Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

IT Risk Management: Threats, Vulnerabilities and Prevention Methods

Verified

Added on 2023/06/05

AI Summary

This report explains different types of threats and vulnerabilities of cyber security and methods to reduce this type of problems in the gigantic corporation. It also provides recommendations and prevention methods to reduce IT risk for a gigantic corporation.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

1. Cover page
IT Risk Management
Name of the Student:
Name of the University:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1IT RISK MANAGEMENT
2. Table of contents
1. Cover page.........................................................................................................................0
2. Table of contents................................................................................................................1
3. Executive Summary...........................................................................................................3
3.1 Statement of the technology project............................................................................3
3.1.1 Outline of the company- Gigantic Corporation........................................................3
3.1.2 Role and responsibility.........................................................................................3
3.1.3 Technology used in company....................................................................................4
3.2 Overview of your recommendations................................................................................4
4.0 Risk assessment based on threats, vulnerabilities and consequences..................................4
4.1 IT control framework.......................................................................................................7
4.1.1 Policy and procedure.................................................................................................8
4.2 Key threat agents............................................................................................................10
4.2.1 List of threat agents.................................................................................................11
4.2.2 Issues.......................................................................................................................12
4.3.3 Consequences..........................................................................................................12
4.3 Mitigation of risks and their impact on the system........................................................13
5.0 Literature review................................................................................................................14
5.1 Safeguards......................................................................................................................14
5.2 Security mechanisms......................................................................................................15

2IT RISK MANAGEMENT
5.3 Change in key principle of information by which employees can secure their
information...........................................................................................................................16
6.0 Conclusion..........................................................................................................................16
6. References........................................................................................................................18

3IT RISK MANAGEMENT
3. Executive Summary
Cyber security is a type of protection system for computing devices and it is also called as
IT security. In this advanced generation, the problem of cyber-crimes is growing very fast
and many originations are facing this type of problem. Cyber security provides a platform
where consumers can protect their personal information and they can avoid the problem of
cyber-attacks. The main purpose of this report is to understand the fundamental concept of
cyber security and their potential threats or risks. This report is explaining different types of
threats and vulnerabilities of cyber security and methods to reduce this type of problems in
the gigantic corporation. It is a very serious issue for any organization because hackers can
easily encrypt user’s computer devices with the help of botnet and malware. In the field of
computer science, physical security and cyber security both are very important parts to
protect data from unauthorized access and servers. Information security is a subset of cyber
security which is developed to maintain the integrity, availability, and confidentiality of
consumer’s private data.
3.1 Statement of the technology project
3.1.1 Outline of the company- Gigantic Corporation
Gigantic Corporation is an information and technology organization which provides
telecommunication services to their consumers and it also develops many software and
hardware. This organization is facing various IT risks like security threats, data breach and
other cyber-crimes.
3.1.2 Role and responsibility
Gigantic Corporation is an information and communication organization and in which I
am IT risk lead consultant. The main role of an IT consultant in the field of a computer

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4IT RISK MANAGEMENT
network is to maintain risks and threats of any information security and improve security
systems by which users can secure their private information.
3.1.3 Technology used in company
Gigantic Corporation uses various kinds of information technologies, for example, the
Internet of thing, wireless networks, cloud computing, network protocols, and information
technologies (Chakhchoukh & Ishii, 2015). With the help of these entire technologies, the
gigantic corporation provides communication services to many companies and consumers.
3.2 Overview of your recommendations
Lack of security is the very common problem for the gigantic organization and it is
observed that many consumers use a simple password-based system and hackers can easily
block their peripheral devices by using a complex algorithm process. This report is divided
into two parts such as potential threats of cybersecurity and prevention methods to reduce IT
risk for a gigantic corporation. This organization can adopt security architecture or steps to
reduce various problems and risk such as password-based systems, use of antivirus and
firewall, control and monitor unwanted traffic signals, detect spam emails and messages by
encryption method and cryptography process.
4.0 Risk assessment based on threats, vulnerabilities and consequences
Cyber threats are defined as circumstance with the potential to cause harm and it is
very harmful to human-computer systems. There are many examples of cyber threats such as
flooding process for data systems, an administrator accidentally wiping a production process,
political activities of DDOS attacks (Cherdantseva, et al., 2016) Attackers produce various
malware and botnet by which they can enter into gigantic websites and block their authentic
servers. Vulnerabilities mean weakness in a computer system and the main drawback of the
gigantic corporation is that it does not use any security policy and strategy by which they lost

