Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IT Risk Management: Cyber Security

Verified

Added on 2023/06/04

AI Summary

This report discusses the case study of Gigantic Corporation and their project on cyber security. It identifies the risks and consequences of cyber threats and vulnerabilities and provides recommendations for the project. The report also discusses protection mechanisms for information security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT RISK MANAGEMENT
IT Risk Management: Cyber Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
IT RISK MANAGEMENT
Table of Contents
Executive Summary...................................................................................................................2
Introduction................................................................................................................................4
Risk Assessment.........................................................................................................................4
Various Threats and Vulnerabilities in Cyber Security.........................................................4
Risk Assessment on the Identified Risks in the Cyber Security............................................7
Consequences of the Identified Risks derived from IT Control Framework.........................9
Recommendations for the Project........................................................................................10
Mitigation of Risks and Impact on the System....................................................................11
Literature Review.....................................................................................................................13
Protection Mechanisms Required for Information Security in the Project..........................13
Conclusion................................................................................................................................15
References................................................................................................................................17

2
IT RISK MANAGEMENT
Executive Summary
The major objective of this report is to learn about the case study of Gigantic Corporation.
The organization would be eventually executing a significant project on the cyber security,
known as Cryptography. This particular organization has hired a specific information
technology risk assessment lead consultant within their company. The major role of the
information technology risk assessment lead consultant will be providing the significant
interface within the technologists as well as the respective business stakeholders. Moreover,
this particular risk assessment consultant will have to translate the significant technical
difficulties and issues to the risk language with the core purpose of facilitating the efficient as
well as effective process of decision making by their stakeholders.
The cyber security can be described as the basic protection of various internet connected
systems that involve the hardware, data and software from all types of cyber attacks. Within
the context of computing, this security consists of two distinct kinds, which are physical
security and cyber security. These two types of securities are being utilized by the
organizations for properly protecting against any type of unauthorized or unauthenticated
access to the data centres or the computer based systems. The information security that is
being designed for the proper maintenance of CIA or confidentiality, integrity and the
availability of sensitive data is the major subset of this cyber security. The main elements of
this cyber security that need the proper coordination of the efforts within any information
system are application securities, information security, network security, business continuity
planning, disaster recovery, operational security as well as the end user education.
The organization of Gigantic Corporation Company has eventually hired the significant
information technology risk assessment leading consultant for the basic purpose to identify
the several IT related risks in the project of cryptography as well as cryptographic algorithms.

3
IT RISK MANAGEMENT
The specific cryptographic algorithms and techniques are majorly responsible for securing
the cyber related issues within any particular system. Cryptography is the basic practice of
several techniques that help to secure confidential data or information in the significant
presence of the adversaries or third parties. Cryptography majorly depends on the proper
construction as well as analysis of the protocols, which could eventually prevent the third
parties or even the public from simply reading the several private messages as well as the
several features within the information security like the data confidentiality, integrity, non
repudiation, availability and finally authorization or authentication. The various applications
of this cryptography majorly involve the digital currencies, confidential data
communications, electronic commerce, computerized passwords and various others. The
cryptographic algorithms are eventually designed for various assumptions and hence these
algorithms are quite tough for breaking by the adversaries.
Cryptography is considered as the basic threat within cyber security. The Gigantic
Corporation Company has hence chosen the specific project of Cryptographic algorithms for
the area of cyber security. There are various types of threats within the cyber security.
Amongst them, the most significant threats are social engineered Trojans, phishing, advanced
persistent threat, unpatched software like Flash, Adobe Reader and Java, botnets,
ransomware, distributed denial of service attacks, data manipulation, and malware, man in the
middle attacks, network travelling worms and various others. These above mentioned cyber
threats are extremely vulnerable and destructive for the information systems and hence
should be mitigated with proper measures.
The report has clearly identified each and every risk related to their area of cyber security and
could be then mitigated by undertaking some of the most significant and proper measures of
cryptography within this company called Gigantic Corporation. Their information technology
risk assessment leading consultant has recognized and the consequences are also provided.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
IT RISK MANAGEMENT
Introduction
The computer security or cyber security is the basic security or protection of the
computerized systems from any type of theft as well as damage to the respective software,
hardware or the electronic data (Von Solms & Van Niekerk, 2013). This cyber security is
also effective from the misdirection and disruption of these services that are being provided.
The reliance on the computers are subsequently incrementing and the wireless networks like
wireless fidelity and Bluetooth as well as the Internet connectivity are becoming quite
popular. The proper growth of the smart devices such as smart televisions and smart phones
or the several tiny devices together constitutes the technology of Internet of Things. There are
some of the major threats and vulnerabilities within this cyber security and hence these
threats should be properly mitigated on time to avoid all types of complexities and issues
(Wang & Lu, 2013)). The following report will be outlining the basic description about
Gigantic Corporation Company as well as their project. The risk assessment will be
eventually done for each and every identified risk or the consequences of these risks as per
the framework of IT control. Moreover, several mechanisms of protection would also be
provided here.
Risk Assessment
Various Threats and Vulnerabilities in Cyber Security
The cyber security is the processes, practices and technologies that are designed for
the protection of the networks, programs, devices as well as data from any type of threat or
attack, unauthorized access or even damages (Hahn et al., 2013). It is also referred to as the
security of information security. The cyber security is extremely important since the
corporate, financial as well as the government organizations eventually collect, process,

