IT Risk Management: Conducting a Risk Assessment and Developing a Security Policy
Added on 2023-04-22
12 Pages3074 Words482 Views
Running Head: IT RISK MANAGEMENT 0
IT risk management
Report
Student name
IT risk management
Report
Student name
IT RISK MANAGEMENT
1
Table of Contents
Introduction................................................................................................................................2
Part One: Conducting a Risk Assessment..................................................................................2
Description of the malware attack..........................................................................................2
Impact of malware attack.......................................................................................................2
Inherent risk assessment.........................................................................................................3
Key controls to mitigate the malware attack..........................................................................3
Residual risk assessment........................................................................................................4
ANSI B11.0.TR3 Risk Assessment Matrix............................................................................4
Part Two: Developing a Security Policy....................................................................................5
System security policy............................................................................................................5
Conclusion..................................................................................................................................7
References..................................................................................................................................8
1
Table of Contents
Introduction................................................................................................................................2
Part One: Conducting a Risk Assessment..................................................................................2
Description of the malware attack..........................................................................................2
Impact of malware attack.......................................................................................................2
Inherent risk assessment.........................................................................................................3
Key controls to mitigate the malware attack..........................................................................3
Residual risk assessment........................................................................................................4
ANSI B11.0.TR3 Risk Assessment Matrix............................................................................4
Part Two: Developing a Security Policy....................................................................................5
System security policy............................................................................................................5
Conclusion..................................................................................................................................7
References..................................................................................................................................8
IT RISK MANAGEMENT
2
Introduction
In this modern era, security of the data or information is very crucial or difficult and
every person uses internet connectivity that increases the rate of security risk. A recent study
evaluated that the Australian Universities are facing numerous security risks and issues such
as denial of service attack, hacking, data breaching, and malware and so on (Mathur, &
Hiranwal, 2013). This study will describe only malware attack and their impacts on the data
of Australian university and mitigation tools to control such kind of risks. Malware is a type
of computer software, which is developed to damage computer networks, servers, and
devices. In which hackers generate a large complex algorithm to generate the virus and
unwanted signals and transfer to the user's networks. The aim of this report is to analysis the
issue of malware attack and highlights the key factors, which are associated with the
malware. This study is divided into the main two parts such as conduction a risk assessment
for Australian university and developing a security policy for CSIRO.
Part One: Conducting a Risk Assessment
Description of the malware attack
Malware is defined as the security risk where malware software performs activities on
the consumer computer device without her knowledge. Today, it is one of the biggest issue or
risk faced by Australian university because they use the internet and computer networks for
communication purpose that are associated with the cyber-crimes. The recent investigation
identified that in 2015 the rate of malware attack has increased by 45% due to lack of security
and many Australian universities are using the computer systems to handle student’s datasets
which increase the issue of hacking (Egele, Scholte, Kirda, & Kruegel, 2012). Mainly
attackers use the botnet process to produce a huge amount of viruses and signals to reduce the
performance of the university networks.
Impact of malware attack
Malware is one of the danger security risk and threat that is growing rapidly and its
impacts on the personal data files or computer networks. First hackers send the virus or
unwanted signals to the users that create uncertainty in the system and hackers enter into the
university server to hack the data or information of students (Marpaung, Sain, & Lee, 2012).
2
Introduction
In this modern era, security of the data or information is very crucial or difficult and
every person uses internet connectivity that increases the rate of security risk. A recent study
evaluated that the Australian Universities are facing numerous security risks and issues such
as denial of service attack, hacking, data breaching, and malware and so on (Mathur, &
Hiranwal, 2013). This study will describe only malware attack and their impacts on the data
of Australian university and mitigation tools to control such kind of risks. Malware is a type
of computer software, which is developed to damage computer networks, servers, and
devices. In which hackers generate a large complex algorithm to generate the virus and
unwanted signals and transfer to the user's networks. The aim of this report is to analysis the
issue of malware attack and highlights the key factors, which are associated with the
malware. This study is divided into the main two parts such as conduction a risk assessment
for Australian university and developing a security policy for CSIRO.
Part One: Conducting a Risk Assessment
Description of the malware attack
Malware is defined as the security risk where malware software performs activities on
the consumer computer device without her knowledge. Today, it is one of the biggest issue or
risk faced by Australian university because they use the internet and computer networks for
communication purpose that are associated with the cyber-crimes. The recent investigation
identified that in 2015 the rate of malware attack has increased by 45% due to lack of security
and many Australian universities are using the computer systems to handle student’s datasets
which increase the issue of hacking (Egele, Scholte, Kirda, & Kruegel, 2012). Mainly
attackers use the botnet process to produce a huge amount of viruses and signals to reduce the
performance of the university networks.