5IT RISK MANAGEMENT
their privacy. SQL injection is the very common example of vulnerabilities and to reduce this
problem SQL certificate has been developed (Deshmukh & Devadkar, 2015). There are many
threats and risks of cyber security are detected which are describing below-
 Malware
 Ransom ware
 Phishing
 SQL injection attack
 Cross-site Scripting
 DOS attack
 Man in the middle attacks
Malware
Malware is a complex algorithm process which is used by attackers to hack data or
information of any organization. Gigantic Corporation is facing from this problem and they
can lose their private details. It is a type of software which detects detail of authentic servers
and once malware enters into computer device then it can control and monitor
communication systems and other activities (Isozaki et al., 2016) Aggressors will utilize an
assortment of techniques to get malware into your PC, yet at some stage it regularly requires
the client to make a move to introduce the malware. This can incorporate clicking a
connection to download a record, or opening a connection that may look safe (like a Word
report or PDF connection), however really has a malware installer covered up inside.
Phishing

6IT RISK MANAGEMENT
The first step of an attacker is that they collect all required information like IP
address, network protocols, type of server, and kind of security system. After that, they install
malware and other hacking processes into computer systems and encrypt complete
information of any organization. Gigantic Corporation received many spam e-mails by which
hackers enter into the authorized server and after that, they demand money to restore their
private data (Johnston, Warkentin, McBride, & Carter, 2016).
SQL injection attack
SQL is defined as a structured query language which is a part of programming
language. The main objective of SQL is to provide communication between network devices
and database systems. Gigantic Corporation uses various servers to store data and SQL is
used to manage the data or information in their database (Liu, et al., 2017). SQL injection
attack on a database of any organization with the help of various malicious source code and
attackers can monitor their peripheral devices.
Cross-Site Scripting
It is a very common type of cyber-attack in which hacker's directly targeting websites
of Gigantic Corporation and they use traffic signals and injected browser process rather than
algorithm code that provides complete information of any organization. A standout amongst
the most well-known ways an assailant can send a cross-site scripting assault is by infusing
noxious code into a remark or a content that could naturally run. For instance, they could
install a connection to a malevolent JavaScript in a remark on a blog (Kateb, Tushar, Assi, &
Debbabi, 2018).
DOS attack
DOS refer as denial of service which is the most common type of attack and it uses
flooding or botnet process to encrypt website of an organization. From last few years, the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7IT RISK MANAGEMENT
gigantic organization is suffering from DDOS and DOS attack and it is observed that this
occurs due to lack of security. In which hackers design flooding messages and unwanted
traffic signals and an organization do not handle more traffic due to this problem they can
lose privacy as well as personal details like login id and password and account details. n a
few occurrences, these DoS assaults are performed by numerous PCs in the meantime. This
situation of assault is known as a Distributed Denial-of-Service Attack (DDoS). This sort of
assault can be much harder to defeat because of the aggressor showing up from a wide range
of IP addresses the world over at the same time, making deciding the wellspring of the assault
significantly more troublesome for arranging overseers.
Man in middle attacks
In this type of attack, hackers detect login ID and password of an account with the
help of the injection process. In this modern technology, consumers use wireless technology
for communication purpose and attackers can easily block their servers due to which the rate
of unauthorized has increased. Active eavesdropping is a very best example of this attack and
in which hackers develop independent interconnection with the victims and transfer messages
between consumers (Memon, & Kauhaniemi, 2015).
4.1 IT control framework
There are many communication technologies are developed by which users can share
and receive data from long distance and Gigantic Company uses wireless communication
process which is very less in security. Information and communication produced various
kinds of policies and steps to reduce potential IT risks such as use proper security
programmes, adopt biometric recognition methods, remove fraud e-mails and messages, use
antivirus and firewall, and use limited login attempts (Min, Chai, & Han, 2015). Through
these steps, we can improve the privacy of Gigantic Corporation. At that time pattern

