Managing IT Security and Risk
VerifiedAdded on 2023/01/04
|25
|7497
|68
AI Summary
This documentation focuses on managing IT security and risk, specifically in the context of the ABC University. It discusses the concept of modern technology, the implementation of an Information Security Management System (ISMS), key assets protected by ISMS, and strategies for risk assessment and control. The report also highlights the roles of personnel, IT infrastructure, and stakeholders within the university.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Managing IT Security and Risk
1
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
EXECUTIVE SUMMARY
In this documentation, it has analysed about the concept of modern technology that applicable
within organization to improve their business performance and efficiency. This report is mainly
focused on the ABC University that has been implemented as ISMS (Information security
management system) technique to protect or secure different business operations. It helps to
prevent data and information. In this report it has been summarised about the University of ABC
and its operations, roles of personnel, IT infrastructure and stakeholders. Identifying the different
key asset that help to protect ISMS. Thus, it is necessary to identify risk which can occur in it so
that accordingly strategies and measures are taken.
2
In this documentation, it has analysed about the concept of modern technology that applicable
within organization to improve their business performance and efficiency. This report is mainly
focused on the ABC University that has been implemented as ISMS (Information security
management system) technique to protect or secure different business operations. It helps to
prevent data and information. In this report it has been summarised about the University of ABC
and its operations, roles of personnel, IT infrastructure and stakeholders. Identifying the different
key asset that help to protect ISMS. Thus, it is necessary to identify risk which can occur in it so
that accordingly strategies and measures are taken.
2
Contents
EXECUTIVE SUMMARY.............................................................................................................2
INTRODUCTION...........................................................................................................................4
TASKS.............................................................................................................................................4
Define the organisation and the business unit’s operations, roles of the personnel, IT and
physical infrastructure, and stakeholders.....................................................................................4
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets......................................................................6
Threats and exposures Research..................................................................................................9
CONCLUSION..............................................................................................................................23
REFERENCES..............................................................................................................................24
3
EXECUTIVE SUMMARY.............................................................................................................2
INTRODUCTION...........................................................................................................................4
TASKS.............................................................................................................................................4
Define the organisation and the business unit’s operations, roles of the personnel, IT and
physical infrastructure, and stakeholders.....................................................................................4
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets......................................................................6
Threats and exposures Research..................................................................................................9
CONCLUSION..............................................................................................................................23
REFERENCES..............................................................................................................................24
3
INTRODUCTION
With advancement in technology there are many new software and tools which are
developed. so, it is necessary to prevent data and information. This is because there are many
threats which are occurring and it has led to breach of security. Due to that, data security is being
affected. Thus, it is necessary to identify risk which can occur in it so that accordingly strategies
and measures are taken (Al-Dhahri, Al-Sarti, and Abdul, 2017). For that new and advance
technology is being implemented. Moreover, technology is helpful in preventing data threats and
breach of it. By stealing confidential data, hackers are able to earn money. For every business its
privacy and security are necessary elements to be protected. Similarly, The University of ABC
is university in which a new information security management system is been installed. This is
done to prevent risk that can occur in it. Furthermore, the new system can be used to store and
manage info. It will protect key asset of university as well. ISMS is a security management
system refer to policy and procedure for managing confidential data and info. It also enables in
reducing risk and protecting data privacy and security in it.
In this report it will be discussed about The University of ABC and its operations, roles of
personnel, IT infrastructure and stakeholders. Also, it will be described about key asset that
ISMS protect. In addition, the threats and elements which has occurred is explained. Also, threats
and risk assessment as well as strategies to control it will be mentioned. The risk associated with
new technology along with strategies will be included in this report as well (Ključnikov¹,, Mura,
and Sklenár, 2019).
TASKS
Define the organisation and the business unit’s operations, roles of the personnel, IT and physical
infrastructure, and stakeholders
The University of ABC is a university that is operating in UK. In that there are various
departments which are being run such as management, science, biology, etc. There is a large
campus in which all these operations are interconnected with one another. Besides that, there are
various sections as well for each department like IT, help desk, administrator, etc. Therefore,
4
With advancement in technology there are many new software and tools which are
developed. so, it is necessary to prevent data and information. This is because there are many
threats which are occurring and it has led to breach of security. Due to that, data security is being
affected. Thus, it is necessary to identify risk which can occur in it so that accordingly strategies
and measures are taken (Al-Dhahri, Al-Sarti, and Abdul, 2017). For that new and advance
technology is being implemented. Moreover, technology is helpful in preventing data threats and
breach of it. By stealing confidential data, hackers are able to earn money. For every business its
privacy and security are necessary elements to be protected. Similarly, The University of ABC
is university in which a new information security management system is been installed. This is
done to prevent risk that can occur in it. Furthermore, the new system can be used to store and
manage info. It will protect key asset of university as well. ISMS is a security management
system refer to policy and procedure for managing confidential data and info. It also enables in
reducing risk and protecting data privacy and security in it.
In this report it will be discussed about The University of ABC and its operations, roles of
personnel, IT infrastructure and stakeholders. Also, it will be described about key asset that
ISMS protect. In addition, the threats and elements which has occurred is explained. Also, threats
and risk assessment as well as strategies to control it will be mentioned. The risk associated with
new technology along with strategies will be included in this report as well (Ključnikov¹,, Mura,
and Sklenár, 2019).
TASKS
Define the organisation and the business unit’s operations, roles of the personnel, IT and physical
infrastructure, and stakeholders
The University of ABC is a university that is operating in UK. In that there are various
departments which are being run such as management, science, biology, etc. There is a large
campus in which all these operations are interconnected with one another. Besides that, there are
various sections as well for each department like IT, help desk, administrator, etc. Therefore,
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
there is no centralised system within university. But data and info of all students is stored in
database that is accessible to all sections and departments. Moreover, it has been analysed that a
technical support help desk in university is established. The role is to maintain overall IT
infrastructure in university. Also, they operate with other departments as well. There are various
people who are working in university in different department and sections. It is stated that their
role and responsibility vary from one another (Proença, and Borbinha, 2018). The administrator
role is to manage all activities such as approving students details, checking it, etc. Besides that,
in technical support IT expert role is to monitor overall IT systems and equipment, maintain it,
installation, checking, etc. The IT manager control and take report from IT expert regarding IT
section.
The IT infrastructure in university is not so advance enough. It is evaluated that there is
one central database where all students data is stored. Also, there is central server through which
all other departments server is connected. Each department is having its own server.
Furthermore, entire university is connected via LAN. There is also communication system
installed that is followed by The University of ABC . The IT infrastructure consists of building,
computer systems, printer, fax machine, etc that are connected to server. Additionally, physical
infra of university is campus, inverter, A/c, and other facilities. Thus, these all are entire infra of
university.
