Assessing Security Risks to Organisation
Added on 2023-01-19
21 Pages5004 Words59 Views
Political Science
|
|
|
Coursework
Unit 5: Security
Unit 5: Security
Table of Contents
Introduction ..........................................................................................................................................4
Assessing security risks to organisation................................................................................................5
Computer viruses...........................................................................................................................5
Botnets...........................................................................................................................................5
Spam .............................................................................................................................................6
Worms ..........................................................................................................................................6
Hackers .........................................................................................................................................6
Adware .........................................................................................................................................7
Phishing.........................................................................................................................................7
Rootkits.........................................................................................................................................7
Spyware ........................................................................................................................................7
Security procedures of the Organisation............................................................................................8
A method to assess and treat IT security risks...............................................................................9
Trusted network becomes a part of an IT security how?................................................................9
Incorrect configuration of firewall policies.....................................................................................10
Incorrect configuration of third-party VPNs....................................................................................10
Implementing a DMZ, static IP and NAT ......................................................................................10
Benefits of the Networking monitoring.......................................................................................12
Risk assessment procedures............................................................................................................13
Data protection plan and procedures ..............................................................................................13
Methodology of ISO 31000 risk management.............................................................................14
Influence on the organizational security resulting audit of IT security........................................14
Consider how IT security can be aligned with organisational policy, detailing the security impact
of any misalignment........................................................................................................................15
Design and implement a security policy for a firm.........................................................................15
Key elements of disaster recovery plan...........................................................................................15
Tools that are used by an organization.........................................................................................16
Conclusion ..........................................................................................................................................17
REFERENCES....................................................................................................................................18
Appendix ............................................................................................................................................20
Presentation ....................................................................................................................................20
Introduction ..........................................................................................................................................4
Assessing security risks to organisation................................................................................................5
Computer viruses...........................................................................................................................5
Botnets...........................................................................................................................................5
Spam .............................................................................................................................................6
Worms ..........................................................................................................................................6
Hackers .........................................................................................................................................6
Adware .........................................................................................................................................7
Phishing.........................................................................................................................................7
Rootkits.........................................................................................................................................7
Spyware ........................................................................................................................................7
Security procedures of the Organisation............................................................................................8
A method to assess and treat IT security risks...............................................................................9
Trusted network becomes a part of an IT security how?................................................................9
Incorrect configuration of firewall policies.....................................................................................10
Incorrect configuration of third-party VPNs....................................................................................10
Implementing a DMZ, static IP and NAT ......................................................................................10
Benefits of the Networking monitoring.......................................................................................12
Risk assessment procedures............................................................................................................13
Data protection plan and procedures ..............................................................................................13
Methodology of ISO 31000 risk management.............................................................................14
Influence on the organizational security resulting audit of IT security........................................14
Consider how IT security can be aligned with organisational policy, detailing the security impact
of any misalignment........................................................................................................................15
Design and implement a security policy for a firm.........................................................................15
Key elements of disaster recovery plan...........................................................................................15
Tools that are used by an organization.........................................................................................16
Conclusion ..........................................................................................................................................17
REFERENCES....................................................................................................................................18
Appendix ............................................................................................................................................20
Presentation ....................................................................................................................................20
·Introduction
Security can be defined as a way in which resilience against potential harm caused by
others is provided. There are various kinds of security risk that an organization need to be
aware of such as: phishing, malware, data loss, network vulnerabilities, ransomware etc. IT
security is considered as the set of the cyber security strategies that able to prevent the
unauthorized access to the firm assets such as Network, data and computer (Backes, Bugiel
and Derr, 2016). As it maintains the confidentiality as well as integrity of the sensitive
information that blocks the access of hackers. As in today's world, Hackers becomes smarter
day by day, there is a requirement of protection the digital assets as well as networks devices
that is even greater. Present Report lay emphasis on the Tesco that established in London. It
distributes the food across the many town within the country. It focuses on identifying types
of risks, security procedures and also propose a method to treat the I.T security risks, after
that it describes the solution regarding security such as benefits to implement network
systems. It also focuses on the mechanism that control security of Tesco such as risk
assessments data protection process, possible influence to the security of the Tesco.
Furthermore, it also manages the firm's security such as focuses on the main components of
the Organizational disaster as well as implement a security policy plan .It also discusses the
role of the stakeholder's within the firm to apply the security audit recommendations.
Discuss the roles of stakeholders in the organization to implement security audit
recommendations and it highlights on the tools used within an organizational policy.
Security can be defined as a way in which resilience against potential harm caused by
others is provided. There are various kinds of security risk that an organization need to be
aware of such as: phishing, malware, data loss, network vulnerabilities, ransomware etc. IT
security is considered as the set of the cyber security strategies that able to prevent the
unauthorized access to the firm assets such as Network, data and computer (Backes, Bugiel
and Derr, 2016). As it maintains the confidentiality as well as integrity of the sensitive
information that blocks the access of hackers. As in today's world, Hackers becomes smarter
day by day, there is a requirement of protection the digital assets as well as networks devices
that is even greater. Present Report lay emphasis on the Tesco that established in London. It
distributes the food across the many town within the country. It focuses on identifying types
of risks, security procedures and also propose a method to treat the I.T security risks, after
that it describes the solution regarding security such as benefits to implement network
systems. It also focuses on the mechanism that control security of Tesco such as risk
assessments data protection process, possible influence to the security of the Tesco.
Furthermore, it also manages the firm's security such as focuses on the main components of
the Organizational disaster as well as implement a security policy plan .It also discusses the
role of the stakeholder's within the firm to apply the security audit recommendations.