Impact of malware attack
Malware is one of the danger security risk and threat that is growing rapidly and its
impacts on the personal data files or computer networks. First hackers send the virus or
unwanted signals to the users that create uncertainty in the system and hackers enter into the
university server to hack the data or information of students (Marpaung, Sain, & Lee, 2012).
IT RISK MANAGEMENT
3
Due to such kind of security risk, the university can suffer from the financial issues because
criminals demand money from victims to restore their private details. The recent survey
analysed that more than 68% users and Australian universities are facing the issue of malware
that detects the passwords of their system and collects data like pictures, address, financial
documents and many more (Holz, Steiner, Dahl, Biersack, & Freiling, 2008).
Inherent risk assessment
It is very important to identify the inherent risk in the system before looking at the
solution or prevention methods. In the Australian university, there are numerous inherent
risks which are currently facing by the university such as lack of security, use of old
computer networks, spam, jamming, a fraud case, and phishing. All these are the main
internet risk that can be reduced by adopting and developing security plans and strategies
(Idika, & Mathur, 2007). Jamming is a part of malware where hackers generate viruses with
the help of malicious, transfer to the user networks, and block their servers.
Key controls to mitigate the malware attack
Most hackers use the malware software to collect and identify the login ID and
password of the user personal systems and Australian university uses the computer devices to
store data of students. It is observed that lack of security and use of unauthentic networks
both are major key factors which are increasing the issue of malware attack (Bogdanoski, &
Risteski, 2011). To control and monitor such kind of security risk information technology
developed many security related tools such as firewall software, robust technology,
encryption, and antivirus and cryptography technology. All these approaches can be used for
an Australian university to secure and protect their personal data from the attackers and it
helps to reduce the rate of malware attack.
Encryption is a process, which is used to convert the information or data files into a
form of code, which cannot be hacked by the criminals because they required the private key
to decrypt the information. University can develop this technique because they communicate
with students and parents by using Gmail, and other social networks so, they can secure the
information of students by encryption (Humphreys, 2008). Firewall is one of the best
software that has potential to detect the virus and malware from the networks and computer
system and provided notification on the computer screen by which users and management
team can easily block them. To reduce the spam, fraud and unwanted links they can design
the robust technique that provides a way to block spam and virus from the server. Moreover,
3
Due to such kind of security risk, the university can suffer from the financial issues because
criminals demand money from victims to restore their private details. The recent survey
analysed that more than 68% users and Australian universities are facing the issue of malware
that detects the passwords of their system and collects data like pictures, address, financial
documents and many more (Holz, Steiner, Dahl, Biersack, & Freiling, 2008).
Inherent risk assessment
It is very important to identify the inherent risk in the system before looking at the
solution or prevention methods. In the Australian university, there are numerous inherent
risks which are currently facing by the university such as lack of security, use of old
computer networks, spam, jamming, a fraud case, and phishing. All these are the main
internet risk that can be reduced by adopting and developing security plans and strategies
(Idika, & Mathur, 2007). Jamming is a part of malware where hackers generate viruses with
the help of malicious, transfer to the user networks, and block their servers.
Key controls to mitigate the malware attack
Most hackers use the malware software to collect and identify the login ID and
password of the user personal systems and Australian university uses the computer devices to
store data of students. It is observed that lack of security and use of unauthentic networks
both are major key factors which are increasing the issue of malware attack (Bogdanoski, &
Risteski, 2011). To control and monitor such kind of security risk information technology
developed many security related tools such as firewall software, robust technology,
encryption, and antivirus and cryptography technology. All these approaches can be used for
an Australian university to secure and protect their personal data from the attackers and it
helps to reduce the rate of malware attack.
Encryption is a process, which is used to convert the information or data files into a
form of code, which cannot be hacked by the criminals because they required the private key
to decrypt the information. University can develop this technique because they communicate
with students and parents by using Gmail, and other social networks so, they can secure the
information of students by encryption (Humphreys, 2008). Firewall is one of the best
software that has potential to detect the virus and malware from the networks and computer
system and provided notification on the computer screen by which users and management
team can easily block them. To reduce the spam, fraud and unwanted links they can design
the robust technique that provides a way to block spam and virus from the server. Moreover,
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Ransomware & Malwarelg...
|5
|581
|276
Online Spammer Detection Using User Neighbor Relationship Literature Review 2022lg...
|10
|2711
|23
Cyber security Attacks | Assessment 1lg...
|7
|1374
|30
IoT Security: Risks and Mitigation Techniqueslg...
|10
|865
|302
Introduction to Cyber Securitylg...
|14
|3209
|388
Information Systems Security: IT Security Fundamentals, Vulnerabilities, and IBM Security Architecturelg...
|5
|747
|57