IT Security: A Comprehensive Guide to Protecting Your Organization
VerifiedAdded on 2024/06/03
|25
|6063
|108
AI Summary
This comprehensive guide explores the fundamental concepts of IT security, covering topics such as identifying security risks, implementing security procedures, assessing and treating IT security risks, and designing and implementing a security policy. It also delves into the importance of network monitoring systems, data protection processes, and disaster recovery planning. The guide provides practical examples and real-world scenarios to illustrate key concepts and best practices.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IT Security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
Introduction..................................................................................................................................................1
LO 1.............................................................................................................................................................2
P1 Identify types of security risks to organisations.................................................................................2
P2 Describe organisational security procedures......................................................................................3
M1 Propose a method to assess and treat IT security risks......................................................................4
LO2..............................................................................................................................................................7
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third-
party VPNs...............................................................................................................................................7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security.......................................................................................................................9
M2 Discuss three benefits to implement network monitoring systems with supporting reasons..........10
LO 3...........................................................................................................................................................12
P5 Discuss risk assessment procedures..................................................................................................12
P6 Explain data protection processes and regulations as applicable to an organisation........................13
M3 Summarise the ISO 31000 risk management methodology and its application in IT security.......13
M4 Discuss possible impacts to organisational security resulting from an IT security audit................15
LO 4...........................................................................................................................................................16
P7 Design and implement a security policy for an organisation...........................................................16
P8 List the main components of an organisational disaster recovery plan, justifying the reasons for
inclusion.................................................................................................................................................17
M5 roles of stakeholders in the organisation to implement security audit recommendations...............18
Conclusion.................................................................................................................................................19
References..................................................................................................................................................20
Introduction..................................................................................................................................................1
LO 1.............................................................................................................................................................2
P1 Identify types of security risks to organisations.................................................................................2
P2 Describe organisational security procedures......................................................................................3
M1 Propose a method to assess and treat IT security risks......................................................................4
LO2..............................................................................................................................................................7
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third-
party VPNs...............................................................................................................................................7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security.......................................................................................................................9
M2 Discuss three benefits to implement network monitoring systems with supporting reasons..........10
LO 3...........................................................................................................................................................12
P5 Discuss risk assessment procedures..................................................................................................12
P6 Explain data protection processes and regulations as applicable to an organisation........................13
M3 Summarise the ISO 31000 risk management methodology and its application in IT security.......13
M4 Discuss possible impacts to organisational security resulting from an IT security audit................15
LO 4...........................................................................................................................................................16
P7 Design and implement a security policy for an organisation...........................................................16
P8 List the main components of an organisational disaster recovery plan, justifying the reasons for
inclusion.................................................................................................................................................17
M5 roles of stakeholders in the organisation to implement security audit recommendations...............18
Conclusion.................................................................................................................................................19
References..................................................................................................................................................20
LIST OF FIGURES
Figure 1:Type of security risk.....................................................................................................................2
Figure 2:Sercurity procedure.......................................................................................................................3
Figure 3: Risk as the function of vulnerabilities, threats and risks..............................................................5
Figure 4: phases for IT security risk assessment.........................................................................................5
Figure 5: Firewall.........................................................................................................................................7
Figure 6:VPNS.............................................................................................................................................8
Figure 7:DMZ Functioning..........................................................................................................................9
Figure 8:NAT functioning.........................................................................................................................10
Figure 9: ISO 31000 standard....................................................................................................................14
Figure 1:Type of security risk.....................................................................................................................2
Figure 2:Sercurity procedure.......................................................................................................................3
Figure 3: Risk as the function of vulnerabilities, threats and risks..............................................................5
Figure 4: phases for IT security risk assessment.........................................................................................5
Figure 5: Firewall.........................................................................................................................................7
Figure 6:VPNS.............................................................................................................................................8
Figure 7:DMZ Functioning..........................................................................................................................9
Figure 8:NAT functioning.........................................................................................................................10
Figure 9: ISO 31000 standard....................................................................................................................14
Introduction
The project is based on the study of the security for the information technology to implement the new
technologies for the protection of the organisation. The Ramsac is the organisation that is used in the
project and the factors are implemented for the growth and development by reducing the safety
precaution in IT security. The type of security risk is explained along with the security procedure and IT
risk treatments. The project has provided the incorrect configuration of the VPNs and firewall that
provide the protection from the hackers and viruses. DMZ, Static IP and NAT network security is used
for the organisations security. The risk methodology is used in the project for the IT security and the
stakeholder audit and recommendation is explained in the project for the implementation of the new
technologies.
1
The project is based on the study of the security for the information technology to implement the new
technologies for the protection of the organisation. The Ramsac is the organisation that is used in the
project and the factors are implemented for the growth and development by reducing the safety
precaution in IT security. The type of security risk is explained along with the security procedure and IT
risk treatments. The project has provided the incorrect configuration of the VPNs and firewall that
provide the protection from the hackers and viruses. DMZ, Static IP and NAT network security is used
for the organisations security. The risk methodology is used in the project for the IT security and the
stakeholder audit and recommendation is explained in the project for the implementation of the new
technologies.
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
LO 1
P1 Identify types of security risks to organisations.
The organisation main aim is to protect the operation of the system so that the records and data can be
keep safe and secure. The organisation faces the various aspects of problem and difficulties in terms of
the security. The types of security risk that affect the organisation is explained below:
Figure 1:Type of security risk
(Source: Self created)
Internet and network attack: The internet and network occur the huge level of the viruses and threats
while transferring the information from one path to other. The organisation cannot keep the internet
isolated it has to be used in all the way so must be used in such a way that cannot break the security of
the organisation (Eriksson, 2017).
Unauthorized access and use: The organisation must keep the security strong so that the unauthorized
user cannot hack the confidential data and record. It is most increasing risk type in field of the security
as the third person easily breaks the security so it should be protected.
2
Internet and network attack
unathorized access and use
Hardware / Software theft
Information theft
system failure
P1 Identify types of security risks to organisations.
The organisation main aim is to protect the operation of the system so that the records and data can be
keep safe and secure. The organisation faces the various aspects of problem and difficulties in terms of
the security. The types of security risk that affect the organisation is explained below:
Figure 1:Type of security risk
(Source: Self created)
Internet and network attack: The internet and network occur the huge level of the viruses and threats
while transferring the information from one path to other. The organisation cannot keep the internet
isolated it has to be used in all the way so must be used in such a way that cannot break the security of
the organisation (Eriksson, 2017).