It has been stated that there are various stakeholders of university which can impact on its
operation and implementation of ISMS. These stakeholders need to be involved in decision
making and their needs must be identified. So, they are identified as below:
Students- they are main stakeholder of university that take admission in it. Also, they are those
whose data and info is stored in database. Alongside, student use systems and other IT software
tools and equipment (Stewart, and Jürjens, 2017).
Government- The government is stakeholder as they form rules and regulations that is applied
and followed by university. Other than this, they are responsible for controlling and monitoring
university as well. Here, both local and state government monitor and control university
5
database that is accessible to all sections and departments. Moreover, it has been analysed that a
technical support help desk in university is established. The role is to maintain overall IT
infrastructure in university. Also, they operate with other departments as well. There are various
people who are working in university in different department and sections. It is stated that their
role and responsibility vary from one another (Proença, and Borbinha, 2018). The administrator
role is to manage all activities such as approving students details, checking it, etc. Besides that,
in technical support IT expert role is to monitor overall IT systems and equipment, maintain it,
installation, checking, etc. The IT manager control and take report from IT expert regarding IT
section.
The IT infrastructure in university is not so advance enough. It is evaluated that there is
one central database where all students data is stored. Also, there is central server through which
all other departments server is connected. Each department is having its own server.
Furthermore, entire university is connected via LAN. There is also communication system
installed that is followed by The University of ABC . The IT infrastructure consists of building,
computer systems, printer, fax machine, etc that are connected to server. Additionally, physical
infra of university is campus, inverter, A/c, and other facilities. Thus, these all are entire infra of
university.
It has been stated that there are various stakeholders of university which can impact on its
operation and implementation of ISMS. These stakeholders need to be involved in decision
making and their needs must be identified. So, they are identified as below:
Students- they are main stakeholder of university that take admission in it. Also, they are those
whose data and info is stored in database. Alongside, student use systems and other IT software
tools and equipment (Stewart, and Jürjens, 2017).
Government- The government is stakeholder as they form rules and regulations that is applied
and followed by university. Other than this, they are responsible for controlling and monitoring
university as well. Here, both local and state government monitor and control university
5
operations. The installation of ISMS has to be in accordance with government policies and
guidelines.
Professors- They are teachers, lecturers, etc. who teaches students within university. They play
vital role in it as teachers uses IT infrastructure and systems in it. Apart from it, professors also
get involved in decision making. Moreover, in implementing of ISMS they will play important
role.
Trustee- These stakeholders provide or donate fund to university for its operations. The trustee
also allocates resources and capital to university. Furthermore, there is high impact of operations
on university by them. However, for implementing ISMS they provide funds.
Suppliers and vendors- They are the stakeholder that provide tools and equipment to university.
There is high impact on them with implementation of ISMS. The vendors are directly liked to
university. It is important to select right suppliers so that high quality materials are purchased
from them.
ISMS is a security management system refer to policy and procedure for managing
confidential data and info. It also enables in reducing risk and protecting data privacy and
security in it. Here, risk assessment is done to find out various risk which can occur and
strategies to reduce it. By implementing this it helps in proper and effective storing of data and
info. Furthermore, all policy and procedure will be followed in storing of info. (Stewart, and
Jürjens, 2017).
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets.
The University of ABC that are endeavouring to implement an information security management
system. It has been already to attempt to determine all essential key assets. There are various
kind of assets register in place and consider an idea of ISMS. Furthermore, there are different
kind of key assets applicable in the information security management system (ISMS) in the
organization (Kotenko, Fedorchenko and Doynikov, 2020). It involves information assets,
6
guidelines.
Professors- They are teachers, lecturers, etc. who teaches students within university. They play
vital role in it as teachers uses IT infrastructure and systems in it. Apart from it, professors also
get involved in decision making. Moreover, in implementing of ISMS they will play important
role.
Trustee- These stakeholders provide or donate fund to university for its operations. The trustee
also allocates resources and capital to university. Furthermore, there is high impact of operations
on university by them. However, for implementing ISMS they provide funds.
Suppliers and vendors- They are the stakeholder that provide tools and equipment to university.
There is high impact on them with implementation of ISMS. The vendors are directly liked to
university. It is important to select right suppliers so that high quality materials are purchased
from them.
ISMS is a security management system refer to policy and procedure for managing
confidential data and info. It also enables in reducing risk and protecting data privacy and
security in it. Here, risk assessment is done to find out various risk which can occur and
strategies to reduce it. By implementing this it helps in proper and effective storing of data and
info. Furthermore, all policy and procedure will be followed in storing of info. (Stewart, and
Jürjens, 2017).
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets.
The University of ABC that are endeavouring to implement an information security management
system. It has been already to attempt to determine all essential key assets. There are various
kind of assets register in place and consider an idea of ISMS. Furthermore, there are different
kind of key assets applicable in the information security management system (ISMS) in the
organization (Kotenko, Fedorchenko and Doynikov, 2020). It involves information assets,
6
supporting assets like hardware, people, buildings, software. Moreover, it also considered
intangible assets such as brand and reputation.
A common method or technique of identifying assets and then perform appropriate suitable
activities. Usually, a produce list of assets such as presented by manager of university ABC.
However, governance perspective there is primary responsibility of information security to
ensure that manager have improved their own understanding towards information assets. Various
assets relevance within a corporate governance structure to manage or control all essential assets
in proper manner.
In ABC University, A version of information security standard has been introduced as
distinct change to ISO 27001 requirements which now expect all information assets to be
consider rather than other physical assets (Brunner, Mussmann and Breu, 2019). Basically, it
including the value of enterprise where information about student, staff members are stored,
processed and accessible through information system. in some situation, information is consider
as real interest, less so network and other device, although clearly defining the assets.
Physical assets are basically associated with entire IT infrastructure and its processing:
Hardware- typically, it including IT servers, workstation, mobile devices and other kind
of network equipment’s. These are consider as useful that help to establish connection
with another network. In order to share an information from one device to another but it
is important to manage or control security aspects otherwise, it will increase a complex
situation of engineer to handle network connection through assets.
Software- It is another kind of asset which mainly purchased by ABC university.
Sometimes, it would upgrade their information system because it can utilise to improve
security and privacy. Software assets are considered the important role played within
ISMS (Information security Management system), providing the better way to increase
overall performance and efficiency of operational task.
Services- The actual server provided by end users through database system, e-mail etc. In
ABC University, higher authority will use different medium to interact with students,
7
intangible assets such as brand and reputation.
A common method or technique of identifying assets and then perform appropriate suitable
activities. Usually, a produce list of assets such as presented by manager of university ABC.
However, governance perspective there is primary responsibility of information security to
ensure that manager have improved their own understanding towards information assets. Various
assets relevance within a corporate governance structure to manage or control all essential assets
in proper manner.
In ABC University, A version of information security standard has been introduced as
distinct change to ISO 27001 requirements which now expect all information assets to be
consider rather than other physical assets (Brunner, Mussmann and Breu, 2019). Basically, it
including the value of enterprise where information about student, staff members are stored,
processed and accessible through information system. in some situation, information is consider
as real interest, less so network and other device, although clearly defining the assets.