5
IT RISK MANAGEMENT
manipulate and finally store the unprecedented data amount within the computer systems or
any other devices. The major elements of cyber security solely includes network security,
application security, end point security, data security, cloud security, identity management,
database security, infrastructure security, disaster recovery, mobile security, BCP or business
continuity planning and many more (Amin et al., 2013). The organization of Gigantic
Corporation might be facing some of the major risks and threats related to their area of cyber
security. The most significant and vital threats and risks to this specific area of cyber security
are given below:
i) Phishing: The first and the foremost threat to cyber security within the company of
Gigantic Corporation is this phishing. This is the fraudulent attempt for the purpose of
obtaining any sensitive information like the usernames, credentials of credit cards or
passwords for the purpose of spreading malicious activities (Buczak & Guven, 2016). The
hacker disguises himself as the most trustworthy entity within an electronic communication.
ii) Trojan Horses: This Trojan horse is the specific malicious program, which present
itself as the most legal software in front of the users. This particular computer program is
responsible for hiding malware as a normal program.
iii) Ransomware: Another important and significant threat or issue for the cyber
security for Gigantic Corporation organization is the ransomware or ransom malware
(Elmaghraby & Losavio, 2014). It is the kind of malware, which eventually prevents the
users from subsequent accessing of the systems as well as personal files. Next, he demands
for ransom payment for the purpose of regaining their authorized access.
iv) Distributed Denial of Service Attacks: The DDoS or distributed denial of service
attack is the fourth significant cyber attack, where this perpetrator could seek into the
machine as well as network resources for making it absolutely unavailable for all the