Unauthorized access and use: The organisation must keep the security strong so that the unauthorized
user cannot hack the confidential data and record. It is most increasing risk type in field of the security
as the third person easily breaks the security so it should be protected.
2
Internet and network attack
unathorized access and use
Hardware / Software theft
Information theft
system failure
Hardware and software theft: The security level can be break or hacked by the unauthorized user by
damaging the software and hardware of the operating system. The Ramsac organization can configure
the high level of software and hardware so that it can be keep safe and secure from the hacker and thefts.
System Failure: The system protection is major source of risk security the hacker and theft make the
system track stop the functioning of the system operation. The user can make the system recheck so that
the system failure problem cannot arise in the computers. The authentication can make the strong so that
the system can be protected from the theft and viruses. The system failure cause by the large no of
viruses by using the internet and network as these carries viruses in no of amount that can affect the
working of the system.
P2 Describe organisational security procedures
The security procedure of the organisation can make the level of the security high and keep the process
follow so that protection can be increase. The procedures refer to the proper functioning of the system
by indulging the security in the operation of the system. The organisation can follow the below process
for the security of the computer system are given below:
Figure 2:Sercurity procedure
(Source: self created)
3
Implementation and
treatement
Review and
monitoring
Identofication of risk
Risk assessment
Treamtement
identifcation
Corrective and
preventive actions
Act
Plan
Do Check
damaging the software and hardware of the operating system. The Ramsac organization can configure
the high level of software and hardware so that it can be keep safe and secure from the hacker and thefts.
System Failure: The system protection is major source of risk security the hacker and theft make the
system track stop the functioning of the system operation. The user can make the system recheck so that
the system failure problem cannot arise in the computers. The authentication can make the strong so that
the system can be protected from the theft and viruses. The system failure cause by the large no of
viruses by using the internet and network as these carries viruses in no of amount that can affect the
working of the system.
P2 Describe organisational security procedures
The security procedure of the organisation can make the level of the security high and keep the process
follow so that protection can be increase. The procedures refer to the proper functioning of the system
by indulging the security in the operation of the system. The organisation can follow the below process
for the security of the computer system are given below:
Figure 2:Sercurity procedure
(Source: self created)
3
Implementation and
treatement
Review and
monitoring
Identofication of risk
Risk assessment
Treamtement
identifcation
Corrective and
preventive actions
Act
Plan
Do Check
Planning: The first procedure of the security is to plan the risk in two different ways such as
identification of the risk, risk assessment and treatment identification. The organisation first finds out
the operation so that the risk can be identified after that it can be easy for the risk treatment.
Do: After the planning of the risk and its identification the implementation can be applied for the
security of the computer and its operation. The do phase of the security procedure make the business
more reliable as it identified the functional activities (Peltier, 2016).
Check: The third step of the security procedure is to check the risk such as to review the threats and
viruses and its occurrence so that it can be rectified or correctives by the experts and professionals. The
checking of the system must be in the proper way so that virus expansion can be stop by the experts and
experienced person of the organisation.
Action: The action is the last step of the security procedure under this process the threats and viruses
can be finished by implementing the new techniques and tools in the operation of the computer. For the
security of the IT the configuration of high quality of hardware and software can be used so that the
level of the security can be increased. The main purpose of the security is to keep the level more reliable
and secure while action the function in system.
M1 Propose a method to assess and treat IT security risks
Risk assessment for the organization is the snapshot of the current risks those are impacting the
performance or security. The risk assessment process of the organization can contain the following
phases:
Threat identification: Threats on IT systems and security should be identified in the phase with the help
of the stakeholders and the proven evidence from the activities. It has analysis of the threats,
vulnerabilities and assets related to the threat.
Threat characterisation: The phase has role to identify the impacts and the likelihood of the threats in
the organization. Threats are characterised for the impacts on business security.
Exposure assessment: It means to assess the exposure of the threats on the assets of the organization. It
helps to understand the risks and their impacts on the organization. It determines which assets are at
risks or exposed to the unauthenticated users (ENISA security procedure, 2018).
4
identification of the risk, risk assessment and treatment identification. The organisation first finds out
the operation so that the risk can be identified after that it can be easy for the risk treatment.
Do: After the planning of the risk and its identification the implementation can be applied for the
security of the computer and its operation. The do phase of the security procedure make the business
more reliable as it identified the functional activities (Peltier, 2016).
Check: The third step of the security procedure is to check the risk such as to review the threats and
viruses and its occurrence so that it can be rectified or correctives by the experts and professionals. The
checking of the system must be in the proper way so that virus expansion can be stop by the experts and
experienced person of the organisation.
Action: The action is the last step of the security procedure under this process the threats and viruses
can be finished by implementing the new techniques and tools in the operation of the computer. For the
security of the IT the configuration of high quality of hardware and software can be used so that the
level of the security can be increased. The main purpose of the security is to keep the level more reliable
and secure while action the function in system.
M1 Propose a method to assess and treat IT security risks
Risk assessment for the organization is the snapshot of the current risks those are impacting the
performance or security. The risk assessment process of the organization can contain the following
phases:
Threat identification: Threats on IT systems and security should be identified in the phase with the help
of the stakeholders and the proven evidence from the activities. It has analysis of the threats,
vulnerabilities and assets related to the threat.
Threat characterisation: The phase has role to identify the impacts and the likelihood of the threats in
the organization. Threats are characterised for the impacts on business security.
Exposure assessment: It means to assess the exposure of the threats on the assets of the organization. It
helps to understand the risks and their impacts on the organization. It determines which assets are at
risks or exposed to the unauthenticated users (ENISA security procedure, 2018).
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Risk characterization: It means to evaluate the risk on the assets and data and determine the potential
impacts on the business. Risk characterization also related to the identification of the sources of the risks
and devices infected for the security.
Figure 3: Risk as the function of vulnerabilities, threats and risks
(Source: ENISA security procedure)
Figure 4: phases for IT security risk assessment
(Source: ENISA security procedure)
Risk treatment
To treat the risk effective the organization can select one of the process according to the demands and
scope:
Mitigation: It means to reduce the risks and impacts on the business. It focuses on the solution of the
risks to reduce the loss and enhance the security.