Physical assets are basically associated with entire IT infrastructure and its processing:
Hardware- typically, it including IT servers, workstation, mobile devices and other kind
of network equipment’s. These are consider as useful that help to establish connection
with another network. In order to share an information from one device to another but it
is important to manage or control security aspects otherwise, it will increase a complex
situation of engineer to handle network connection through assets.
Software- It is another kind of asset which mainly purchased by ABC university.
Sometimes, it would upgrade their information system because it can utilise to improve
security and privacy. Software assets are considered the important role played within
ISMS (Information security Management system), providing the better way to increase
overall performance and efficiency of operational task.
Services- The actual server provided by end users through database system, e-mail etc. In
ABC University, higher authority will use different medium to interact with students,
7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
staff members regarding improvement of IT infrastructure. Thus, it help for collecting or
gathering large amount information or data. Service may be website, providing the better
views of users where they can easily access information. Afterwards, it is also identifying
the availability of information. For campus ISMS, it is an essential part of university to
maintain the security or privacy within their information system. Therefore, each and
every users can accessible multiple services in order share information from other
devices.
Any kind of asset can be established the grouping together in logical manner. Sometimes, it
would be considered all essential factors such as classification, information type and other
financial or non-financial values.
Within ABC University, ISMS must use to protect or secure of entire proposed business
unit and provide the better valuation of assets. As earlier mention the different assets that have
performed the specific role in which support for business in long term. It ensure that adequate
security protection throughout enterprise without any kind of accurate IT asset inventory to
validate as well as verify (Foege, Lauritzen and Salge, 2019). In this way, ABC University has
been conducting in the management program as fundamental to manage or control information
risks, threats more effectively.
Where Information assets and physical assets are considered ISMS scope, risks must be
assessed of any kind of loss or degradation occurs within information system. There are certain
responsibility of assets.
Inventory of assets
All IT hardware devices that are purchased by university, running or managing by
administrator. In order to monitor or track all activities. But certain level, it may show as out of
scope within ISMS. Different type of information related to students, staff members which may
be classified as special category under protection regulation. ISMS (Information security
management system) have been protected the sensitive information or data because of valuable
assets. As already identified the different essential assets that need to be handled accordance with
8
gathering large amount information or data. Service may be website, providing the better
views of users where they can easily access information. Afterwards, it is also identifying
the availability of information. For campus ISMS, it is an essential part of university to
maintain the security or privacy within their information system. Therefore, each and
every users can accessible multiple services in order share information from other
devices.
Any kind of asset can be established the grouping together in logical manner. Sometimes, it
would be considered all essential factors such as classification, information type and other
financial or non-financial values.
Within ABC University, ISMS must use to protect or secure of entire proposed business
unit and provide the better valuation of assets. As earlier mention the different assets that have
performed the specific role in which support for business in long term. It ensure that adequate
security protection throughout enterprise without any kind of accurate IT asset inventory to
validate as well as verify (Foege, Lauritzen and Salge, 2019). In this way, ABC University has
been conducting in the management program as fundamental to manage or control information
risks, threats more effectively.
Where Information assets and physical assets are considered ISMS scope, risks must be
assessed of any kind of loss or degradation occurs within information system. There are certain
responsibility of assets.
Inventory of assets
All IT hardware devices that are purchased by university, running or managing by
administrator. In order to monitor or track all activities. But certain level, it may show as out of
scope within ISMS. Different type of information related to students, staff members which may
be classified as special category under protection regulation. ISMS (Information security
management system) have been protected the sensitive information or data because of valuable
assets. As already identified the different essential assets that need to be handled accordance with
8
risk identification. Sometimes, it can be defined the risk-based services and classified to store
within information system. This will provide the better security and privacy to store information
in proper manner.
Threats and exposures Research
According to case study, The University Campus of ABC focus on the wide variety of
information exits and deployed within campus. Different type of information may be stored,
maintained and communicated in different ways. Traditionally, ABC University much is in hard
copy i.e. paper format (Colicchia Creazza and Menachof, 2019). It might be including all reports,
records and so on. With development and distribution of ubiquitous PC as great deal of
information which has been migrated from ledgers onto hard disks of computers.
If a campus is to consider, in broad terms, various kind of data or information stored within
university campus. In ABC University, Information security management system (ISMS) has
been adopted by university to improve its overall performance and efficiency. There are
particularity of campus network, security threats which are produced in both internal as well as
external causes.
Network security is continually becoming a particular area of tremendous focus on ABC
university campus of all sizes. There are various type of network security threats arise with
information system. It must require to maintain continuous protection of their entire network
systems, software.
Malware or Ransomware- the ABC university campus has fallen due to the ransomware
attacks every 20 seconds. These are growing more than 300% annually within internet of things
attacks increasing by 212% years. The Massive increase in this type of attacks was triggered by
development of cryptocurrencies such as Bitcoin, which allows for hackers to increase demand
of random anonymously (Kavallieratos and Katsikas, 2020). These are sophisticated attacks
starts by infecting secure database systems, threatening deletion or corruption of files. This type
of Malware or Ransomware will directly affecting on the information system in context of
security or privacy aspect.
9
within information system. This will provide the better security and privacy to store information
in proper manner.
Threats and exposures Research
According to case study, The University Campus of ABC focus on the wide variety of
information exits and deployed within campus. Different type of information may be stored,
maintained and communicated in different ways. Traditionally, ABC University much is in hard
copy i.e. paper format (Colicchia Creazza and Menachof, 2019). It might be including all reports,
records and so on. With development and distribution of ubiquitous PC as great deal of
information which has been migrated from ledgers onto hard disks of computers.
If a campus is to consider, in broad terms, various kind of data or information stored within
university campus. In ABC University, Information security management system (ISMS) has
been adopted by university to improve its overall performance and efficiency. There are
particularity of campus network, security threats which are produced in both internal as well as
external causes.
Network security is continually becoming a particular area of tremendous focus on ABC
university campus of all sizes. There are various type of network security threats arise with
information system. It must require to maintain continuous protection of their entire network
systems, software.
Malware or Ransomware- the ABC university campus has fallen due to the ransomware
attacks every 20 seconds. These are growing more than 300% annually within internet of things
attacks increasing by 212% years. The Massive increase in this type of attacks was triggered by
development of cryptocurrencies such as Bitcoin, which allows for hackers to increase demand
of random anonymously (Kavallieratos and Katsikas, 2020). These are sophisticated attacks
starts by infecting secure database systems, threatening deletion or corruption of files. This type
of Malware or Ransomware will directly affecting on the information system in context of
security or privacy aspect.
9
Distributed Denial of service attack (DDos) - This type of threat is overwhelming hosted
servers which causes them to become as inoperable. In order to increase the task of cyber-attack.
According to study, 33% of enterprise fall down because of denial of service attack. This can be
generated as disastrous for ABC university campus that make their transaction online.