6
IT RISK MANAGEMENT
authorized and intended users wither by indefinitely or by temporarily disrupting the services
of that host that is being connected to the connectivity of Internet.
v) Man in the Middle Attacks: The next vital and noteworthy threat within the cyber
security is the man in the middle attack, in which the hacker or the attacker secretly or
stealthily relays the private message between two authorized parties (Ning, Liu & Yang,
2013). This attacker even alters the messages and hence a modified message reaches to the
receiver. The best example of this type of attack is the eavesdropping, where the attacker
intercepts the messages and then inject the new and the modified versions of messages.
vi) Botnets: Another important and significant threat for the cyber security is the
botnet threat. This botnet is the number of the Internet connected devices; each of these
devices is running one or more bots (Dunn Cavelty, 2013). The botnets are the major
requirements for utilizing to perform the DDoS or distributed denial of service attack or send
spam messages and stealing the data. The attacker gets the scope to access these Internet
connected devices as well as the connectivity.
vii) Data Manipulation: The next significant threat or issue that this specific
organization of Gigantic Corporation will be facing in their area of cyber security is the
significant manipulation of the confidential or sensitive data or information (Sou, Sandberg &
Johansson, 2013). This is the procedure of changing the data for making it much easier to be
read and even to be more organized.
viii) Advanced Persistent Threats: This is the set of continuous and stealthy
procedures of computer hacking by the hackers for the purpose of targeting a typical entity.
Gigantic Corporation is often vulnerable to this type of threat.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
IT RISK MANAGEMENT
ix) Unpatched Software: This could also bring out some of the major issue within this
particular organization if the software is not upgraded properly (Cavelty, 2014).
x) Spyware or Malware: The spyware or malware is the malicious software that
brings vulnerabilities within the information system.
Figure 1: Percentages of Major Cyber Threats
(Source: Wells et al., 2014)
Risk Assessment on the Identified Risks in the Cyber Security
The significant risk assessment for each and every identified risk within the area of
cyber security is as follows:
Serial Number Identified Risks Level of Risk
1. Phishing Moderate
2. Trojan Horses High
3. Ransomware High
4. Distributed Denial of Service Attacks High

8
IT RISK MANAGEMENT
5. Man in the Middle Attacks High
6. Botnets Low
7. Data Manipulation Moderate
8. Advanced Persistent Threats Low
9. Unpatched Software Low
10. Spyware or Malware Moderate
Table 1: Risk Assessment of the Identified Risks in the Cyber Security
This above given table has eventually assessed each and every identified risks for this
area of cyber security and these must be mitigated within time to stop the enhancement of the
vulnerabilities (Sommestad, Ekstedt & Holm, 2013).

9
IT RISK MANAGEMENT
Figure 2: Cyber Security
(Source: Abawajy, 2014)
Consequences of the Identified Risks derived from IT Control Framework
The information technology control framework or the IT control framework, which is
the data structure, is solely responsible for organizing as well as categorizing the internal
controls of the company (McGraw, 2013). There are certain practices or procedures that are
established for the proper creation of the business value and then minimizing the threats and
risks. This particular framework is subsequently designed for providing a specific model,
which could be used by the corporations for running the efficient or well controlled financial
environment. The major components of this framework are internal control environment,
setting of objectives, event identifications, risk assessment and response, the control actions
and many more (Cherdantseva et al., 2016).
The various consequences of all the identified risks according to the IT control
framework are as follows:
i) Phishing: The consequence for the threat of phishing is moderate as per the control
framework as the risk can be mitigated by undertaking some counter measures.
ii) Trojan Horses: The consequence for the threat of Trojan horse is major as the
policies and procedures could not stop this risk (Amin et al., 2013).
iii) Ransomware: The consequence for this threat of ransomware is major since
procedures or policies of IT control framework cannot resist the risk.
iv) Distributed Denial of Service Attacks: The consequence for this threat of DDoS
attack is major as this framework cannot resist the risk.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
IT RISK MANAGEMENT
v) Man in the Middle Attacks: The consequence for this threat of man in the middle
attack is major since the policies and procedures will not be resisted.
vi) Botnets: The consequence for this threat of botnet is minor as it is easier to stop
this threat (Knowles et al., 2015).
vii) Data Manipulation: The consequence for the threat of data manipulation is
moderate as per the control framework as the risk can be mitigated by undertaking some
counter measures.
viii) Advanced Persistent Threats: The consequence for this threat of APT is minor
as it is easier to stop this threat (Hong, Liu & Govindarasu, 2014).
ix) Unpatched Software: The consequence for this threat of unpatched software is
minor as it is easier to stop this threat.
x) Spyware or Malware: The consequence for the threat of spyware or malware is
moderate according to the control framework as the risk can be mitigated by undertaking
some counter measures.
Recommendations for the Project
The significant recommendations for this project of cryptography within the
organization of Gigantic Corporation, so that it could easily mitigate the identified problems
of cyber security are given below:
i) Using Asymmetric Key Algorithms: The first and the foremost recommendation for
the project in Gigantic Corporation is utilizing the asymmetric key algorithm (Luiijf,
Besseling & De Graaf, 2013). This is considered as one of the major and the most secured
algorithm of cryptography. The decryption keys are produced with the help of this particular
algorithm. The most widely utilized algorithm of the asymmetric key is the RSA or Rivest