5
impacts on the business. Risk characterization also related to the identification of the sources of the risks
and devices infected for the security.
Figure 3: Risk as the function of vulnerabilities, threats and risks
(Source: ENISA security procedure)
Figure 4: phases for IT security risk assessment
(Source: ENISA security procedure)
Risk treatment
To treat the risk effective the organization can select one of the process according to the demands and
scope:
Mitigation: It means to reduce the risks and impacts on the business. It focuses on the solution of the
risks to reduce the loss and enhance the security.
5
Transfer: Risk can be transferred to the third party through the outsourcing and service providing so that
the organization can focus on the security and business operations. It helps to save the cost and time to
handle the risks and ensures maximum recovery from the lost.
Avoidance: Management can make the decisions on the risk handling. They can avoid the risk to focus
on the primary goals. However, there is threat that the organization can face more critical conditions if
risk exploit to more assets and data sources (Aljawarneh, 2013).
Retention of risks: The risks can be retained in the business with the proper planning and management
practices. It means to accept the risks and resolve with proper planning whereas the risks are solved over
the time. During the risk retention process, the organization insurances for the full or part of the risks to
recover the benefits. In it, the organization has no complete management plan for the risk and only focus
on the benefitted areas to attain the most of the returns.
6
the organization can focus on the security and business operations. It helps to save the cost and time to
handle the risks and ensures maximum recovery from the lost.
Avoidance: Management can make the decisions on the risk handling. They can avoid the risk to focus
on the primary goals. However, there is threat that the organization can face more critical conditions if
risk exploit to more assets and data sources (Aljawarneh, 2013).
Retention of risks: The risks can be retained in the business with the proper planning and management
practices. It means to accept the risks and resolve with proper planning whereas the risks are solved over
the time. During the risk retention process, the organization insurances for the full or part of the risks to
recover the benefits. In it, the organization has no complete management plan for the risk and only focus
on the benefitted areas to attain the most of the returns.
6
LO2
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third-
party VPNs.
The IT security is applied in the organisation to keep the data and records safe and protected for
authentic user of important programming function. The cyber security can be used to protect the
function from the theft, damaging of the file, unwanted attack of the hacker and viruses etc. The
development of the IT security has provided the configuration for the system so that it can be protected
from the unwanted damaging of the files and folders. The impact of the incorrect configuration of the
firewall policies and third party virtual processing network given below:
Figure 5: Firewall
(Source: Dan Davis, 2018)
Firewall: The firewall refers to the software that helps in the protection of the computer system to
prevent the unauthorized activities that can affect the working of the system manually and
automatically. The firewall hardware and software is used to stop the unauthorized user that access
through internet. The firewall provides the actual access for the users so that it can be prevented from
the threats and viruses etc (Shibata and Hanada 2015). The incorrect configuration of the firewall can
affect the various functions are given below:
7
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third-
party VPNs.
The IT security is applied in the organisation to keep the data and records safe and protected for
authentic user of important programming function. The cyber security can be used to protect the
function from the theft, damaging of the file, unwanted attack of the hacker and viruses etc. The
development of the IT security has provided the configuration for the system so that it can be protected
from the unwanted damaging of the files and folders. The impact of the incorrect configuration of the
firewall policies and third party virtual processing network given below:
Figure 5: Firewall
(Source: Dan Davis, 2018)
Firewall: The firewall refers to the software that helps in the protection of the computer system to
prevent the unauthorized activities that can affect the working of the system manually and
automatically. The firewall hardware and software is used to stop the unauthorized user that access
through internet. The firewall provides the actual access for the users so that it can be prevented from
the threats and viruses etc (Shibata and Hanada 2015). The incorrect configuration of the firewall can
affect the various functions are given below:
7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The incorrect configuration of the firewall can provide the lack of security to the user.
The unauthorized activities can be increase if the firewall is not installed (Rai, 2015).
Figure 6:VPNS
(Source: Roland Waddilove, 2018)
VPNs: The full form of the VPNs is refer to the virtual private network it is the technology that is used
to keep the private and public network save and secure from the hackers. The VPNs services are
generally used by the government as this sector have the most important and confidential data. The main
act of the VPNs is to protect the data and confidential records from the third party users. The impacts of
the incorrect configuration of the VPNs are given below:
The data and confidential records can easily recover by the hacker and third party assessors.
The internet can directly impact on the users data and damage the files and folder in the system.
Lack of the proper operation functioning of system
8
The unauthorized activities can be increase if the firewall is not installed (Rai, 2015).
Figure 6:VPNS
(Source: Roland Waddilove, 2018)
VPNs: The full form of the VPNs is refer to the virtual private network it is the technology that is used
to keep the private and public network save and secure from the hackers. The VPNs services are
generally used by the government as this sector have the most important and confidential data. The main
act of the VPNs is to protect the data and confidential records from the third party users. The impacts of
the incorrect configuration of the VPNs are given below:
The data and confidential records can easily recover by the hacker and third party assessors.
The internet can directly impact on the users data and damage the files and folder in the system.
Lack of the proper operation functioning of system
8
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security
Figure 7:DMZ Functioning
(Source: softwareall.info, 2018)
DMZ: The DMZ refer to the Demilitarized Zone the term means that the connection between the
perimeter networks. The DMZ separates the Local and unauthorized network (un-trusted network) from
the internet. The organisation can apply the DMZ for the security of the local network so that it can
protect from the internet viruses. For example Demilitarized zone can be accessed in the organisation for
the security of the public as well as the private network. The DMZ can help in the organisation
procedure for the safe and security that can be applied with the firewall and VPNs (Rababah et.al 2018).
Static IP: The static IP is the static address that does not change the functioning of the internal and
external devices. The organisation can use the static IP address for the transformation of the information
from one place to other without the IP address the information cannot be passed by the actual personals.
For instance the Ramsac can implement the static IP address for transformation of the IP that will
increase the level of the information security.
NAT: The network access translations are used for the transformation of the network from public users
to private users and provide the protection to the system so that it cannot be hacked by the third person.
