This assignment examines the various cybersecurity risks that organizations face, including viruses, malware, spam, and data leaks. It emphasizes the need for strong security policies to mitigate these threats. The document also explores cloud computing as a secure and efficient method for storing and accessing data.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IT Security Principles
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS INTRODUCTION...........................................................................................................................1 TASK 1............................................................................................................................................1 A) Types of security risks to organisation..............................................................................1 B) What consequences can organisation have with risks.......................................................2 C) Policies and procedures followed to reduce risks..............................................................3 D) Strengths and weakness of procedures followed...............................................................6 E) Security risks associated with cloud services....................................................................7 CONCLUSION:.............................................................................................................................11 REFERENCES:.............................................................................................................................12
INTRODUCTION In present era many organisations are facing cyber threats or risks, as information has to be shared with each other through network. Also, without connecting to each other business operationscanbeperformed.Moreover,acyberattackcanhighlydamagetheoverall functioning of organisation (Ahson and Ilyas, 2017).It can enter into database and can leak useful and confidential information or data. The data can be misused it leading to reducing the brand image of organisation. These threats can have a long term impact on company. For preventing cyber attacks systems and networks have to highly protected with firewalls and anti viruses. Otherwise, it will damage the entire network. This report will show security risk to organisation and policies developed to deal with it. TASK 1 A) Types of security risks to organisation An organisation is highly influenced by various types of security threats and risks. It affects the data and information of employees as well as organisation.Also, data security is an issue because it consists of various measures that has to be taken while keeping the track record of data. There are various types of security risk to FDL. These are as follows:- Viruses-A virus once entered into the system can quickly spread within the entire network. A virus copies itself and infect other machines (Merkow and Breithaupt,2014). They are spread via e mails, messaging, etc. It can start creating causes to security policies of organisation. It can propagate files on other networks. Hackers –The system of FDL is also susceptible to the various hacking attacks that helps in the effective handling of the various operations related to IT in the firm. The hackers can make the serious attempt to infiltrate into the company and can get the unethical access to the vital information and resources of company, that can affect it adversely. Disgruntled Employee’s –The company has to look after the disgruntled employee's that will lay an impact on the overall operations of the company. They can harm the data integrity and security of FDL and can lead to the negative impact on the company. 1
Geopolitical instability:The global and political issues will also lay a deep and significant impact on the effective functions of the company and meeting the requirements of the company in a better way. FDL has to take into consideration the better handling of various impacting factor on the global scale to sustain the better operational capacity of its firm. Data Privacy:As data or information is the most crucial and integral part of an organisation, FDL has to look after its effective handling and maintaining its security. The data privacy is very necessary to carry on the various operations of the company. Compliance management:The compliance management system or CMS helps in the effective handling of the various operations that helps in the effective handling of the various operations of the company and carry out the various operations in a very effective way. It is a set of rules or regulations that helps the FDL that helps in the better handling of the different operations in the company. Digital marketing:The digital marketing will also lay a deep impact on various operation that may affect the functional capacity of the company. B) What consequences can organisation have with risks With the above security threats an organisation can be highly affected. All the security risks such as viruses, malware, spam, etc. can occur within a network affecting the entire business operations (Jamshidi,2017). This can lead to leakage of confidential information and data. Virus-A virus can infect the overall network within an organisation. It can copy files, data, information, etc. It reduces memory space, damage disks, etc. leading to sudden failure of system. It also corrupts the computer by slowing down or changing the sequence of operations. (Taylor, , Fritsch,and Liederbach,, 2014).Also, if virus is entered then it becomes difficult to access some data. It hinders the computer ability and accessing programs smoothly. Some virus are designed in such a way that they re modify themselves into system even after removing. Disgruntled Employee’s-It may lead to