Potentially, it causes of million dollars in lost revenue of business every day. There is likely that
not of potential thousands of hardware being used for DDos, actually belong to the attacker.
Instead of assume as compromised computers that are added to attack campus network by
distributed and malware across the global world.
Internal security threats
The weak sense of confidentiality, which has been increased unauthorised access to internal
used through campus network. It is one of the important aspect to maintain the network security
threats, the most likely to cause leakage with system resources. Additionally, campus net worm
is the simple to save time, naming of computer which often named after the name of department,
computer administrator does not make any kind of modifications (Longley, 2019). At certain
level, the attacker open the door so that unauthorised accessor can easily find the target of
interest from various intruding into confidential information. Internal users can be consider as
malicious attacks. It is another major cause of entire campus network security which become as
threatened. University focus on the local computer users, there is lack of student master even if
there level is not enough to manage or control threats.
External Security threats
Computer viruses are consider as external security threat within information security
network system. These are main reason for campus network that are facing external security
threats. Due to consider the particularity of campus network user base, Student often can
download software to use them and share all essential resources with each other. In this way, it
provide as favourable way for spreading the viruses within Information security network system.
At that time, it is important for predicating the rapid development of network where how will
directly spreading the viruses more widely manner. In additional, hackers are increasing a lot of
10
servers which causes them to become as inoperable. In order to increase the task of cyber-attack.
According to study, 33% of enterprise fall down because of denial of service attack. This can be
generated as disastrous for ABC university campus that make their transaction online.
Potentially, it causes of million dollars in lost revenue of business every day. There is likely that
not of potential thousands of hardware being used for DDos, actually belong to the attacker.
Instead of assume as compromised computers that are added to attack campus network by
distributed and malware across the global world.
Internal security threats
The weak sense of confidentiality, which has been increased unauthorised access to internal
used through campus network. It is one of the important aspect to maintain the network security
threats, the most likely to cause leakage with system resources. Additionally, campus net worm
is the simple to save time, naming of computer which often named after the name of department,
computer administrator does not make any kind of modifications (Longley, 2019). At certain
level, the attacker open the door so that unauthorised accessor can easily find the target of
interest from various intruding into confidential information. Internal users can be consider as
malicious attacks. It is another major cause of entire campus network security which become as
threatened. University focus on the local computer users, there is lack of student master even if
there level is not enough to manage or control threats.
External Security threats
Computer viruses are consider as external security threat within information security
network system. These are main reason for campus network that are facing external security
threats. Due to consider the particularity of campus network user base, Student often can
download software to use them and share all essential resources with each other. In this way, it
provide as favourable way for spreading the viruses within Information security network system.
At that time, it is important for predicating the rapid development of network where how will
directly spreading the viruses more widely manner. In additional, hackers are increasing a lot of
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
problem where attacking the campus network (Wisniewska and et.al., 2019). Usually, external
hackers can use program to control or operate remotely and direct way to damage the entire
campus network system. In some situation, Tireless hacker are basically tried to implant in the
user’s computer with the help of Trojan virus. It may arise as collusion in both inside or outside
which poses a threat to network security.
Campus network defect and physical security threats
Within ABC university, it has been generated the security threats from outside and inside
of network system. But at certain point, it will be developed as system vulnerabilities. This is
consider as one of common reason to defect of entire campus network (Colicchia Creazza and
Menachof, 2019). Due to the huge operating system code. It may vary degree so that
automatically increases some security vulnerabilities, some of different operating system mode
used. Another threat is that when using a complex system and their own security configuration
which is not completely enough. Thus, it is forming a security risk or threat.
A physical security threats has been developed. Network surrounding environment and
their physical properties in context of equipment, wiring which is not available. It has chance to
be stolen of device, destroyed, damage and destruction of intentional. As a result. It can easily
disclosure of information because of electron equipment’s unexpected to failure, power outages
and other type of natural disaster physical factors. These are directly affecting on the information
security network system. It will also pose a threat to maintain or control the normal operation
within campus network system.
Risk assessment and risk treatment strategy
A risk assessment matrix is defined the level of threat, risk by considering different
categories of probability or likelihood against consequence severity. It is one of the simplest
mechanism to increase its visibility of risks, assisting management with decision-making.
Generally, Risk can depend on the lack of certainty about the result or outcome of making a
particular choice (Kavallieratos and Katsikas, 2020). This type of risk assessment matrix allows
to campus network to develop an appropriate response that falls in line with goal of ABC
11
hackers can use program to control or operate remotely and direct way to damage the entire
campus network system. In some situation, Tireless hacker are basically tried to implant in the
user’s computer with the help of Trojan virus. It may arise as collusion in both inside or outside
which poses a threat to network security.
Campus network defect and physical security threats
Within ABC university, it has been generated the security threats from outside and inside
of network system. But at certain point, it will be developed as system vulnerabilities. This is
consider as one of common reason to defect of entire campus network (Colicchia Creazza and
Menachof, 2019). Due to the huge operating system code. It may vary degree so that
automatically increases some security vulnerabilities, some of different operating system mode
used. Another threat is that when using a complex system and their own security configuration
which is not completely enough. Thus, it is forming a security risk or threat.
A physical security threats has been developed. Network surrounding environment and
their physical properties in context of equipment, wiring which is not available. It has chance to
be stolen of device, destroyed, damage and destruction of intentional. As a result. It can easily
disclosure of information because of electron equipment’s unexpected to failure, power outages
and other type of natural disaster physical factors. These are directly affecting on the information
security network system. It will also pose a threat to maintain or control the normal operation
within campus network system.
Risk assessment and risk treatment strategy
A risk assessment matrix is defined the level of threat, risk by considering different
categories of probability or likelihood against consequence severity. It is one of the simplest
mechanism to increase its visibility of risks, assisting management with decision-making.
Generally, Risk can depend on the lack of certainty about the result or outcome of making a
particular choice (Kavallieratos and Katsikas, 2020). This type of risk assessment matrix allows
to campus network to develop an appropriate response that falls in line with goal of ABC
11
University. Most risk assessment matrix will take in the form of table or grid so that it can easily
dividing level of impacts, likelihood of risk occurring.
In ABC University, enterprise owner is mainly focused on the process of risk assessment
for identifying and evaluating risk for assets. It could be affected by cyberattacks. Basically, it
can be identified both external as well as internal threats, evaluate their potential impact on
things such as data availability, integrity and confidentiality. This will help for estimating the
cost or price of suffering from cyber-attack incident. With campus information, it will support to
control or manage the data protection and match requirement of university campus, tolerance of
risk level.
The risk assessment factors in the relationship between different elements. For example-
Suppose want to assess the risk associated within ABC university campus, hacker can try to
access information or data of university. Usually, they are directly affecting the information
security network system but a robust perimeter defenses that make protect or secure vulnerability
low. The risk will be medium even though the assets become is still critical.