8IT RISK MANAGEMENT
recognition is very best process by which consumers can improve their privacy and it is
identified that hackers send spam emails to customers and produce unauthorized services.
4.1.1 Policy and procedure
Security policy is a type of process which is used to control the rate of cyber-crimes
and threats. It is a primary method by which users can improve their security and Gigantic
Corporation can adopt security steps and strategies which are described below:
Confidential data
Information is a very important key element of any organization and consumer. There
are many examples of confidential data such as data from partners, patents, formulas, and
modern technologies, and a list of consumers. This policy is developed to understand the
problem of a data breach (Ntalampiras, 2015).
Protect personal and organization devices
When an employee in an organization utilizes their peripheral devices to access gigantic
accounts then they also introduce various security risks (Abomhara & Koien, 2015). The
organization can provide a platform where employees can understand the role of security and
safe their digital devices. There are few steps can be used for the gigantic organization such
as
 Use a password-based system
 Use antivirus software
 Adopt biometric systems
 Ensure that users do not leave their computer systems unattended
 Keep updating their software on a regular basis

9IT RISK MANAGEMENT
 Limited login attempts
 Login organization e-mails and accounts into authentic servers.
 Employees of gigantic access their personal details and accounts into their computer
devices rather than other.
Keep emails safe
Numbers of hackers attack digital devices of organization with the help of e-mails and
they send spam emails to user’s accounts. The gigantic organization can develop instruction
for employees to secure their emails and messages and a few steps can be used like-
 Reduce opening attachments and avoid the use of fraud links or unauthorized servers
 Be suspicious of clickbait titles
 Check emails and delete spam emails and various unwanted offers
 Look for inconsistencies (Abomhara & Koien, 2015).
Manage passwords properly
Hacker’s uses flooding and malware software by which they can detect login ID and
password, so users can use biometric recognition process which is more secure. Gigantic
Corporation can adopt fingerprint and iris technology which can secure consumers private
details. There are the following procedure can be used for this organization such as
 Chose string passwords rather than simple
 Remember the password of their device as compared to writing in a notebook or
mobile phones.
 Use limited access

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10IT RISK MANAGEMENT
 Change password of personal account every two months
 Exchange credentials only when absolutely necessary
Transfer data securely
 Use encryption method for communication purpose
 Adopt encoding and decoding method and use digital communication rather than
analog
 Avoid transferring sensitive data
 Use authentic Wi-Fi servers
 Produce annual report on data breach and scams and analysis problem of security
(Abomhara & Koien, 2015).
Additional measures
 Turn off their system when leaving their desks
 Identify any unwanted signals and traffic
 Change all accounts password when system us stole
 Avoid accessing suspicious websites and servers
4.2 Key threat agents
It is defined as a process which is used to breach the security of any system and its
uses exploiting method. Security threats are the very common problem for every intonation
technology and it is observed that vulnerabilities can be avoided by adopting security
programmes (Osho & Onoja, 2015).

11IT RISK MANAGEMENT
Figure 1: Threats agents
(Source: Osho & Onoja, 2015, pp-14)
4.2.1 List of threat agents
There are the following type of threat agents which are increasing security risks and
issues
 Nation states
 Corporation: partners and competitor
 Non-target specific: Bacteria, worms, logic, bombs, and viruses
 Employees: staff, consumers, guards, and operations clients
 Terrorists: Political, anarchists, and religious
 ESA: media, activist, vandals, the general public, extremists, and governments
 Organized crimes: gangs, Patricia, and international contacts
 Natural disasters: Fire, flood, wind, sand, and earthquake (Quigley, Burns, & Stallard,
2015).

12IT RISK MANAGEMENT
Figure 2: Threat agent’s process
(Source: Quigley, Burns, & Stallard, 2015, pp-110)
4.2.2 Issues
Data breach is the main issue for an organization and it is identified that around 60%
of attacks are completed by internal factors like the staff, employees, and guards. Hackers
first detect the location of any access and after that, they monitor the complete process to
hack personal data (Abomhara, & Køien, 2015). In which they faced the problem of
authentication and if any organization use authorized server than it is very difficult to encrypt
their systems.
4.3.3 Consequences
A huge cyber-attack causes damage to the business organization by affecting its
bottom line, customer trust along with business standing. Following are the consequences of
security breach such as:
Financial loss: The security breach or cyber-attacks cause financial loss by theft of
business information, financial information such as bank and payment details. There is also
theft of money and disruption of trading (Safa, Von, & Furnell, 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13IT RISK MANAGEMENT
Reputational damage: The trust is required element into the customer relationship.
The cyber-attacks can cause damage to the business reputations, affects the relationships,
third party visitors as well as investors. The gigantic corporation can lose their business value
into the market.
Legal consequences: The data protection in addition to data privacy is required to
manage the security of the personal data of both staffs and also customers (Kateb et al.,
2018). When the data is compromised, then the organization is failed to deploy with security
measures, and also regulatory sanctions.
4.3 Mitigation of risks and their impact on the system
Cyber- crimes and security threats can impact on organization behaviour and
business. It is investigated that this can affect the business standing ratio, consumer trust, and
also impact the bottom line. Through which users can be lost their personal details like login
ID and passwords, account details, and information. If Gigantic Corporation does not adopt
security plans and policies than it can face financial issues. Loss of sales, loss of customers,
reduction in profit all these are common cause of cyber security threats (Abomhara & Koien,
2015).
Gigantic Corporation is a type of IT Company which provides information
technologies to consumers and it is observed that technologies used in this organization are
less secure. The problem of security can be reduced by improving protection methods.
Consumers should adopt biometric recognition system because fingerprint and irises both are
very secure as compare to the password-based system. The organization should make their
security guidelines and analysis threats and risks at the end of the week. People can use
antivirus and firewall software to remove malicious and other flooding emails. Hackers share

