IT Security: Models, Threats, and Landscape

Verified

Added on 2020/02/24

AI Summary

This assignment delves into the crucial topic of Information Technology (IT) Security. It examines the evolving technology landscape and its impact on data security, outlining key concepts like confidentiality, integrity, and availability. The document analyzes different IT security models, access control mechanisms, and potential threats such as phishing and denial-of-service attacks. Furthermore, it discusses risk assessment methodologies and emphasizes the importance of proactive risk management strategies in safeguarding organizations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: FORUM POST
Forum Post
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
FORUM POST
Table of Contents
1. Topic 1- IT Security and Technology Landscape............................................................2
2. Topic 2- IT Security Models and access controls............................................................3
3. Topic 3- IT security Threat and Risk Assessment...........................................................3
4. References........................................................................................................................5

2
FORUM POST
1. Topic 1- IT Security and Technology Landscape
It security and data protection is a major issue in today’s business world. This is
particularly because the data resource of an organization is exposed to a number of security
threats from the cyber attacks, which include hacking, phishing, spoofing and so on. The CNSS
security model involves various factors of data security and integrity. This includes data
confidentiality, integrity and availability. Data confidentiality means that the authorized users
can only access the data stored in the information security system or to the members it is
intended to and cannot be accessed by unauthorized members. This is an essential phenomenon
of data security (Von Solms & Van Niekerk, 2013). Data integrity refers to the fact that data is
not changed while storage or its transformation that is the data remains consistent and accurate.
Alteration of data is not allowed and is against the security policy and hence this is an essential
consideration for IT data security. Data availability ensures that the data continues to be
available at a required level of performance and in every situation. The threats may harm or
hamper any of the security conditions as a result of severe security attack which may include the
involvement of viruses and other malicious software. Ensuring information security is utmost
essential and therefore it should be the top most priority for any organization. Therefore, proper
security measures are to be undertaken to prevent or lessen the effects of the security threats
(Peltier, 2013).
IT landscapes have considerably changed with the involvement of newer technologies
such as cloud computing. This has considerably resulted in the change of strategies in business
concepts and adoption of newer technologies in business environments. The newer landscapes or
technologies have given rise to newer difficulties and challenges, which in turn resulted in the
need of newer security infrastructure for data protection (CeArley & Claunch, 2012).

3
FORUM POST
2. Topic 2- IT Security Models and access controls
Security models are essential for ensuring proper security of the data and their
confidentiality (Zissis & Lekkas, 2012). The main objective of the information security model is
to outline the different security measures undertaken by an organization in order to protect the
data and resources of an organization. In order to ensure proper data security, different access
control methods are employed. Security models support the security policies that are
implemented in an organization (Lin et al., 2012). The access control limits the use and access of
a particular data only to the authorized persons. Different access control methods includes user
authentication that limits the access of any service or resource only to a registered person who
has a valid user id and password. Proper security model are necessary to maintain in order to
protect the data integrity and availability. Access control is enforced to allow or restrict selected
members or users in accessing the resources of an organization. Other access control methods
includes data monitoring using CCTV surveillance method, use of card or key for entry in a
protected area or finger print protection of data and resources. Access control is classified into
two broad areas, physical and logical access control. Logical access control deals with the
protection and limiting the access of the confidential and sensitive information of an organization
while the physical access control mainly deals with the protection of physical resources of an
organization, which includes, the IT assets, physical hardware devices and their components.
Access control is enforced in order to limit the access of data or components only to the
authorized users and protects the system and information from unauthorized access (Almutairi et
al., 2012). Access controls are enforced according to the specifications of the set security model.
3. Topic 3- IT security Threat and Risk Assessment

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
FORUM POST
Threat can be defined as a condition of eminent danger, an organization or a system is
exposed to. Threats are capable of creating serious harms to the information system and therefore
it is essential to eliminate all the threats from a system before it creates serious harm. The threats
in an Information security system include hacking, phishing, denial of service attack and so on.
Threats are results of the active and passive attack a system is exposed to. Passive attack is
however less harmful than an active attack as in passive attack, the attacker silently monitors the
system in order to plan an attack (Crossler et al., 2013). Active attack is more dangerous than
passive attack as it is capable of causing serious harm to the system. The security threat includes
data loss and data breach, which is capable of causing serious harm to an organization. Risk
assessment deals with identifying and analyzing the threats or the risks associated with an
organization or a system. Risk management evaluates and categorizes the risk according to its
impact and recommends a plan to eliminate that risk. All the details about the risks and threats
associated with a system and its likelihood of occurrence is stored in a structured document,
which is updated and reviewed time to time. Risk management helps in managing a risk in an
effective way and also helps in monitoring the risks associated with a system. One of the
important feature of risk management is that, it classifies the risk according to their priority and
hence gives a clear idea of the risks or threats that need immediate attention. Having a proper
risk management plan is essential for every organization for better management of the threats
and reducing their action (Alhawari et al., 2012).

5
FORUM POST
4. References
Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk
management framework for information technology project. International Journal of
Information Management, 32(1), 50-65.
Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., & Ghafoor, A. (2012). A distributed access
control architecture for cloud computing. IEEE software, 29(2), 36-44.
CeArley, D., & Claunch, C. (2012). The top 10 strategic technology trends for 2013. The Top,
10.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioral information security research. computers & security, 32,
90-101.
Lin, G. Y., He, S., Huang, H., Wu, J. Y., & Chen, W. (2012). Access control security model
based on behavior in cloud computing environment. Journal of China Institute of
Communications, 33(3), 59-66.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security.
computers & security, 38, 97-102.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation
computer systems, 28(3), 583-592.

1 out of 6

+13062052269

info@desklib.com

IT Security: Models, Threats, and Landscape

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Information Security Threats and Risk Assessment

IT Security Risks and Management Strategies

IT Risk Management and Security Assessment

IT Security Management and Models

CSC8419: Cryptography and Security - Assessment 1

Understanding IT Security Models and Risks