For Example the Ramsac can apply the NAT facilities in the organisation for the transformation of the
9
improve Network Security
Figure 7:DMZ Functioning
(Source: softwareall.info, 2018)
DMZ: The DMZ refer to the Demilitarized Zone the term means that the connection between the
perimeter networks. The DMZ separates the Local and unauthorized network (un-trusted network) from
the internet. The organisation can apply the DMZ for the security of the local network so that it can
protect from the internet viruses. For example Demilitarized zone can be accessed in the organisation for
the security of the public as well as the private network. The DMZ can help in the organisation
procedure for the safe and security that can be applied with the firewall and VPNs (Rababah et.al 2018).
Static IP: The static IP is the static address that does not change the functioning of the internal and
external devices. The organisation can use the static IP address for the transformation of the information
from one place to other without the IP address the information cannot be passed by the actual personals.
For instance the Ramsac can implement the static IP address for transformation of the IP that will
increase the level of the information security.
NAT: The network access translations are used for the transformation of the network from public users
to private users and provide the protection to the system so that it cannot be hacked by the third person.
For Example the Ramsac can apply the NAT facilities in the organisation for the transformation of the
9
information from one network to other that will make the work easier for the employees and worker
(Carvalho and Ford 2014).
Figure 8:NAT functioning
(Source: David, 2007)
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
The businesses are using network monitoring systems those are computer applications installed on the
server or workstation to manage and monitor the network activities, user activities and business
operations. Such programs are installed in the network to reduce the complexity in the management and
enhance the efficiency to manage the network for security, performance and reliability.
Automation
The major benefit to the organization is that network monitoring systems can provide the automation in
the services. Such systems can alert on the security breaches and identify the threats and risks on the
basis of automatic regular scanning of the user and network activities. Operations can be managed with
the scripting or configuration so that decision can be made to protect the network. With the fewer
interference of the network administrator, the system can provide more reliable data security and
enhance the device management (Asrodia and Patel, 2012).
Reporting
10
(Carvalho and Ford 2014).
Figure 8:NAT functioning
(Source: David, 2007)
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
The businesses are using network monitoring systems those are computer applications installed on the
server or workstation to manage and monitor the network activities, user activities and business
operations. Such programs are installed in the network to reduce the complexity in the management and
enhance the efficiency to manage the network for security, performance and reliability.
Automation
The major benefit to the organization is that network monitoring systems can provide the automation in
the services. Such systems can alert on the security breaches and identify the threats and risks on the
basis of automatic regular scanning of the user and network activities. Operations can be managed with
the scripting or configuration so that decision can be made to protect the network. With the fewer
interference of the network administrator, the system can provide more reliable data security and
enhance the device management (Asrodia and Patel, 2012).
Reporting
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Reports can be generated from the network usage and activities so that the organization can make
decision for the strategic benefits. Threats and risks can be notified in real time and graphical data can
be presented to support decision making. Also it is easy to share the data and ensure the real time
execution of the decisions and actions on the network. The reports are useful to make decision on the
bugs and issues in the network system (Lee et al, 2014).
Cost and time benefits with enterprise management
The organization can save the cost and time on the implementation of the security because the systems
started to return on the investment from the first time of the installation and deliver the continuous
monitoring. In comparison of the manual monitoring of network system, it provides reliable data with
high accuracy and ensures security on the data, assets and communication with automatic updates
according to changes in the network technologies.
11
decision for the strategic benefits. Threats and risks can be notified in real time and graphical data can
be presented to support decision making. Also it is easy to share the data and ensure the real time
execution of the decisions and actions on the network. The reports are useful to make decision on the
bugs and issues in the network system (Lee et al, 2014).
Cost and time benefits with enterprise management
The organization can save the cost and time on the implementation of the security because the systems
started to return on the investment from the first time of the installation and deliver the continuous
monitoring. In comparison of the manual monitoring of network system, it provides reliable data with
high accuracy and ensures security on the data, assets and communication with automatic updates
according to changes in the network technologies.
11
LO 3
P5 Discuss risk assessment procedures
IT security can be improved with the help of the risk assessment where risks can be identified and
improved. The organization can consider the following two phases in the risk assessment to achieve the
desired goals and objectives:
Risk identification
The organization can focus on the information sources and the assets those can lead the risk because of
the poor installation or configuration along with interference from the unauthorised people. The
identification process has main role to identify the risks and potential sources those are leading the poor
control on the security.
Risk evaluation
Risk can be analysed for the impacts on the organization and security of the resources. Risk evaluation
process is also related to the identification of the risks along with sources. It is also useful to identify the
potential solutions for the problems to meet the goal (Bahr, 2014). The organization can use the process
to analyse the losses and impacts of the security risks.
Further risk assessment process for IT systems can be classified as following in which the organization
can focus on the primary goals to consider for security:
Hazard identification: During the process, the organization can identify the hazard and its frequency of
occurring. Also the impacts to what extend and possible causes from the risks are determined. The
process has to identify the hazard from the internal and external sources on the business process, data
security and assets. Hazards are identified through the evidence, internal reporting and communication
to the users.
Vulnerability assessment: It defines the elements at the risks band degree of the impacts on the assets.
The assessment is useful to identify the causes on the assets and discuss the feasibility of the system to
sustain with the vulnerabilities. Vulnerabilities are identified through the manual or software defined
process but the goal is to pre-plan the security for resources (Stallings et al, 2012).
Capacity assessment: The organization can analysis the capacity and the strengths to fight against the
risks. It also includes the assessment of the availability and durability of the resources and technology to
12
P5 Discuss risk assessment procedures
IT security can be improved with the help of the risk assessment where risks can be identified and
improved. The organization can consider the following two phases in the risk assessment to achieve the
desired goals and objectives:
Risk identification
The organization can focus on the information sources and the assets those can lead the risk because of
the poor installation or configuration along with interference from the unauthorised people. The
identification process has main role to identify the risks and potential sources those are leading the poor
control on the security.
Risk evaluation
Risk can be analysed for the impacts on the organization and security of the resources. Risk evaluation
process is also related to the identification of the risks along with sources. It is also useful to identify the
potential solutions for the problems to meet the goal (Bahr, 2014). The organization can use the process
to analyse the losses and impacts of the security risks.
