Forum Post: IT Security, Risk Assessment, and Access Controls

Verified

Added on 2020/02/24

AI Summary

This forum post delves into the critical aspects of IT security and data protection within today's business landscape. It begins by highlighting the significance of data security in the face of cyber threats like hacking and phishing, then introduces the CNSS security model, emphasizing data confidentiality, integrity, and availability. The post explores the evolution of IT landscapes with technologies like cloud computing and the subsequent need for enhanced security infrastructures. It further discusses security models and various access control methods, including user authentication, data monitoring, and physical and logical access controls. The post also covers IT security threats, risk assessment, and management, explaining how to identify, analyze, and mitigate risks to safeguard information systems effectively. The post concludes by emphasizing the importance of a well-defined risk management plan for every organization. References are provided to support the concepts discussed.

Running head: FORUM POST
Forum Post
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
FORUM POST
Table of Contents
1. Topic 1- IT Security and Technology Landscape............................................................2
2. Topic 2- IT Security Models and access controls............................................................3
3. Topic 3- IT security Threat and Risk Assessment...........................................................3
4. References........................................................................................................................5

2
FORUM POST
1. Topic 1- IT Security and Technology Landscape
It security and data protection is a major issue in today’s business world. This is
particularly because the data resource of an organization is exposed to a number of security
threats from the cyber attacks, which include hacking, phishing, spoofing and so on. The CNSS
security model involves various factors of data security and integrity. This includes data
confidentiality, integrity and availability. Data confidentiality means that the authorized users
can only access the data stored in the information security system or to the members it is
intended to and cannot be accessed by unauthorized members. This is an essential phenomenon
of data security (Von Solms & Van Niekerk, 2013). Data integrity refers to the fact that data is
not changed while storage or its transformation that is the data remains consistent and accurate.
Alteration of data is not allowed and is against the security policy and hence this is an essential
consideration for IT data security. Data availability ensures that the data continues to be
available at a required level of performance and in every situation. The threats may harm or
hamper any of the security conditions as a result of severe security attack which may include the
involvement of viruses and other malicious software. Ensuring information security is utmost
essential and therefore it should be the top most priority for any organization. Therefore, proper
security measures are to be undertaken to prevent or lessen the effects of the security threats
(Peltier, 2013).
IT landscapes have considerably changed with the involvement of newer technologies
such as cloud computing. This has considerably resulted in the change of strategies in business
concepts and adoption of newer technologies in business environments. The newer landscapes or
technologies have given rise to newer difficulties and challenges, which in turn resulted in the
need of newer security infrastructure for data protection (CeArley & Claunch, 2012).

3
FORUM POST
2. Topic 2- IT Security Models and access controls
Security models are essential for ensuring proper security of the data and their
confidentiality (Zissis & Lekkas, 2012). The main objective of the information security model is
to outline the different security measures undertaken by an organization in order to protect the
data and resources of an organization. In order to ensure proper data security, different access
control methods are employed. Security models support the security policies that are
implemented in an organization (Lin et al., 2012). The access control limits the use and access of
a particular data only to the authorized persons. Different access control methods includes user
authentication that limits the access of any service or resource only to a registered person who
has a valid user id and password. Proper security model are necessary to maintain in order to
protect the data integrity and availability. Access control is enforced to allow or restrict selected
members or users in accessing the resources of an organization. Other access control methods
includes data monitoring using CCTV surveillance method, use of card or key for entry in a
protected area or finger print protection of data and resources. Access control is classified into
two broad areas, physical and logical access control. Logical access control deals with the
protection and limiting the access of the confidential and sensitive information of an organization
while the physical access control mainly deals with the protection of physical resources of an
organization, which includes, the IT assets, physical hardware devices and their components.
Access control is enforced in order to limit the access of data or components only to the
authorized users and protects the system and information from unauthorized access (Almutairi et
al., 2012). Access controls are enforced according to the specifications of the set security model.
3. Topic 3- IT security Threat and Risk Assessment

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
FORUM POST
Threat can be defined as a condition of eminent danger, an organization or a system is
exposed to. Threats are capable of creating serious harms to the information system and therefore
it is essential to eliminate all the threats from a system before it creates serious harm. The threats
in an Information security system include hacking, phishing, denial of service attack and so on.
Threats are results of the active and passive attack a system is exposed to. Passive attack is
however less harmful than an active attack as in passive attack, the attacker silently monitors the
system in order to plan an attack (Crossler et al., 2013). Active attack is more dangerous than
passive attack as it is capable of causing serious harm to the system. The security threat includes
data loss and data breach, which is capable of causing serious harm to an organization. Risk
assessment deals with identifying and analyzing the threats or the risks associated with an
organization or a system. Risk management evaluates and categorizes the risk according to its
impact and recommends a plan to eliminate that risk. All the details about the risks and threats
associated with a system and its likelihood of occurrence is stored in a structured document,
which is updated and reviewed time to time. Risk management helps in managing a risk in an
effective way and also helps in monitoring the risks associated with a system. One of the
important feature of risk management is that, it classifies the risk according to their priority and
hence gives a clear idea of the risks or threats that need immediate attention. Having a proper
risk management plan is essential for every organization for better management of the threats
and reducing their action (Alhawari et al., 2012).

5
FORUM POST
4. References
Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk
management framework for information technology project. International Journal of
Information Management, 32(1), 50-65.
Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., & Ghafoor, A. (2012). A distributed access
control architecture for cloud computing. IEEE software, 29(2), 36-44.
CeArley, D., & Claunch, C. (2012). The top 10 strategic technology trends for 2013. The Top,
10.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioral information security research. computers & security, 32,
90-101.
Lin, G. Y., He, S., Huang, H., Wu, J. Y., & Chen, W. (2012). Access control security model
based on behavior in cloud computing environment. Journal of China Institute of
Communications, 33(3), 59-66.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security.
computers & security, 38, 97-102.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation
computer systems, 28(3), 583-592.