14IT RISK MANAGEMENT
traffic signals into organization websites and use unauthorized servers so if users use only
authentic websites and servers then they can avoid this type of problem.
5.0 Literature review
Security of information system is a very important process for an organization and it
is very difficult to control and monitor cyber threats (Safa, Von, & Furnell, 2016). There are
many authors that are already discussed the problem of cyber-attack and they identified that
lack of security plan is a very common problem for any organization (Tweneboah, Skouby, &
Tadayoni, 2017). The problem of cyber-security and threat is not new but it is growing very
fast because users use simple password process and they click on unwanted links by which
hackers can control their computer systems (Wu et al., 2016). Gigantic Corporation was
suffered a ransomware attack in the last few years and employees use unauthentic websites
by which attacks detect their account details (Abomhara & Koien, 2015).
5.1 Safeguards
1. When it is believed that the private data are compromised into the network, then the
incidents are notified to the office of information technology by sending of email.
2. When it is noticed that the computer has some unusual behaviour, then there is
required to run of antivirus software for checking for the update properly and when it
was final updated (Chakhchoukh & Ishii, 2015).
3. There is required to implement of password security recommendations by selecting of
strong password. The password should be selected using minimum of 8 characters
with combinations of number, special characters and case letters. The password
should be changed for every 90-360 days.
4. Email attachments are not opened from any unknown sources. Secure sockets layer
protocol enable is required to send of email through use of provided accounts. It

15IT RISK MANAGEMENT
should be required to check for the addressee before sending any email to prevent
from transmission of confidential data to wrong recipient (Kateb et al., 2018).
5. There is required to keep the operating system and also anti-virus software up-to-date.
IT provider is contacted to set the computer for receiving of automatic updates to
deliver extra layers of security functions.
5.2 Security mechanisms
There are many prevention methods and mechanisms are developed by information and
technology which are explained below:
 Access control: It is selective restriction of access towards a data or a resource. There
is required a permission to access to the resources which is termed as authorization.
 Identification and authentication process: There is required of user identification to
security system and authentication is claimed that user identification is verified
through user provided evidences (Kateb et al., 2018).
 Managing security programmes: Security programmes are done into the organization
so that the system users and other employees can come to know about the security of
the confidential information (Ntalampiras, 2015).
 Use of firewall software: This software is designed to prevent of unauthorized access
to the network. The firewall is implemented in hardware or software form and with
combinations of both. It prevents unauthorized internet users to access to the private
network connected to the internet.
 Scanning and analysis tools and methods: The methods are used for the purpose of
port scanning, password cracking and tool used are ARP spoofing, MAC flooding and
others (Chakhchoukh & Ishii, 2015).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16IT RISK MANAGEMENT
 Cryptography technology: This technique secures the communication in presence of
the third party by use of secret keys to encrypt besides decrypt the data.
 Encryption method: It is a public key algorithm which is used to encrypt of data sent
over the internet. Two keys are used such as public key is to encrypt the message and
private key is to decrypt the message.
 Pattern recognition process: It is used to classify input data into the classes focused on
the key features (Rid, & Buchanan, 2015).
 Biometric process: Verifications are done by evaluation of biological traits such as
fingerprints, retina, voice waves, signatures, DNA and others.
5.3 Change in key principle of information by which employees can secure
their information
Following are key principles of the information security which are required to be
changed:
Confidentiality: There are change into this principles so that only authorized person
can able to see the confidential information and no third party person can access to the
information (Kateb et al., 2018).
Integrity: There is change to the information by any unauthorized users are possible
and change by the authorized users are being tracked.
Availability: There is change into principles where the information is accessible when
authorized users can require it.