Further risk assessment process for IT systems can be classified as following in which the organization
can focus on the primary goals to consider for security:
Hazard identification: During the process, the organization can identify the hazard and its frequency of
occurring. Also the impacts to what extend and possible causes from the risks are determined. The
process has to identify the hazard from the internal and external sources on the business process, data
security and assets. Hazards are identified through the evidence, internal reporting and communication
to the users.
Vulnerability assessment: It defines the elements at the risks band degree of the impacts on the assets.
The assessment is useful to identify the causes on the assets and discuss the feasibility of the system to
sustain with the vulnerabilities. Vulnerabilities are identified through the manual or software defined
process but the goal is to pre-plan the security for resources (Stallings et al, 2012).
Capacity assessment: The organization can analysis the capacity and the strengths to fight against the
risks. It also includes the assessment of the availability and durability of the resources and technology to
12
recover from the risks. It is essential that the organizational capabilities are aligned to the strategies to
resolve the risks. The lower capacity can result in the failure to handle the risk due to improper
resources, technology and capacities.
Perception assessment: The organization can discuss the risk plans and approaches to the stakeholders
of the organization so that their perceptions can be used to meet the desired outcome. The organization
can analyse the perception of the stakeholders to manage the risks and reduce the impacts within the
constraints and capabilities.
P6 Explain data protection processes and regulations as applicable to an organisation
Data protection can be defined as the process to secure the confidentiality, privacy, accuracy and
reliability of the data. Data protection is essential in the organization to ensure the smooth execution of
the operations and enhance the continuance of the business. The organization can use the following
process and regulations to protect the data:
Computer misuse act: The act has constraints on the users that they cannot misuse the systems and
network components to meet their personal goal or to execute the criminal or offensive work. The act is
applied in the organization through the proper allocation of the devices to the users so that they are
liable to manage the access and use of the system in the network. It guides the users for the data storage
and general use of the system at workplace (Fafinski, 2013).
Data protection act: According to the act, the organization can limit the user access and permissions in
the network system to manage the security. It ensures that the information of the clients and the
employees shared with the organization is properly used with the permission of data owner. The act
constrain the organization to share or misuse the information with others regardless the knowledge of
the owner (Reding, 2012).
ISO 31000: The act provides general guidelines on the use of the network capabilities and technologies
to prevent the risks on the data and assets. The standard can be applied within the business process to
boost the security. It focuses on the identification of the risks and proper treatments to achieve the data
security.
M3 Summarise the ISO 31000 risk management methodology and its application in IT security
About ISO 31000
13
resolve the risks. The lower capacity can result in the failure to handle the risk due to improper
resources, technology and capacities.
Perception assessment: The organization can discuss the risk plans and approaches to the stakeholders
of the organization so that their perceptions can be used to meet the desired outcome. The organization
can analyse the perception of the stakeholders to manage the risks and reduce the impacts within the
constraints and capabilities.
P6 Explain data protection processes and regulations as applicable to an organisation
Data protection can be defined as the process to secure the confidentiality, privacy, accuracy and
reliability of the data. Data protection is essential in the organization to ensure the smooth execution of
the operations and enhance the continuance of the business. The organization can use the following
process and regulations to protect the data:
Computer misuse act: The act has constraints on the users that they cannot misuse the systems and
network components to meet their personal goal or to execute the criminal or offensive work. The act is
applied in the organization through the proper allocation of the devices to the users so that they are
liable to manage the access and use of the system in the network. It guides the users for the data storage
and general use of the system at workplace (Fafinski, 2013).
Data protection act: According to the act, the organization can limit the user access and permissions in
the network system to manage the security. It ensures that the information of the clients and the
employees shared with the organization is properly used with the permission of data owner. The act
constrain the organization to share or misuse the information with others regardless the knowledge of
the owner (Reding, 2012).
ISO 31000: The act provides general guidelines on the use of the network capabilities and technologies
to prevent the risks on the data and assets. The standard can be applied within the business process to
boost the security. It focuses on the identification of the risks and proper treatments to achieve the data
security.
M3 Summarise the ISO 31000 risk management methodology and its application in IT security
About ISO 31000
13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The act is also known as the risk management methodology and widely adopted to manage the risks in
the IT sectors. The standard has simple goal: identify the risks and evaluate the impacts to resolve.
However, the standard also provides the wide principles and guidelines those can be used to prevent the
risks and threats in IT security. The framework of the risk management is powered through the
guidelines and principles so that the outcomes of the framework are more desirable to the organization
(Ernawati and Nugroho, 2012). The standard is useful for the organizations to achieve the systematic set
of the practices those can be used to handle the risks, analyse the impacts and manage the risks with
reduced loss or impact.
Figure 9: ISO 31000 standard
(Source: Ernawati and Nugroho, 2012)
Application in IT security The standard has useful principles those can applied in the workplace operations and device
configurations to ensure that the security is according to the demands. The framework is simple and compact so that there are mainly those activities on which the
organization has to focus to mitigate the risks. The framework is however applicable to those
conditions in which the organization wants to handle the risk after the occurrence.
14
the IT sectors. The standard has simple goal: identify the risks and evaluate the impacts to resolve.
However, the standard also provides the wide principles and guidelines those can be used to prevent the
risks and threats in IT security. The framework of the risk management is powered through the
guidelines and principles so that the outcomes of the framework are more desirable to the organization
(Ernawati and Nugroho, 2012). The standard is useful for the organizations to achieve the systematic set
of the practices those can be used to handle the risks, analyse the impacts and manage the risks with
reduced loss or impact.
Figure 9: ISO 31000 standard
(Source: Ernawati and Nugroho, 2012)
Application in IT security The standard has useful principles those can applied in the workplace operations and device
configurations to ensure that the security is according to the demands. The framework is simple and compact so that there are mainly those activities on which the
organization has to focus to mitigate the risks. The framework is however applicable to those
conditions in which the organization wants to handle the risk after the occurrence.
14
The model is also standard and systematic to reduce the time and cost and improve the security
with the minimal number of inputs.
M4 Discuss possible impacts to organisational security resulting from an IT security audit
However, the organization face the initial burden of the cost and time to organize the IT security audit
but it is beneficial to reduce the future loss and barriers in the operations. The organization can achieve
the following major impacts due to the security audit.