Identifying the information Assets
According to scenario, ABC University can use valuable assets such as infrastructure,
database and application, people at the time of task executions. These are considered as
important assets within university Campus that can store, collect or analyse large amount of
information within different department.
On the other hand, ABC University has been identified the all valuable assets that could
harmed by threats (Longley, 2019). Here are just a few assets applicable within enterprise such
as partner documents, website, server, client contact information, consumer credit card detail and
trade secrets. Each and every department should use these assets to execute the different tasks in
proper manner.
12
dividing level of impacts, likelihood of risk occurring.
In ABC University, enterprise owner is mainly focused on the process of risk assessment
for identifying and evaluating risk for assets. It could be affected by cyberattacks. Basically, it
can be identified both external as well as internal threats, evaluate their potential impact on
things such as data availability, integrity and confidentiality. This will help for estimating the
cost or price of suffering from cyber-attack incident. With campus information, it will support to
control or manage the data protection and match requirement of university campus, tolerance of
risk level.
The risk assessment factors in the relationship between different elements. For example-
Suppose want to assess the risk associated within ABC university campus, hacker can try to
access information or data of university. Usually, they are directly affecting the information
security network system but a robust perimeter defenses that make protect or secure vulnerability
low. The risk will be medium even though the assets become is still critical.
Identifying the information Assets
According to scenario, ABC University can use valuable assets such as infrastructure,
database and application, people at the time of task executions. These are considered as
important assets within university Campus that can store, collect or analyse large amount of
information within different department.
On the other hand, ABC University has been identified the all valuable assets that could
harmed by threats (Longley, 2019). Here are just a few assets applicable within enterprise such
as partner documents, website, server, client contact information, consumer credit card detail and
trade secrets. Each and every department should use these assets to execute the different tasks in
proper manner.
12
Identifying the Asset Owner
The owner of ABC University is a responsible person for establishing a coordination
between different departments, they have identified the assets among HR, development, IT and
Finance. In order to collect or gather accurate detailed information in proper manner. A were
damaged according to case study, there are potential consequences faced by university due to
their financial loss. It would suffer if any kind of assets due to threats, risk. Basically, it arise the
common security threat within information system such as data loss, system or application
downtime and legal consequences.
Identify risks to Confidentiality, integrity and availability of Assets
A threat is anything that might exploit a vulnerability to breach the security and cause
harm of assets. On the basis of confidentiality, integrity and availability, here are some common
risk identifying such as system failure, accidental human interference, and natural disaster, other
type of malicious human actions (Wisniewska and et.al., 2019).
Analyse the risks, threat
As per analyzing the vulnerabilities due to risks, threat and then assessing likelihoods of
their exploitation. A vulnerability is weakness that allows some risk or threat to breach security
aspects. At some time, it cause harm to an asset. When analyzing risk which become potentially
that given threat will exploit its vulnerabilities of environment, cause harm to one or more assets.
Assess the risk on the basis of logical formula stated above and assign its own value which may
depend on the level of risk within system. Afterwards, It will develop as solution that can easily
maintain or control level of risk in proper manner.
Identify the certain level of risks
As identified the vulnerabilities that consider as weakness that allows some threat to
breach their security and cause harm to an assets. It is very important for identifying the reason
behind generated threats. Basically, attackers are mainly targeting the information security
system for ABC campus, if any kind of distraction identified so that it become easier for hacker
to access information or data. Another way, it can analyse that threat actually occurs, the chances
13
The owner of ABC University is a responsible person for establishing a coordination
between different departments, they have identified the assets among HR, development, IT and
Finance. In order to collect or gather accurate detailed information in proper manner. A were
damaged according to case study, there are potential consequences faced by university due to
their financial loss. It would suffer if any kind of assets due to threats, risk. Basically, it arise the
common security threat within information system such as data loss, system or application
downtime and legal consequences.
Identify risks to Confidentiality, integrity and availability of Assets
A threat is anything that might exploit a vulnerability to breach the security and cause
harm of assets. On the basis of confidentiality, integrity and availability, here are some common
risk identifying such as system failure, accidental human interference, and natural disaster, other
type of malicious human actions (Wisniewska and et.al., 2019).
Analyse the risks, threat
As per analyzing the vulnerabilities due to risks, threat and then assessing likelihoods of
their exploitation. A vulnerability is weakness that allows some risk or threat to breach security
aspects. At some time, it cause harm to an asset. When analyzing risk which become potentially
that given threat will exploit its vulnerabilities of environment, cause harm to one or more assets.
Assess the risk on the basis of logical formula stated above and assign its own value which may
depend on the level of risk within system. Afterwards, It will develop as solution that can easily
maintain or control level of risk in proper manner.
Identify the certain level of risks
As identified the vulnerabilities that consider as weakness that allows some threat to
breach their security and cause harm to an assets. It is very important for identifying the reason
behind generated threats. Basically, attackers are mainly targeting the information security
system for ABC campus, if any kind of distraction identified so that it become easier for hacker
to access information or data. Another way, it can analyse that threat actually occurs, the chances
13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
that damage assets. It may be old equipment’s and other physical appliances that will increase
vulnerabilities. In this way, it will be increasing the problem within software design or
configuration such as excessive access permission and unpatched workstation. Other type of
human factors such as untrained or careless staff members. These are increasing vulnerabilities
with system.
Prioritize the risk treatment
Here, using an effective risk management plan that help for providing better risk
treatment services in proper manner.
Threat Vulnerability Asset and
Consequence
Risk Solution
System Failure
(High)
Overloaded the
traffic level, poor
performance of
ISMS
Servers
All type of
services include
on website. It
will be
unavailable for at
least 3-4 hours
High
(increasing the
potential loss of
$40,000 per
occurrence)
Upgrade a new
Information
security system
and develop new
one. Actual cost
require $3000
Malicious
Human
(Interference)-
distributed
denial of service
attack
(High)
it happened the
improper
Firewall
configuration
and applied as
Good Mitigation
DDos
(Low)
Website will be
unavailable so
that it will be
generating loss
of money and
investment
(Critical)
Moderate
(it occurs the
potential loss of
$5000 per hours
because of down
time)
Monitoring the
firewall
Accidental
human
Permissions are
configured such
All
documentation
Low It is continuously
monitoring
14
vulnerabilities. In this way, it will be increasing the problem within software design or
configuration such as excessive access permission and unpatched workstation. Other type of
human factors such as untrained or careless staff members. These are increasing vulnerabilities
with system.
Prioritize the risk treatment
Here, using an effective risk management plan that help for providing better risk
treatment services in proper manner.