11
IT RISK MANAGEMENT
Shamir Adleman. This is being embedded within the protocol of SSL and TLS for the
purpose of providing the communication security within the computer network. This is the
public key cryptography that utilizes the public as well as the private keys for the encryption
or decryption of the confidential and sensitive data. All of these keys are larger numbers,
which are paired together. One of this key within the pair is shared with all the members and
hence is known as public key (Fielder et al., 2016). The next key within the pair is kept secret
and is termed as private key.
ii) Hybrid Encryption: The second recommendation for their project of cryptography
is hybrid encryption. It is the method of encryption, which merges two and more encryption
techniques. It hence incorporates the combination of symmetric and asymmetric encryption
or providing advantages from the encryption technique (Bada & Sasse, 2014). It would be
extremely safe and secured for Gigantic Corporation to provide security from cyber threats.
Mitigation of Risks and Impact on the System
The proper risk mitigation of the identified risks for the cyber threats are as follows:
i) Implementation of Firewalls: The next important technique to mitigate the
identified risks of cyber security is the proper implementation of the firewalls. These threats
are easily detected as well as prevented by undertaking the help of firewalls as the incoming
or outgoing traffic of the network security system is monitored and controlled as per the
previously determined security rules (Ashok, Hahn & Govindarasu, 2014). Network firewalls
are the best type of firewalls that would be effective for the proper detection of untrusted
external network and internal network.

12
IT RISK MANAGEMENT
Figure 3: Firewall Implementation
(Source: Choucri, Madnick & Ferwerda, 2014)
ii) Implementation of the Antivirus Software as well as Proper Updates: This is a
major mitigation technique to reduce the identified risks within cyber security is the proper
implementation of antivirus software as well as the significant up gradations of the software
(Abomhara & Køien, 2015). This particular software is a computer based program, which is
being utilized to subsequently prevent, detect and even remove the respective malware. The
software of antivirus was developed to detect and remove the computer virus and malware.
The several other threats are also detected and prevented within this particular software.
Moreover, the malicious browser is also required to be identified properly.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
IT RISK MANAGEMENT
Figure 4: Types of Antivirus Software
(Source: Luiijf, Besseling & De Graaf, 2013)
Literature Review
Protection Mechanisms Required for Information Security in the Project
The protection is required from various types of cyber threats with the help of various
cryptographic functions and algorithms. When this protection is not provided within the
organization of Gigantic Corporation, the information would be vulnerable for various types
of threats and attacks (Knowles et al., 2015). The cyber security is the collection of various
techniques that could be effective for protecting against the network integrity, data and
programs from the unauthorized accesses, attacks or damages.

14
IT RISK MANAGEMENT
The two protection mechanisms of cryptography that are needed to secure the
information for reducing the cyber threats are given below:
i) Using Asymmetric Key Algorithms: This protection mechanism is responsible for
using asymmetric key algorithm for cryptography. There are two distinct keys for this
particular algorithm (Abawajy, 2014). One of these keys is used for encryption, while the
other is used for decryption. Hence this is extremely safe and secured. The attacker does not
get any idea about the confidential data.
Figure 5: Asymmetric Key Encryption
(Source: Wells et al., 2014)
ii) Hybrid Encryption: This is the amalgamation of private and public key algorithms
and hence is another important protection mechanism for Gigantic Corporation. It is
extremely effective and efficient in terms of other mechanisms.