leaking of useful information such as formulas, process, methods, etc. This can be used by other business to take competitive advantage. Also, it creates fear in employees as they might lose their job. Moreover, 2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Geopolitical instability-This may hamper the entire industry. It takes place at large level so it leads to huge amount of financial loss of nation. Also, company loses its brand image and market value. Data Privacy-It highly affects the organisation as its confidential data is been leaked. The questions are raised on their privacy policy. Employees start complaining about this and it leads to decrease in their satisfaction. Compliance management-The compliance management will help in the better handling of the various operations and helps in the effective handling of different operations that helps in the better management of different operations in company in a very ethical way. Digital marketing:The digital marketing is prone to many risks of fake customers, phishers and other cyber threats, that can lay a negative impact on the operations of the company. C) Policies and procedures followed to reduce risks In order to protect the network from cyber attack organisation has to developed effective and strong policies. These policies are followed and implemented by management to ensure that employee have to follow specific rules while sharing data in network. Also, these policies are changed according to changes in systems and process (Nelson and Staggers, 2016).Also, policies defines what actions have to be taken in case of security breach. Moreover, a proper structure is defined on how network will work and who will be having the access of database.So for dealing with different types of security risk shown above certain policies are developed. These are describes below:- The data or information regarding the various operations and clients of the company should be safeguarded by the company using various security measures. Only authorised individuals must be provided with the accessibility to these resources to prevent any sort of data breaching or loss in the company. Disgruntled employee’s must be handles with strictness and strong actions should be taken to prevent the future repetition. Effective management of the various data resources and management of the operations of the company helps in the better handling of the various operations that helps in the effective handling of different operations at HDL. 3
Some major attacks are as follows: Disgruntled Employee’s- It is an internal cyber attack which involves employees. This includes using unauthorised access to gain some sensitive information or data of company. By doing this an employee generally wants to gain financial advantage. Geopolitical instability-This is a global level attack where hacker from different country attacks' anther country. It is due to poor relationships between them. Data Privacy-This means breaching of confidential data or information of a company. It is done by breaking the privacy policy of company. It happens when there are loop wholes in privacy policy or an employee by mistake shares it on network. Compliance management-It is a process that contains specific set of rules and regulations to be followed. It consists of many forms that has to be filled. The rules refer to compliance standards and the process through which it is managed is called compliance management. An employee breaking these rules may result in cyber crime. Digital marketing-It is a process through which business activities like promoting and advertising goods or services is done online. It uses different channels such as social media, e mails, websites, etc. This can lead to cyber attack through a hacker or outside person. Data-No confidential data must be shared via e mails. Systems-All systems must use single e mail software to share information via network. If any one system gets spam e mails then it must be restricted to enter into network. Network-Policy must be created to restrict the use of untrusted websites. Moreover, limited access must be given for using websites that can cause security threats. Web system-These systems must be designed with effective security measures and software so that it can automatically detect spam and remove it (Tarafdar, and et..al 2015). Also, it can identify and delete spam mails. Virus-The only way to control virus is installing anti virus in the system. This will allow system to detect virus and scan it. Also, it will help in maintaining the efficiency of system.The anti virus must be updated regularly to avoid system getting outdated. Along with this, if virus enters 4
in file then it must not be shared within network. It is important that anti virus installed must be authentic otherwise it can lead to huge loss of data. Data-All the data and information must be backed up. This will help in retrieving the lost data from database. Systems-Each system must be installed with anti virus. Policy must be made to check and update system regularly so that it works properly (Laudon, and Laudon, 2016). Network-Besides this, a procedure must be developed to scan the entire network. It will help in determining outdated devices. Malware-Policies must be made to detect malware and report suspected infections. There are logical and physical policies for malware. The first thing that can be done is blocking peer to peer networking. It can be done by enforcing policy at gateway using application device control (ADC) component. Installing firewalls will act as defence external threat to organisation system. Physical policy can includes restricting access to equipments, it will help in preventing theft, human error, etc. For this an effective physical plan must be