Threat Vulnerability Asset and
Consequence
Risk Solution
System Failure
(High)
Overloaded the
traffic level, poor
performance of
ISMS
Servers
All type of
services include
on website. It
will be
unavailable for at
least 3-4 hours
High
(increasing the
potential loss of
$40,000 per
occurrence)
Upgrade a new
Information
security system
and develop new
one. Actual cost
require $3000
Malicious
Human
(Interference)-
distributed
denial of service
attack
(High)
it happened the
improper
Firewall
configuration
and applied as
Good Mitigation
DDos
(Low)
Website will be
unavailable so
that it will be
generating loss
of money and
investment
(Critical)
Moderate
(it occurs the
potential loss of
$5000 per hours
because of down
time)
Monitoring the
firewall
Accidental
human
Permissions are
configured such
All
documentation
Low It is continuously
monitoring
14
interference
(High)
as auditing IT
software in this
place. Regularly
maintain or
control backup
which are taken
regularly
(Low)
files are sharing
but at certain
level, it should
be lost the
critical data or
information.
But almost
certainly could
be re-collected or
restored from
backup program
(Moderate)
permissions of
changes,
privileged usrs
and handle
backups.
Natural Disaster
(Moderate)
Increases
temperature of
control room at
any floor
(Very Low)
Server room is
increasing a lot
of issue or
problem
(Very Low)
Very Low No action needed
Table: 1
As per creating the strategy that need to enhancement of IT infrastructure and use as
mitigation to reduce the level of vulnerabilities within ABC university campus information
system. Afterwards, it is getting managed the sign-off. Furthermore, it can identify all essential
threat or risk that need to improve at certain level (Aven and Ylönen, 2019). So as consideration
of mitigation process which help to improve IT security infrastructure but cannot eliminate all
risk completely. If any kind of disaster occurs, it is important fixed the process and investigate or
try to prevent the risk, if happening again. Additionally, it make the consequences less harmful.
15
(High)
as auditing IT
software in this
place. Regularly
maintain or
control backup
which are taken
regularly
(Low)
files are sharing
but at certain
level, it should
be lost the
critical data or
information.
But almost
certainly could
be re-collected or
restored from
backup program
(Moderate)
permissions of
changes,
privileged usrs
and handle
backups.
Natural Disaster
(Moderate)
Increases
temperature of
control room at
any floor
(Very Low)
Server room is
increasing a lot
of issue or
problem
(Very Low)
Very Low No action needed
Table: 1
As per creating the strategy that need to enhancement of IT infrastructure and use as
mitigation to reduce the level of vulnerabilities within ABC university campus information
system. Afterwards, it is getting managed the sign-off. Furthermore, it can identify all essential
threat or risk that need to improve at certain level (Aven and Ylönen, 2019). So as consideration
of mitigation process which help to improve IT security infrastructure but cannot eliminate all
risk completely. If any kind of disaster occurs, it is important fixed the process and investigate or
try to prevent the risk, if happening again. Additionally, it make the consequences less harmful.
15
For Example- Mitigation process for sever failure such as identification of event, response
to use of disaster recovery plan and documentation to get the server up and running. Afterwards,
it can easily analysis system failure because of overheating and using as low quality
equipment’s.
Risk treatment strategy
Once risks have been identified, analysed and evaluated, appropriate risk treatment
strategy should be applied to reduce, remove and retain each type of risk in proper manner.
Sometimes, it is depending on the different factors that need to select best one for eliminating the
high level risks within ABC university campus. Basically, The University might select the best
possible strategy to avoid risk and tolerance level (Radanliev and et.al., 2019). In above
discussion, it has been already identified the different type of risks, threats such as Malicious
human (interference), Natural disaster, Accidental human errors and system failure. These are
commonly risk identified within information security system of ABC University.
Risk controls-
According to ISO 3100 which mainly define as control to measure or action so that that can
easily modified risk or threat. Basically, it can be measured the certain level of system failure,
natural disaster so that applied the appropriate policies, procedures, practices, technique or
method and device that can utilize to modify or manage threat or risk in proper manner.
Risk treatment become control or modify the existing controls, once they have been
implemented in proper manner.
Strategy: 1 Preparing and implementing risk treatment plan
Once risks have been determined, evaluated and risk treatment course of action. As per
identified the system failure threat which need to establish the communication with other
stakeholders regarding information or data. A treatment plan should be accurate, concise and
deliver better information in timely manner. In this way, it is important for outlining the different
risk criteria, analysis and treatment which help for identify who become accountable for ensuring
listed controls.
16
to use of disaster recovery plan and documentation to get the server up and running. Afterwards,
it can easily analysis system failure because of overheating and using as low quality
equipment’s.
Risk treatment strategy
Once risks have been identified, analysed and evaluated, appropriate risk treatment
strategy should be applied to reduce, remove and retain each type of risk in proper manner.
Sometimes, it is depending on the different factors that need to select best one for eliminating the
high level risks within ABC university campus. Basically, The University might select the best
possible strategy to avoid risk and tolerance level (Radanliev and et.al., 2019). In above
discussion, it has been already identified the different type of risks, threats such as Malicious
human (interference), Natural disaster, Accidental human errors and system failure. These are
commonly risk identified within information security system of ABC University.
Risk controls-
According to ISO 3100 which mainly define as control to measure or action so that that can
easily modified risk or threat. Basically, it can be measured the certain level of system failure,
natural disaster so that applied the appropriate policies, procedures, practices, technique or
method and device that can utilize to modify or manage threat or risk in proper manner.
Risk treatment become control or modify the existing controls, once they have been
implemented in proper manner.
Strategy: 1 Preparing and implementing risk treatment plan
Once risks have been determined, evaluated and risk treatment course of action. As per
identified the system failure threat which need to establish the communication with other
stakeholders regarding information or data. A treatment plan should be accurate, concise and
deliver better information in timely manner. In this way, it is important for outlining the different
risk criteria, analysis and treatment which help for identify who become accountable for ensuring
listed controls.
16
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
A good risk treatment plan is useful for communicating on broad level of current risk
management strategy. The rationale behind the decisions which made regarding removed,
retained risks and mitigated risk in proper manner. This type of plan will integrate into overall
business performance and review all commitment of stakeholder in order to eliminate risks,
threat. It is going to be continuously effective way to drive the improvement across the
organization.
Risk Avoidance strategies
As manager have seen, there are various kind of risks, threat increases which needs to
apply and extremely useful to risk management and elusion risk. In this way, it enabled to react
in certain risks that affect on the activity of enterprise. This type of risk avoidance strategy will
help for implementing the corrective measurement so that it help to minimize consequences. This
type of situation can give rise to delay in the overall business formation of crisis management.
This is primary reason where they can applicable as suitable principle to handle the critical
condition or situation.
Avoidance- it is consider the most commonly used strategy that has taken to depart from
risk situation or remove the different activities. In this way, it will increase the level of
risks, threats i.e. triaging a project, declining the service in system failure (Radanliev and
et.al., 2019). Another way, it can use the stable design pattern while help for reducing the
complex performance of system while maintain standard process and moving up the
capability.
Reduction- As per identified threat of nature disaster so as implementing the actions to
reduce risk likelihood or consequences. Sometimes, it may involve any kind of approach
of everyday business activities, helping the process to control decision. In this way, it can
help to increase level or breathe of control.