Discuss the roles of stakeholders in the organization to implement security audit
recommendations and it highlights on the tools used within an organizational policy.
·Assessing security risks to organisation
Risk can be defined as a chance or possibility of data loss, damage, unauthorised
access etc. that can be a threat to one’s business, systems or processes. There are many ways
through which risk can be assessed such as: first is to identify any kind of hazard the can be a
threat to business. Then the risk or hazard is assessed and individual, data or processes that
would be affected is identified. Then actions that are required to be taken is accessed or
decided. There are different types of risks that can affect an organization. Some of them have
been explained below.
l壱Computer viruses
Computer viruses are the pieces of the software that able to design so that it can be spread
from one computer to other computer (Bertino and Islam, 2017). As per the statistics 33% of
household computers overelaborate with some kinds of malware, more than half of them are
viruses. They can sent through email attachments or it can download from the various other
specific sites to infect the computer as well as other computers on the list through using
systems regarding network. Viruses are known for sending spam. It corrupts as well as steal
data, disable security settings from an individual's computer including personal information
for example passwords and ever going to delete everything on the hard drive (Brotby and
Hinson, 2016).
l壱Botnets
It can be used regarding anything from targeting the attacks on the servers, so that it able to
run spam email campaigns. Botnets included many computers, as it finds difficult to stop for
many businesses. Usually this computer security can be deployed through a botmaster that
commands a number of the compromised computer number of bots to run the activities that
run malicious activities. Zombie army is often collection of infected computers that carry out
boatmaster of ill intent. If the Tesco's network can be overtaken through a botnet, the system
able to subsequently used to mugging other networks through likes of worms, viruses, Trojan
horses as well as DDoS attacks (Das and Khan, 2016).
Risk can be defined as a chance or possibility of data loss, damage, unauthorised
access etc. that can be a threat to one’s business, systems or processes. There are many ways
through which risk can be assessed such as: first is to identify any kind of hazard the can be a
threat to business. Then the risk or hazard is assessed and individual, data or processes that
would be affected is identified. Then actions that are required to be taken is accessed or
decided. There are different types of risks that can affect an organization. Some of them have
been explained below.
l壱Computer viruses
Computer viruses are the pieces of the software that able to design so that it can be spread
from one computer to other computer (Bertino and Islam, 2017). As per the statistics 33% of
household computers overelaborate with some kinds of malware, more than half of them are
viruses. They can sent through email attachments or it can download from the various other
specific sites to infect the computer as well as other computers on the list through using
systems regarding network. Viruses are known for sending spam. It corrupts as well as steal
data, disable security settings from an individual's computer including personal information
for example passwords and ever going to delete everything on the hard drive (Brotby and
Hinson, 2016).
l壱Botnets
It can be used regarding anything from targeting the attacks on the servers, so that it able to
run spam email campaigns. Botnets included many computers, as it finds difficult to stop for
many businesses. Usually this computer security can be deployed through a botmaster that
commands a number of the compromised computer number of bots to run the activities that
run malicious activities. Zombie army is often collection of infected computers that carry out
boatmaster of ill intent. If the Tesco's network can be overtaken through a botnet, the system
able to subsequently used to mugging other networks through likes of worms, viruses, Trojan
horses as well as DDoS attacks (Das and Khan, 2016).
Figure 1: IT security threats
l壱Spam
Everyone is familiar with the Spam as the junk emails tends to squeeze businesses servers as
well as annoy recipient all across the organization. Spam becomes a threat for the computer
security as it contains harmful links, also overload the mail server as well as distribute
additional spam (Green and Smith, 2016).
l壱Worms
Jiggling is considered as its way into network. It is a worm that is deployed to the self-
replicate from one computer to the another. The only thing makes it differ from the virus is
that it needed no user interaction to get spread. According to this software hat is applied
within large quantities for a short duration of time. It can be considered as wreak havoc on
the network performance as well as it utilize to launch another malicious attacks end-to-end
system (Ingram, 2016).
l壱Hackers
Most of the security breach through the malicious intent of an individual. They are
targeted through hackers regarding financial gain. These are the predators that are seeking
out the opportunities to take advantage on vulnerabilities. It is the reason that why the Tesco
l壱Spam
Everyone is familiar with the Spam as the junk emails tends to squeeze businesses servers as
well as annoy recipient all across the organization. Spam becomes a threat for the computer
security as it contains harmful links, also overload the mail server as well as distribute
additional spam (Green and Smith, 2016).
l壱Worms
Jiggling is considered as its way into network. It is a worm that is deployed to the self-
replicate from one computer to the another. The only thing makes it differ from the virus is
that it needed no user interaction to get spread. According to this software hat is applied
within large quantities for a short duration of time. It can be considered as wreak havoc on
the network performance as well as it utilize to launch another malicious attacks end-to-end
system (Ingram, 2016).
l壱Hackers
Most of the security breach through the malicious intent of an individual. They are
targeted through hackers regarding financial gain. These are the predators that are seeking
out the opportunities to take advantage on vulnerabilities. It is the reason that why the Tesco
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
IT Security: A Comprehensive Guide to Protecting Your Organizationlg...
|25
|6063
|108
IT Security Audit: A Comprehensive Guide to Protecting Your Organizationlg...
|30
|6006
|199
iT Securitylg...
|17
|5127
|60
Network Security: A Comprehensive Guide to Protecting Your Organizationlg...
|28
|5139
|104
IT Security Risks and Measures for Protectionlg...
|12
|2907
|91
Security / BTEC-L5c Assessment 2022lg...
|70
|29740
|26