developed. It includes clients, server, network devices, etc. within organisation.Logical security includes user ID and password that is requires accessing the system. It contains use rights for sharing information on the network. It means limiting use of media such as floppy disk, increasing controls on key system, increasing levels of auditing, etc. (Ab Rahman, and et.al., 2016). Data-It must be backed up and sensitive data must be encrypted. An effective database must be maintained by proper security measures so that data can be protected. For this high security privacy policy must be developed. Systems-In this the system must be installed with firewalls. This will restrict unusual traffic within the system.Each system must be having anti virus and updated software so that they work properly. Policies must be developed to provide access only to organisational people for using the systems. This will ensure privacy of data and system. Web systems-These systems can be protected by designing in it proper way. Also, by using anti virus and conducting screening and background checks. This will help in making system more secured and protected. 5
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Wireless system-In this system are connected without any wires. To protect these systems, encryption devices can be used, it will help in limiting the access of data over network. Besides this, router can be secured by changing the SSID of router. Moreover, passwords can be changed to it more secured. Network-IT should also be installed with firewalls. The purpose is to restrict unusual traffic within network. Then network must be protected with firewall and cloud. This will block unneeded traffic from entering into the network.Also, by restricting the limitof datathat is transferred can be done . Operational impact of security breaches-A cyber attack can highly damage the entire business operations. It may lead to decrease its financial position or brand image. Five impact are:- Reputation damage- It can lead to decrease in customer trust ass well as stakeholders. Customers will not be interested in associating with company if their data gets leaked. Theft-Cyber crime can lead to theft of sensitive data. These data contains methods or formulas used by company. Leakage of this will highly impact the brand image of company. Financial loss-It is the major impact of cyber crime that will lead to financial loss of company. Due to this business might faces financial crises. It directly affects its growth and development of company. Besides this, As IT officer, for the effective handling of the various operations certain policies will be developed which will help in the effective management of the various operations can be taken for better data security in company are: ï‚·Disgruntled employee's:Such employee's must be handled with discipline for the better management of the different operations of the company and meeting the security requirements of the organisation. If an employee is found in suspicious activities, termination can be taken for the effective handling of various operations. ï‚·Geopolitical instability:The change or alteration of the geopolitical factors are needed to be taken into proper consideration that helps in the better management of the operations which helps in effective handling of various operations in company for better data information and system security. 6
Dataprivacy:Theproperdataprivacymeasuresarerequiredtobetakeninto consideration that helps in the effective management of the various operations for safeguarding the vital information of the HDL and its clients. It involves the effective measures such as strong firewalls, device restriction and access authentication that helps in the prevention of any attack on the data of company. Compliance management:The effective management of the compliance policies such as no access to restricted resources, no indulgence in malpractices and proper following of the various policies and regulations is must for the effective management of the system security in company. Digital marketing:The approach of digital marketing is most prone to the cyber threats and attacks. This helps in the effective handling of the measures that will help in the fulfilment of the various operation's in company. Besides this, it will help in effective handling of different cyber or system attacks. Besides this, the effective handling of the system network that will help in the effective handling of the various operations and thus will lead to the better fulfilment of different operations in company. This will help the cited firm to avoid and tackle any sort of security breach that may lead to lose of vital information of company. D) Strengths and weakness of procedures followed By implementing the above policies and procedures the security risks in systems and networks can be removed. This will create an effective network for sharing information. But there are certain strengths and weakness of polices applied. These are described below:- Virus –To tackle the viruses in the system, effective measures of installing an Antivirus will be taken into consideration. The major strength of it is that it provides the effective security to the system from various threats but it has a drawback that it required to be updated effectively to maintain its functioning. Disgruntled employee's:The handling of the disgruntled employee's is quite tedious task but it helps the company to maintain a data integrity and maintain a discipline in the company. But sometimes it leads to the loss of the important information of the company and effect the image of the firm. 7