Sharing- It is also important aspect which can perform action to reduce risk likelihood or
consequence by transferring and other sharing a portion of risk. When identifying risk
related to malicious human (inference) that need to handle the transactions, outsourcing
17
management strategy. The rationale behind the decisions which made regarding removed,
retained risks and mitigated risk in proper manner. This type of plan will integrate into overall
business performance and review all commitment of stakeholder in order to eliminate risks,
threat. It is going to be continuously effective way to drive the improvement across the
organization.
Risk Avoidance strategies
As manager have seen, there are various kind of risks, threat increases which needs to
apply and extremely useful to risk management and elusion risk. In this way, it enabled to react
in certain risks that affect on the activity of enterprise. This type of risk avoidance strategy will
help for implementing the corrective measurement so that it help to minimize consequences. This
type of situation can give rise to delay in the overall business formation of crisis management.
This is primary reason where they can applicable as suitable principle to handle the critical
condition or situation.
Avoidance- it is consider the most commonly used strategy that has taken to depart from
risk situation or remove the different activities. In this way, it will increase the level of
risks, threats i.e. triaging a project, declining the service in system failure (Radanliev and
et.al., 2019). Another way, it can use the stable design pattern while help for reducing the
complex performance of system while maintain standard process and moving up the
capability.
Reduction- As per identified threat of nature disaster so as implementing the actions to
reduce risk likelihood or consequences. Sometimes, it may involve any kind of approach
of everyday business activities, helping the process to control decision. In this way, it can
help to increase level or breathe of control.
Sharing- It is also important aspect which can perform action to reduce risk likelihood or
consequence by transferring and other sharing a portion of risk. When identifying risk
related to malicious human (inference) that need to handle the transactions, outsourcing
17
an activities. This type of malicious threat will be reducing through as sharing better idea
so that implementing appropriate approach. In order to minimize the consequence of risk
within organization.
Acceptance- by using this strategy, it cannot implement no action which taken to affect
the consequences or likelihood. This type of approach will help for acceptance all
essential resources.
Introducing a New technology to the operations
Cloud based storage allows data to be accessible and available anywhere, anytime. On
the other hand, Remote working is also consider as important aspect for operating a business
whether this is something that were already used to or not. Cloud storage is based on the new
technology that mainly used by ABC university in order to create IT Cloud based infrastructure
(Akinrolabu, Nurse and New, 2019). This will be collecting or gathering large amount or
information or data. Within the office environment, it is probably have a shared hard drive for
keeping everybody. Therefore, A cloud provides ideal solution for creating full of accessibility
and then turn into difficult situation.
The benefits of Cloud computing-
It became obvious thing that need to participate of each and every members, accessing
the information or data as per requirement. Manager of University ABC can also see exactly
what they have uploaded, download. The security of data is constantly maintained by cloud
storage data center which looks after it making it as safe.
The ABC University have been used the cloud storage or remote working techniques in
order to perform different operations and functions. This will help for impact on the existing
analysis and implementing suitable treatment strategy to eliminate threats, risk. Cloud computing
is based on the modern technology so that it will help for maintain the security as well as privacy
in proper manner.
18
so that implementing appropriate approach. In order to minimize the consequence of risk
within organization.
Acceptance- by using this strategy, it cannot implement no action which taken to affect
the consequences or likelihood. This type of approach will help for acceptance all
essential resources.
Introducing a New technology to the operations
Cloud based storage allows data to be accessible and available anywhere, anytime. On
the other hand, Remote working is also consider as important aspect for operating a business
whether this is something that were already used to or not. Cloud storage is based on the new
technology that mainly used by ABC university in order to create IT Cloud based infrastructure
(Akinrolabu, Nurse and New, 2019). This will be collecting or gathering large amount or
information or data. Within the office environment, it is probably have a shared hard drive for
keeping everybody. Therefore, A cloud provides ideal solution for creating full of accessibility
and then turn into difficult situation.
The benefits of Cloud computing-
It became obvious thing that need to participate of each and every members, accessing
the information or data as per requirement. Manager of University ABC can also see exactly
what they have uploaded, download. The security of data is constantly maintained by cloud
storage data center which looks after it making it as safe.
The ABC University have been used the cloud storage or remote working techniques in
order to perform different operations and functions. This will help for impact on the existing
analysis and implementing suitable treatment strategy to eliminate threats, risk. Cloud computing
is based on the modern technology so that it will help for maintain the security as well as privacy
in proper manner.
18
Identify the threats to this cloud computing technology and risk assessment level they represent
Cloud based technology is consider as on-demand delivery of IT capabilities in which
information technology infrastructure and other applications. In ABC University, Cloud storage
service are typically used into Software as a service. In this good way to offer better scalable
solution that detects threat before they reach the data center. By using Cloud storage technology
that can identify threats, risks in all shapes, sizes.
Denial of service attack-
it is one of the most common threat to cloud service in applicable layer distributed denial
of service attacks. This type of risks, threat will directly affecting on the operational activities of
cloud infrastructure. It must have found that different hackers actively exploiting weakness in
cloud defenses, utilizing cheap and easily accessible tool. DDoS attacks has become consider as
dangerous issue or problem that directly affecting the cloud services.
Lose of confidential data or information-
Confidentiality of data is one of the top cloud security threat and concern about the
information within IT leaders. In cloud technology, it may increase the issue or problem
regarding lack of visibility, sharing system with cloud service (Kar and Mishra, 2016). There are
potentially malicious insiders at cloud provider, which are directly affecting the overall business
tasks. At certain level, it may have chances to loss of sensitive or confidential information within
system. Cloud environment pose various kind of obstacles for safeguarding content. However, it
is very difficult to monitor or filter solution and impossible to deploy because of limitation of all
essential resources.
Managing complexity and risk-
The biggest threat in cloud such as certainly for larges, mature business which become
consider as complexity and risk. In ABC University, It would manage or control on-premise
deployment which break down the basic components. During data transmission, it is very
difficult to store, collect and transmit the data from one device to another. It may arise
complexities while generating threats, risks regarding information storage. The challenging
19
Cloud based technology is consider as on-demand delivery of IT capabilities in which
information technology infrastructure and other applications. In ABC University, Cloud storage
service are typically used into Software as a service. In this good way to offer better scalable
solution that detects threat before they reach the data center. By using Cloud storage technology
that can identify threats, risks in all shapes, sizes.
Denial of service attack-
it is one of the most common threat to cloud service in applicable layer distributed denial
of service attacks. This type of risks, threat will directly affecting on the operational activities of
cloud infrastructure. It must have found that different hackers actively exploiting weakness in
cloud defenses, utilizing cheap and easily accessible tool. DDoS attacks has become consider as
dangerous issue or problem that directly affecting the cloud services.