17IT RISK MANAGEMENT
6.0 Conclusion
Cyber security provides many prevention steps and it also monitors the problem of
security threats. Many consumers use wireless networks and gigantic Corporation is also
using network protocols to communicate with others which are very less insecure. So, the
internet of thing and digital communication both are very best methods for communication
purpose and this organization can adopt this system. For a gigantic corporation, there are
many policies and procedure established which are evaluated in this report. This report
described various kinds of threats and vulnerabilities of cybersecurity and different policy are
also explained by which gigantic organization can reduce the issue of security. Therefore,
employees should log in company emails and account in authentic servers and websites and
management team should use an encryption method to communicate with their clients. The
problem of security can be avoided if consumers use strong password process like fingerprint
or hand geometry because hackers can develop an unauthorized system which can detect
passwords.

18IT RISK MANAGEMENT
6. References
Abomhara, M., & Køien, G. M. (2015). Cybersecurity and the internet of things:
vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), 65-88.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods
for cybersecurity intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176.
Carr, M. (2016). Public-private partnerships in national cyber-security
strategies. International Affairs, 92(1), 43-62.
Chakhchoukh, Y., & Ishii, H. (2015). Coordinated cyber-attacks on the measurement
function in hybrid state estimation. IEEE Transactions on Power Systems, 30(5),
2487-2497.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding the DDoS attack & its effect on
the cloud environment. Procedia Computer Science, 49, 202-210.
Isozaki, Y., Yoshizawa, S., Fujimoto, Y., Ishii, H., Ono, I., Onoda, T., & Hayashi, Y. (2016).
Detection of cyber attacks against voltage control in distribution power grids with
PVs. IEEE Transactions on Smart Grid, 7(4), 1824-1835.
Johnston, A. C., Warkentin, M., McBride, M., & Carter, L. (2016). Dispositional and
situational factors: influences on information security policy violations. European
Journal of Information Systems, 25(3), 231-251.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

19IT RISK MANAGEMENT
Kateb, R., Tushar, M. H. K., Assi, C., & Debbabi, M. (2018). Optimal tree construction
model for cyber-attacks to wide area measurement systems. IEEE Transactions on
Smart Grid, 9(1), 25-34.
Liu, X., Shahidehpour, M., Li, Z., Liu, X., Cao, Y., & Li, Z. (2017). Power system risk
assessment in cyber attacks considering the role of protection systems. IEEE
Transactions on Smart Grid, 8(2), 572-580.
Memon, A. A., & Kauhaniemi, K. (2015). A critical review of AC Microgrid protection
issues and available solutions. Electric Power Systems Research, 129, 23-31.
Min, K. S., Chai, S. W., & Han, M. (2015). An international comparative study on cyber
security strategy. International Journal of Security and Its Applications, 9(2), 13-20.
Ntalampiras, S. (2015). Detection of integrity attacks in cyber-physical critical infrastructures
using ensemble modeling. IEEE Transactions on Industrial Informatics, 11(1), 104-
111.
Osho, O., & Onoja, A. D. (2015). National Cyber Security Policy and Strategy of Nigeria: A
Qualitative Analysis. International Journal of Cyber Criminology, 9(1), 14.
Quigley, K., Burns, C., & Stallard, K. (2015). ‘Cyber Gurus’: A rhetorical analysis of the
language of cybersecurity specialists and the implications for security policy and
critical infrastructure protection. Government Information Quarterly, 32(2), 108-117.
Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-
2), 4-37.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. Computers & Security, 56, 70-82.

20IT RISK MANAGEMENT
Tweneboah, S., Skouby, K. E., & Tadayoni, R. (2017). Cyber security threats to IoT
applications and service domains. Wireless Personal Communications, 95(1), 169-
185.
Wu, D., Ma, F., Javadi, M., & Jiang, J. N. (2016). Fast screening severe cyber attacks via
transient energy-based impact analysis. CSEE Journal of Power and Energy
Systems, 2(3), 28-34.

1 out of 21

+13062052269

info@desklib.com

IT Risk Management: Threats, Vulnerabilities and Prevention Methods

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Risk Assessment based on Cloud Security

Risk Assessment based on Cloud Security

Cyber Security Risk Assessment Report for Gigantic Corporation

Cybersecurity Threats and Mitigation Strategies

Network Security Analysis: Cyber Security

IT Risk Management: Cyber Security