Improved user management
It is one of the most critical requirements of the organization to protect the network from the internal
users. With security audits, the users can be classified more effectively for their roles and
responsibilities and their configuration to access the network resources can be managed or reviewed.
The organization can monitor the user activities and determine the potential sources through which users
can breach the data security or harm the network resources.
Enhance security
With security audits, the configuration of the devices and software can be improved which can deliver
more security. The organization can achieve security on the data sharing through the proper
configuration and encryption whereas the new technologies can be determined to enhance the security
on the data storage and communication channels (Ryoo et al, 2014). Also the security can be improved
with identification and resolve of the bugs and issues.
Enhance controls
Security audit can provide the more controls on the devices and the software through the scripting and
the commands. Network can be configured for the robust security and the new devices to improve the
performance and effectiveness in the communication. The organization can integrate new mechanisms
for the data protection, user analysis and network security monitoring.
15
with the minimal number of inputs.
M4 Discuss possible impacts to organisational security resulting from an IT security audit
However, the organization face the initial burden of the cost and time to organize the IT security audit
but it is beneficial to reduce the future loss and barriers in the operations. The organization can achieve
the following major impacts due to the security audit.
Improved user management
It is one of the most critical requirements of the organization to protect the network from the internal
users. With security audits, the users can be classified more effectively for their roles and
responsibilities and their configuration to access the network resources can be managed or reviewed.
The organization can monitor the user activities and determine the potential sources through which users
can breach the data security or harm the network resources.
Enhance security
With security audits, the configuration of the devices and software can be improved which can deliver
more security. The organization can achieve security on the data sharing through the proper
configuration and encryption whereas the new technologies can be determined to enhance the security
on the data storage and communication channels (Ryoo et al, 2014). Also the security can be improved
with identification and resolve of the bugs and issues.
Enhance controls
Security audit can provide the more controls on the devices and the software through the scripting and
the commands. Network can be configured for the robust security and the new devices to improve the
performance and effectiveness in the communication. The organization can integrate new mechanisms
for the data protection, user analysis and network security monitoring.
15
LO 4
P7 Design and implement a security policy for an organisation
Purpose: The policy is designed to support the easy execution the organizational goals and objectives
with the proper use of the resources and technology. The policy has goals to empower the users for the
optimal use of the resources for the organizational purpose only.
System access
Don’t try to access or breach the other’s systems at workplace. Do not harm the devices to get access. It is recommended to protect the own devices with latest
security mechanisms and under the guidelines of the management team. Access systems when the organization has defined time to access. Proper shutdown process and
data sharing process should be followed.
Access to internet email
Do not login when you think wireless connection is not protected or secure enough to manage
isolation.
Do not share the use account details with the others as they can access and modify the data on
the mail account (Safa et al, 2016)
Do not use mail services for personal use. For example, access of mails for the abuse or security
breach purpose is misconduct.
Do not store private data on email accounts and do not share the password with authenticated
users also.
Access to internet browser
Use incognito browser mode when you need to login for temporarily access to website.
Do not access the prohibited or blocked websites at workplace. Please find the list of such sites at
department.
Do not save passwords on websites or browser and consider the proper logout mechanisms.
16
P7 Design and implement a security policy for an organisation
Purpose: The policy is designed to support the easy execution the organizational goals and objectives
with the proper use of the resources and technology. The policy has goals to empower the users for the
optimal use of the resources for the organizational purpose only.
System access
Don’t try to access or breach the other’s systems at workplace. Do not harm the devices to get access. It is recommended to protect the own devices with latest
security mechanisms and under the guidelines of the management team. Access systems when the organization has defined time to access. Proper shutdown process and
data sharing process should be followed.
Access to internet email
Do not login when you think wireless connection is not protected or secure enough to manage
isolation.
Do not share the use account details with the others as they can access and modify the data on
the mail account (Safa et al, 2016)
Do not use mail services for personal use. For example, access of mails for the abuse or security
breach purpose is misconduct.
Do not store private data on email accounts and do not share the password with authenticated
users also.
Access to internet browser
Use incognito browser mode when you need to login for temporarily access to website.
Do not access the prohibited or blocked websites at workplace. Please find the list of such sites at
department.
Do not save passwords on websites or browser and consider the proper logout mechanisms.
16
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Physical access and protection
Make sure devices are secure and not reachable to others in your absence at workplace. Use the lock and surveillance facility at workplace to ensure security on the theft or damage of
the assets (Zissis and Lekkas, 2012) Do not authorize the users to access system physically or with the use of remote access method. Use strong password to prevent the most of the security breaches on your breaches. If unwanted
login is determined then report to management team for quick actions.
P8 List the main components of an organisational disaster recovery plan, justifying the reasons for
inclusion
Disaster recovery plan of the organization has involvement of the various activities and tools those can
be used in the systematic manner to achieve the security. The organization can focus on the following
components:
Tools: Online software tools can be used to train the users for the effective use of the systems and
achieve the optimal use of the systems. Also tools to manage the network security can be installed and
configured so that disaster can be identified and resolved easily. Also user log in activities and access to
resources can be managed with the help of the tools. Therefore, first stage is to plan the tools for the
disaster recovery.
Security audit: It is required to organize security audit so that the risks can be identified along with their
impacts on the organizational security. Security audit can reveal the potential area of the risks along
with degree of losses. It can help to determine the priority in the disaster management process.
Penetration testing: Systems and network devices can be tested with own practices to gain unauthorized
access. Penetration testing can reveal the security holes and bugs in the network and improve the
security (Eken, 2013). With penetration testing, disasters can be resolved with documentation of the
poor configurations and practices.
Gathering and recording information on security: Data collection is essential during the disaster
recovery because it helps to make the robust security practices to recover the data and assets. Data
collected from the systems and network can be used to support the decision making process.
17
Make sure devices are secure and not reachable to others in your absence at workplace. Use the lock and surveillance facility at workplace to ensure security on the theft or damage of
the assets (Zissis and Lekkas, 2012) Do not authorize the users to access system physically or with the use of remote access method. Use strong password to prevent the most of the security breaches on your breaches. If unwanted
login is determined then report to management team for quick actions.