Geopolitical instability:This is required to be handled with care to maintain the productivity and profitability of the company. Besides this, it can impact the working efficiency and operational capacity of company. Data Privacy:the data privacy will help the company to safeguard its vital information and data against any sort of cyber attack. Besides this, it needs to be handled with effective caution to meet the requirements of the company. Compliance management:The effective management of various rules and regulations will help in the better handling of various security measures in the company. Digital marketing:It is needed to be handled in a very effective way to meet the requirements of the company. Also, it helps in the increase oif productivity and profitability of company. E) Security risks associated with cloud services Cloud computing:-It is a model that uses network of remote servers on internet to store and process data rather than using local network. C- Common infrastructure L- Location independence O- Online accessibility U- Utility pricing D- On-Demand resources NIST cloud service models are:- Infrastructure as a Service (IaaS)-It is a self service model that manages remote data centre infrastructure. It provides resources over internet by using third party such as Amazon web services or Google. In this customer does payment for what he or she has used. 8
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Platform as a Service (PaaS) –It helps organisation to build, rune and manage application without using IT infrastructure. With this it becomes easy to make, develop applications. It brings more efficiency in cloud. Also, it reduces cost of organisation. Software as a Service (SaaS) –They are generally licensed software.It is a centrally hosted cloud. It can be accessed directly from a web server without downloading or installing anything. Cloud Deployment Models Cloud can be deployed in a number of ways. The choice of deployment models really comes down to whether you want to own the cloud, rent the cloud, or a mixture of both. It consists of four types:- Public cloud:Public cloud storage contains multi tenant storage that provides an environment for unstructured data. In this data is stored at global level and services are provided to customers who are spread all over the world. Each tenants in public cloud is isolated from others. This provide a greater bandwidth network connectivity to transmit data. Its feature is that multiple data centres are used. In these customers or organisation have to pay on how much data they have used. This payment method is similar to utility model. Private cloud:Private cloud storage is a model that is generally used by large business within a specific environment. It runs on data centre that are installed with strong security measures. Moreover, the customer base cloud storage are limited to outside environment of organisation. It uses traditional information technology infrastructure that is difficult to maintain. Community cloud: Infrastructure for the use of a specific community of consumers from Various organisations with shared concerns (e.g. financial traders, airlines, government). Hybrid cloud:Hybrid cloud is the combination of both public and private cloud storage. It is like a third party service provider that have features of public ad private. It provides flexibility to business by developing their own cloud infrastructure. It creates a gateway using application program interface that serves between public and organisation premises. It is often implemented by using a cloud storage appliance software Problems in Cloud Computing Loss of control -It refers to losing data, resources, etc. the security measures are provided by cloud provider. It can be protected by monitoring cloud or using different cloud network./ 9
Lack of trust-It is very hard to trust on cloud provider, sometimes they use unauthorised access to gain customer data or information. For protecting data strict policies must be developed. Moreover, contracts must be signed between parties. Multi tenancy issues-It occurs due to conflicts between both parties. It means that it separates two tenants. Measures taken to minimise security issues- Minimise lack of trust-It can be reduced by developing a standard language for policies. This must be agreed by both parties. Also, policy language must be understandable by customer and easy to merge or combine. Moreover, policy must be certified by Oxley, DIACAP, etc. Minimise loss of control-It can be minimised by monitoring the critical applications used in cloud computing.It enables both provider and tenant to monitor the components in the cloud. Also, it provides mechanism to provider to take action on attacks. ï‚·Utilising different clouds- Consumer may use services from different clouds using multi cloud architecture. It will help in reducing the risk and increasing redundancy. ï‚·Access control management-It can be done by providing layers of access control. Example- access top cloud, access top server, etc. This can be controlled by provider or consumer. Along with this, consumer can manage its authentication by implementing control policies or security measures. Minimise tenancy issues-It will help in increasing isolation between tenants. This can be done by following strong isolation techniques. Security : physical network and virtualisation Outside attacks-These attacks are DDOS attacks or application program interfaceendpoints attacks. Inside attacks-It is related to internal attacks that occurs within the cloud. It includes IP spoofing, port scanning, packet sniffing, etc. These attacks can be prevented by cloud service provider by implementing standard and proprietary networking techniques. The provider can develop terms of service for accessing the cloud. 10
