (2017). SECURITY FOR TARGETED
MALICIOUS ELECTRONIC MAIL ATTACK. International Journal of Pure and
Applied Mathematics, 116(5), 63-67.
Schilling, B. (2015). Efficient and secure event correlation in heterogeneous environments.
Soni, J., & Xaxa, D. (2016). Development of Intrusion Detection System using Various
Benchmark Data: An Analytical Review. Development.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Nazareth, D. L., & Choi, J. (2015). A system dynamics model for information security
management. Information & Management, 52(1), 123-134.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rajkumar, E., & Umamaheswari, A. (2015). To Improve A Quality Of Service In Hybrid
Networks Using Bac Machanism. Int. J. Adv. Eng, 1(3), 420-423.
Reason, J. (2016). Managing the risks of organizational accidents. Routledge.
Safa, N. S., & Von Solms, R. (2016). An information security knowledge sharing model in
organizations. Computers in Human Behavior, 57, 442-451.
Satyanarayana, K. V. V., Manasa, C., & Chandana, R. (2017). SECURITY FOR TARGETED
MALICIOUS ELECTRONIC MAIL ATTACK. International Journal of Pure and
Applied Mathematics, 116(5), 63-67.
Schilling, B. (2015). Efficient and secure event correlation in heterogeneous environments.
Soni, J., & Xaxa, D. (2016). Development of Intrusion Detection System using Various
Benchmark Data: An Analytical Review. Development.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.