P8 List the main components of an organisational disaster recovery plan, justifying the reasons for
inclusion
Disaster recovery plan of the organization has involvement of the various activities and tools those can
be used in the systematic manner to achieve the security. The organization can focus on the following
components:
Tools: Online software tools can be used to train the users for the effective use of the systems and
achieve the optimal use of the systems. Also tools to manage the network security can be installed and
configured so that disaster can be identified and resolved easily. Also user log in activities and access to
resources can be managed with the help of the tools. Therefore, first stage is to plan the tools for the
disaster recovery.
Security audit: It is required to organize security audit so that the risks can be identified along with their
impacts on the organizational security. Security audit can reveal the potential area of the risks along
with degree of losses. It can help to determine the priority in the disaster management process.
Penetration testing: Systems and network devices can be tested with own practices to gain unauthorized
access. Penetration testing can reveal the security holes and bugs in the network and improve the
security (Eken, 2013). With penetration testing, disasters can be resolved with documentation of the
poor configurations and practices.
Gathering and recording information on security: Data collection is essential during the disaster
recovery because it helps to make the robust security practices to recover the data and assets. Data
collected from the systems and network can be used to support the decision making process.
17
Initiating suitable actions
Once the risks and impacts are identified then the organization can select the most suitable solution to
resolve the risks. It is essential determine the suitability of the solution over the risk because the
improper selection of the solution can add the additional burden of the cost and time (Peltier, 2013). It
should be analyzed with the organizational capabilities and resources.
M5 roles of stakeholders in the organisation to implement security audit recommendations
A systematic security audit ends with the recommendations to improve the security and report to
document the risks and impacts for further assistance. Network monitoring team and implementation
team has main role to organize the security audit and implement the changes. The team is liable to
ensure the proper implementation of the recommendations with the consultation to the management and
investors. Management is liable to review the security audit results and recommendations and has to
analyse the capabilities to meet the competitive benefits and security (Duncan and Whittington, 2014).
Investors has main role to understand the benefits with implementation of changes in the network and
then benefits from them. They have to determine the suitability of the solution.
The organization also has inclusion of the users in the security audit recommendations because they are
the final beneficiary of the network system for more reliable solutions. It is required that use provides
the reliable information on the activities, scope and barriers with the network system to meet their
routine operational goals and objectives. Stakeholders like testing team has role to justify the proper
implementation of the technology for the security of the systems and to prepare the policies and
framework for the security practices (Bobbert and Mulder, 2015). Network consultant has role to
identify the network systems and services and then to analyze the scope for the new security
technologies. The person is responsible to communicate the threats and technology to others to acquire
the required resources.
18
Once the risks and impacts are identified then the organization can select the most suitable solution to
resolve the risks. It is essential determine the suitability of the solution over the risk because the
improper selection of the solution can add the additional burden of the cost and time (Peltier, 2013). It
should be analyzed with the organizational capabilities and resources.
M5 roles of stakeholders in the organisation to implement security audit recommendations
A systematic security audit ends with the recommendations to improve the security and report to
document the risks and impacts for further assistance. Network monitoring team and implementation
team has main role to organize the security audit and implement the changes. The team is liable to
ensure the proper implementation of the recommendations with the consultation to the management and
investors. Management is liable to review the security audit results and recommendations and has to
analyse the capabilities to meet the competitive benefits and security (Duncan and Whittington, 2014).
Investors has main role to understand the benefits with implementation of changes in the network and
then benefits from them. They have to determine the suitability of the solution.
The organization also has inclusion of the users in the security audit recommendations because they are
the final beneficiary of the network system for more reliable solutions. It is required that use provides
the reliable information on the activities, scope and barriers with the network system to meet their
routine operational goals and objectives. Stakeholders like testing team has role to justify the proper
implementation of the technology for the security of the systems and to prepare the policies and
framework for the security practices (Bobbert and Mulder, 2015). Network consultant has role to
identify the network systems and services and then to analyze the scope for the new security
technologies. The person is responsible to communicate the threats and technology to others to acquire
the required resources.
18
Conclusion
The report has reviewed IT security practices and policies along with risk management processes in
which it has been determined that the security risks are inevitable and a proper planning to secure the
data access and asset management can save the business continuance. The report has determined that
risks assessment and management process can be executed with the standard activities and proper focus
to achieve the most of the benefits. The report also has concluded that implementation of the policies
and standards are essential in the organization as it can help the users to constraint their malicious
actions in workplace. Various stakeholders are part of the security audit recommendations to ensure that
solution for risk handling is acceptable among the users and the business.
19
The report has reviewed IT security practices and policies along with risk management processes in
which it has been determined that the security risks are inevitable and a proper planning to secure the
data access and asset management can save the business continuance. The report has determined that
risks assessment and management process can be executed with the standard activities and proper focus
to achieve the most of the benefits. The report also has concluded that implementation of the policies
and standards are essential in the organization as it can help the users to constraint their malicious
actions in workplace. Various stakeholders are part of the security audit recommendations to ensure that
solution for risk handling is acceptable among the users and the business.
19
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References
Books and Journals
Aljawarneh, S., 2013. Cloud security engineering: Avoiding security threats the right way.
In Cloud Computing Advancements in Design, Implementation, and Technologies(pp. 147-153).
IGI Global.
Asrodia, P. and Patel, H., 2012. Analysis of various packet sniffing tools for network monitoring
and analysis. International Journal of Electrical, Electronics and Computer Engineering, 1(1),
pp.55-58.
Bahr, N.J., 2014. System safety engineering and risk assessment: a practical approach. CRC
Press.
Bobbert, Y. and Mulder, H., 2015, December. Governance Practices and Critical Success factors
suitable for Business Information Security. In Computational Intelligence and Communication
Networks (CICN), 2015 International Conference on (pp. 1097-1104). IEEE.
Carvalho, M. and Ford, R., 2014. Moving-target defences for computer networks. IEEE Security
& Privacy, 12(2), pp.73-76.
Duncan, B. and Whittington, M., 2014, September. Compliance with standards, assurance and
audit: does this equal security?. In Proceedings of the 7th International Conference on Security
of Information and Networks (p. 77). ACM.
Eken, H., 2013, December. Security threats and solutions in cloud computing. In Internet
Security (WorldCIS), 2013 World Congress on (pp. 139-143). IEEE.