Risk is considered as the possibility that a certain threat will exploit a vulnerability to cause harm to an asset. In the era of digitisation and rise of information technologies, the organisations are using different means to improve the technological practices and improving the business. Cloud computing is one of the best and efficient method of storing and acquiring data stored on virtual network. But, there are certain risk associated with cloud computing that can negatively impacts on the organisational performance. These are unauthorised access to customer and business data, security risk at the vendor, compliance and legal risks, risks regarding lack of control, etc. (Merkow and Breithaupt,2014) As Furniture Direct Limited desires to using cloud services like Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) as part of their Expansion plan, they need to consider the certain security risk associated with each service. These are evaluated below: Security Risk Associated with Infrastructure as a Service (IaaS) ï‚·Misconfiguration risk:Infrastructure as a Service (IaaS)provides virtualised computing resources over the Internet hosted by a 3rd party. The major risk associated with the service is misconfiguration risk. If the infrastructure has been misconfigured or not configured appropriately, the hackers will get access to the network or server and they can steal data from the server efficiently.ï‚·Uncover Shadow-IT in IaaS:It is very easy in cloud IaaS to deploy a new server by terminating previous one. If the previous server does not update during patching than this server become more risky and vulnerable server in organisation (Nelson, and Staggers, 2016).ï‚·Vulnerabilities-Iaas does not protect from vulnerabilities and weakness in application and data. It becomes a bottleneck in enterprise infrastructure security. Security Risk Associated with Platform as a Service (PaaS) ï‚·Data Breach:Platform as a Service (PaaS) enables the organisations to establish, commenceandeventuallymanageWebapplicationswithoutnormallyrequired infrastructure. As the resources required a shared network, there is risk of data breach associated with the cloud service. 11
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ï‚·Lack of Secured software:PaaS offers SDLC which is not widely used. Furthermore, due to less availability of secured software, organisation tends to avoid using Platform as a Service cloud networking.ï‚·Vendor lock in-In these vendors dictate database, storage and application used by business. For running this business requires skills and infrastructure. Security Risk Associated with Software as a Service (SaaS) ï‚·Data Security Risk:SaaS cloud software is referred as on demand software, where organisations can subscribe or purchase license from different vendors. As it depends on how service provider is using the data, the security risk for breaching of data is always associated with the application(Nazareth and Choi, 2015). ï‚·SaaS Provider Application Risk:Application Risk is the inherent risk created by how the app was developed.For example, how does the app handle authentication and authorization? What access provisioning standards does it support?How are identities imported/exported into the app data store? ï‚·Weak cloud standards-The standards set in these are very weak and may lead to data breach. Also, service providers do not have enough control over data. ï‚·Secrecy-Cloud service providers do not reveal all the details about data centres and operations. With these customers and business finds it difficult to maintain their secrecy. CONCLUSION: From the above report it is concluded that an organisation is highly influenced by various types of security threats and risks. It affects the data and information of employees as well as organisation. Security risks such as viruses, malware, spam, etc. can occur within a network affecting the entire business operations. This can lead to leakage of confidential information and data.In order to protect the network from cyber attack organisation has to developed effective and strong policies. Cloud computing is one of the best and efficient method of storing and acquiring data stored on virtual network. 12
REFERENCES: Books and Journals: AbRahman,andet..al.,2016.Forensic-by-designframeworkforcyber-physicalcloud systems.IEEE Cloud Computing.3(1). pp.50-59. Ahson, S.A. and Ilyas, M., 2017.RFID handbook: applications, technology, security, and privacy. CRC press. AlHogail,A.,2015.Designandvalidationofinformationsecurityculture framework.Computers in Human Behavior.49.pp.567-575. Chen,andet..al.2016.Software-definedmobilenetworkssecurity.MobileNetworksand Applications.21(5). pp.729-743. Jamshidi, M. ed., 2017.Systems of systems engineering: principles and applications. CRC press. Laudon, K.C. and Laudon, J.P., 2016.Management information system. Pearson Education India. Merkow, M.S. and Breithaupt, J., 2014.Information security: Principles and practices. Pearson Education. Nazareth,D.L.andChoi,J.,2015.Asystemdynamicsmodelforinformationsecurity management.Information & Management.52(1). pp.123-134. Nelson, R. and Staggers, N., 2016.Health Informatics-E-Book: An Interprofessional Approach. Elsevier Health Sciences. Pathan, A.S.K. ed., 2016.Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press. Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in industrialinternetofthings.InProceedingsofthe52ndannualdesignautomation conference(p. 54). ACM. Tarafdar, and et..al 2015. The dark side of information technology.MIT Sloan Management Review.56(2). p.61. 13
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014.Digital crime and digital terrorism. Prentice Hall Press Online: SecurityThreatsthatcanaffectyourbusiness,2017.[Online]AvailableThrough: <http://www.nsiserv.com/blog/the-four-types-of-security-threats-that-can-affect-your-local- business> 14