15
IT RISK MANAGEMENT
Figure 6: Hybrid Encryption
(Source: Cavelty, 2014)
Conclusion
Therefore, from this above report, conclusion can be drawn that this cryptography is
the methodology to protect the information as well as communications by undertaking the
utilization of various c odes so that the confidential data is being accessible by only
authorized and the intended users. Cryptography majorly means to keep the data and
information absolutely hidden and encoded by involving some major algorithms. The
technique of cryptography refers to the factor of securing the information as well as
communication techniques that are being derived from the set of rule based calculations and
mathematical concepts for the core purpose of transforming the messages in few methods that
are quite tough for deciphering. All of these deterministic algorithms are hence utilized for
the cryptographic key generation or digital signing as well as digitalized verification for the
protection of the data privacy, confidential communication like electronic mails or credit card
transactions and web browsing over the Internet connection. This cryptography is closely

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16
IT RISK MANAGEMENT
related to few disciplines of cryptanalysis and cryptology. Various techniques like microdots,
merging words and several other methods are being included here for hiding the information
within transit or storage. Encryption and decryption are the most basic processes of this
technology, which helps to transform the plain text into cipher text. The above provided
report has perfectly outlined the various aspects related to the case study of Gigantic
Corporation Company. There are various risks related to the cyber security and all of these
risks are identified as well as assessed in these risks. Moreover, importance of their project of
cryptography is also provided in this report to help to mitigate all of these risks within cyber
security. The final part of the report has also described about the major consequences of these
risks as per the framework of IT control.

17
IT RISK MANAGEMENT
References
Abawajy, J. (2014). User preference of cyber security awareness delivery
methods. Behaviour & Information Technology, 33(3), 237-248.
Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things:
vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), 65-88.
Amin, S., Litrico, X., Sastry, S. S., & Bayen, A. M. (2013). Cyber security of water SCADA
systems—Part II: Attack detection using enhanced hydrodynamic models. IEEE
Transactions on Control Systems Technology, 21(5), 1679-1693.
Amin, S., Litrico, X., Sastry, S., & Bayen, A. M. (2013). Cyber security of water SCADA
systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE
Transactions on Control Systems Technology, 21(5), 1963-1970.
Ashok, A., Hahn, A., & Govindarasu, M. (2014). Cyber-physical security of wide-area
monitoring, protection and control in a smart grid environment. Journal of advanced
research, 5(4), 481-489.
Bada, M., & Sasse, A. (2014). Cyber security awareness campaigns: Why do they fail to
change behaviour?.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), 701-715.

18
IT RISK MANAGEMENT
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27.
Choucri, N., Madnick, S., & Ferwerda, J. (2014). Institutions for cyber security: International
responses and global imperatives. Information Technology for Development, 20(2),
96-121.
Dunn Cavelty, M. (2013). From cyber-bombs to political fallout: Threat representations with
an impact in the cyber-security discourse. International Studies Review, 15(1), 105-
122.
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), 491-497.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions
on Smart Grid, 4(2), 847-855.
Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber
security of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of
cyber security management in industrial control systems. International journal of
critical infrastructure protection, 9, 52-80.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

19
IT RISK MANAGEMENT
Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), 3-31.
McGraw, G. (2013). Cyber war is inevitable (unless we build security in). Journal of
Strategic Studies, 36(1), 109-119.
Ning, H., Liu, H., & Yang, L. (2013). Cyber-entity security in the Internet of
things. Computer, 1.
Sommestad, T., Ekstedt, M., & Holm, H. (2013). The cyber security modeling language: A
tool for assessing the vulnerability of enterprise system architectures. IEEE Systems
Journal, 7(3), 363-373.
Sou, K. C., Sandberg, H., & Johansson, K. H. (2013). On the exact solution to a smart grid
cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), 856-865.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer Networks, 57(5), 1344-1371.
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77.

1 out of 20

+13062052269

info@desklib.com

IT Risk Management: Cyber Security

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Risk Management: Cloud Security

Cyber Security: Attacks and Mitigation Techniques

Network Security: Report on OSI Security Architecture and Cryptographic Algorithms

Information Security: Commonwealth Bank of Australia

Cyber Algorithms for Australian MHR System

Cybersecurity Threats and Mitigation Strategies