Eriksson, J. ed., 2017. Threat Politics: New Perspectives on Security, Risk and Crisis
Management: New Perspectives on Security, Risk and Crisis Management. Routledge
Ernawati, T. and Nugroho, D.R., 2012, September. IT risk management framework based on ISO
31000: 2009. In System Engineering and Technology (ICSET), 2012 International Conference
on (pp. 1-8). IEEE.
Fafinski, S., 2013. Computer Misuse: Response, regulation and the law. Routledge.
Lee, S., Levanti, K. and Kim, H.S., 2014. Network monitoring: Present and future. Computer
Networks, 65, pp.84-98.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
20
Books and Journals
Aljawarneh, S., 2013. Cloud security engineering: Avoiding security threats the right way.
In Cloud Computing Advancements in Design, Implementation, and Technologies(pp. 147-153).
IGI Global.
Asrodia, P. and Patel, H., 2012. Analysis of various packet sniffing tools for network monitoring
and analysis. International Journal of Electrical, Electronics and Computer Engineering, 1(1),
pp.55-58.
Bahr, N.J., 2014. System safety engineering and risk assessment: a practical approach. CRC
Press.
Bobbert, Y. and Mulder, H., 2015, December. Governance Practices and Critical Success factors
suitable for Business Information Security. In Computational Intelligence and Communication
Networks (CICN), 2015 International Conference on (pp. 1097-1104). IEEE.
Carvalho, M. and Ford, R., 2014. Moving-target defences for computer networks. IEEE Security
& Privacy, 12(2), pp.73-76.
Duncan, B. and Whittington, M., 2014, September. Compliance with standards, assurance and
audit: does this equal security?. In Proceedings of the 7th International Conference on Security
of Information and Networks (p. 77). ACM.
Eken, H., 2013, December. Security threats and solutions in cloud computing. In Internet
Security (WorldCIS), 2013 World Congress on (pp. 139-143). IEEE.
Eriksson, J. ed., 2017. Threat Politics: New Perspectives on Security, Risk and Crisis
Management: New Perspectives on Security, Risk and Crisis Management. Routledge
Ernawati, T. and Nugroho, D.R., 2012, September. IT risk management framework based on ISO
31000: 2009. In System Engineering and Technology (ICSET), 2012 International Conference
on (pp. 1-8). IEEE.
Fafinski, S., 2013. Computer Misuse: Response, regulation and the law. Routledge.
Lee, S., Levanti, K. and Kim, H.S., 2014. Network monitoring: Present and future. Computer
Networks, 65, pp.84-98.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
20
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Rababah, B., Zhou, S. and Bader, M., 2018. Evaluation the Performance of DMZ.
Rai, A.K., 2015. VPN Service in Android for Monitoring Network access by
Applications. International Journal of Scientific and Research Publications.
Reding, V., 2012. The European data protection framework for the twenty-first
century. International Data Privacy Law, 2(3), pp.119-129.
Ryoo, J., Rizvi, S., Aiken, W. and Kissell, J., 2014. Cloud security auditing: challenges and
emerging approaches. IEEE Security & Privacy, 12(6), pp.68-74.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82.
Shibata, K. and Hanada, K., 2015, March. Development of an Ultra-small Sensor Information
Remote Monitoring System with an Embedded VPN and Linux Microcomputer Operation.
In Proceedings of International Conference on Engineering and Applied Science, ICEAS2015,
Sapporo, Japan (Vol. 7).
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012. Computer security:
principles and practice (pp. 978-0). Pearson Education.
Zissis, D. and Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation
computer systems, 28(3), pp.583-592.
Online
Author, 2018.DMZ [Online] [Accessed through] <http://softwareall.info/bthingdcol-dmz>
[Accessed on 2nd June, 2018]
Dan Davis, 2018. Firewall [online] [Accessed through]<http://www.silver-lining.com/it> [Accessed
on 2nd June, 2018]
David Davis, 2007. NAT function [online] [Accessed through]
<https://www.techrepublic.com/search> [Accessed on 2nd June, 2018]
21
effective information security management. CRC Press.
Rababah, B., Zhou, S. and Bader, M., 2018. Evaluation the Performance of DMZ.
Rai, A.K., 2015. VPN Service in Android for Monitoring Network access by
Applications. International Journal of Scientific and Research Publications.
Reding, V., 2012. The European data protection framework for the twenty-first
century. International Data Privacy Law, 2(3), pp.119-129.
Ryoo, J., Rizvi, S., Aiken, W. and Kissell, J., 2014. Cloud security auditing: challenges and
emerging approaches. IEEE Security & Privacy, 12(6), pp.68-74.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82.
Shibata, K. and Hanada, K., 2015, March. Development of an Ultra-small Sensor Information
Remote Monitoring System with an Embedded VPN and Linux Microcomputer Operation.
In Proceedings of International Conference on Engineering and Applied Science, ICEAS2015,
Sapporo, Japan (Vol. 7).
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012. Computer security:
principles and practice (pp. 978-0). Pearson Education.
Zissis, D. and Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation
computer systems, 28(3), pp.583-592.
Online
Author, 2018.DMZ [Online] [Accessed through] <http://softwareall.info/bthingdcol-dmz>
[Accessed on 2nd June, 2018]
Dan Davis, 2018. Firewall [online] [Accessed through]<http://www.silver-lining.com/it> [Accessed
on 2nd June, 2018]
David Davis, 2007. NAT function [online] [Accessed through]
<https://www.techrepublic.com/search> [Accessed on 2nd June, 2018]
21
ENISA security procedure, 2018 [PDF] [Accessed Through]
<https://www.enisa.europa.eu/publications/information-packages-for-small-and-medium-sized-
enterprises-smes/at_download/fullReport> [Accessed On: 2nd June, 2018]
Roland Waddilove, 2018. VPNs [online] [Accessed through]
<https://www.techadvisor.co.uk/how-to/internet> [Accessed on 2nd June, 2018]
22
<https://www.enisa.europa.eu/publications/information-packages-for-small-and-medium-sized-
enterprises-smes/at_download/fullReport> [Accessed On: 2nd June, 2018]
Roland Waddilove, 2018. VPNs [online] [Accessed through]
<https://www.techadvisor.co.uk/how-to/internet> [Accessed on 2nd June, 2018]
22
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.