Lose of confidential data or information-
Confidentiality of data is one of the top cloud security threat and concern about the
information within IT leaders. In cloud technology, it may increase the issue or problem
regarding lack of visibility, sharing system with cloud service (Kar and Mishra, 2016). There are
potentially malicious insiders at cloud provider, which are directly affecting the overall business
tasks. At certain level, it may have chances to loss of sensitive or confidential information within
system. Cloud environment pose various kind of obstacles for safeguarding content. However, it
is very difficult to monitor or filter solution and impossible to deploy because of limitation of all
essential resources.
Managing complexity and risk-
The biggest threat in cloud such as certainly for larges, mature business which become
consider as complexity and risk. In ABC University, It would manage or control on-premise
deployment which break down the basic components. During data transmission, it is very
difficult to store, collect and transmit the data from one device to another. It may arise
complexities while generating threats, risks regarding information storage. The challenging
19
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
aspect of cloud infrastructure is to balance cloud based storage service. It would be developed
interference between data storage. It includes providing the level of technical disclosure that give
a power of ABC University to manage complexity and risk of blending the cloud in their IT
infrastructure.
Downtime because of cloud outage-
Cloud storage is being on a platform that appears to offer unlimited computing resources.
However, it has increased risk or threat of downtime and difficult to be managing the overall
business operational activities in enterprise infrastructure. The most challenging thing in cloud
technology that they can keep on top of complex and large sizeable network. At same time, many
user can access the network and faced risk within trouble shooting.
Additionally, operational risk from cloud technology that can be mitigated with the help
of process management. It help for preserving up time and maintain downtime.
Risk assessment level they represent
In above discussion, it has been identified the different type of threats, risks within cloud
technology such as loss of confidential data, downtime, increasing complexities or risk within
data storage. These are different issue or problem identified within cloud storage as modern
technology (Islam, Fenz and Mouratidis, 2017). However, all kind of security issues or problem
are developing as vulnerabilities with potential to be exploited and cause degree of damage.
The risk assessment level can be identified within Cloud storage technology on the basis
of situations, processes and things that may cause harm, particularly to the people who have been
analysed, evaluated the several type of risks. When it can found the determination which has
made, decide what different measurement should be in place and effectively eliminate or control
harmful threat or risk in cloud based technology.
As per identifying the level or rank of threats which is one way to determine which kind
of risk is becoming most serious. Thus, it needs to be control or manage in proper manner. ABC
University has to implement Cloud storage technique or method that will identify certain type of
20
interference between data storage. It includes providing the level of technical disclosure that give
a power of ABC University to manage complexity and risk of blending the cloud in their IT
infrastructure.
Downtime because of cloud outage-
Cloud storage is being on a platform that appears to offer unlimited computing resources.
However, it has increased risk or threat of downtime and difficult to be managing the overall
business operational activities in enterprise infrastructure. The most challenging thing in cloud
technology that they can keep on top of complex and large sizeable network. At same time, many
user can access the network and faced risk within trouble shooting.
Additionally, operational risk from cloud technology that can be mitigated with the help
of process management. It help for preserving up time and maintain downtime.
Risk assessment level they represent
In above discussion, it has been identified the different type of threats, risks within cloud
technology such as loss of confidential data, downtime, increasing complexities or risk within
data storage. These are different issue or problem identified within cloud storage as modern
technology (Islam, Fenz and Mouratidis, 2017). However, all kind of security issues or problem
are developing as vulnerabilities with potential to be exploited and cause degree of damage.
The risk assessment level can be identified within Cloud storage technology on the basis
of situations, processes and things that may cause harm, particularly to the people who have been
analysed, evaluated the several type of risks. When it can found the determination which has
made, decide what different measurement should be in place and effectively eliminate or control
harmful threat or risk in cloud based technology.
As per identifying the level or rank of threats which is one way to determine which kind
of risk is becoming most serious. Thus, it needs to be control or manage in proper manner. ABC
University has to implement Cloud storage technique or method that will identify certain type of
20
risks, threats. Afterwards, it will require to rank of threat through risk assessment matrix and
examine the situational activities.
Risk Matrix
Threat Solution
High Denial of service threat Implementing as security
approach to maintain the
privacy.
Medium risk Loss of confidential data or
information
Creating or upgrading
information security
management System (ISMS) to
eliminate the risk of data loss
Low risk Complexity in management and
operational activities
Implementing a cloud based
platform such as SaaS, PaaS. It
help to reduce complex
situation or condition within
cloud based IT infrastructure.
Immediately
Dangerous
Downtime risk or threat Monitoring or checking the
availability of traffic load. In
order to reduce large amount
of traffic rate within Server.
Table: 2
21
examine the situational activities.
Risk Matrix
Threat Solution
High Denial of service threat Implementing as security
approach to maintain the
privacy.
Medium risk Loss of confidential data or
information
Creating or upgrading
information security
management System (ISMS) to
eliminate the risk of data loss
Low risk Complexity in management and
operational activities
Implementing a cloud based
platform such as SaaS, PaaS. It
help to reduce complex
situation or condition within
cloud based IT infrastructure.
Immediately
Dangerous
Downtime risk or threat Monitoring or checking the
availability of traffic load. In
order to reduce large amount
of traffic rate within Server.
Table: 2
21
Risk treatment strategies for cloud technology identify changes that need to be incorporated into
original risk treatment plan.
In ABC University, it has been implementing as cloud based technology that help for
improving overall business performance. It may support for maintaining security as well as
privacy aspect within cloud storage (Islam, Fenz and Mouratidis, 2017). As earlier identified the
various kind of threat, risk within IT infrastructure so that it needs to make some change in the
current business while incorporating risk treatment plan. Moreover, it will be considerations of
risk treatment strategies that can reduce cloud based threats, risk.
Limit user access- largely, ABC university has been covered the entities and dangerous
with cloud network of campus. As simply to limit the user access so that it can utilize
overall business activities. This type of treatment strategy is one the most common
approach that help to control usage of large access within organization.
Secure third party validation- this is another type of risk treatment strategy that help for
providing secure IT infrastructure. Basically, ABC University can validate the cloud
security from third party and validating its current performance of business (Islam, Fenz
and Mouratidis, 2017). In order to authorization of person who have managed and
controlled the entire operational activities of university in proper manner. This will help
for eliminating cloud based risk or threat within organization.
Develop an incident response plan- it is one of effective plan and procedure that help for
developing guidelines related data breach incident. It plays important role to perform
certain actions to maintain security and privacy in proper manner.
22
original risk treatment plan.
In ABC University, it has been implementing as cloud based technology that help for
improving overall business performance. It may support for maintaining security as well as
privacy aspect within cloud storage (Islam, Fenz and Mouratidis, 2017). As earlier identified the
various kind of threat, risk within IT infrastructure so that it needs to make some change in the
current business while incorporating risk treatment plan. Moreover, it will be considerations of
risk treatment strategies that can reduce cloud based threats, risk.
Limit user access- largely, ABC university has been covered the entities and dangerous
with cloud network of campus. As simply to limit the user access so that it can utilize
overall business activities. This type of treatment strategy is one the most common
approach that help to control usage of large access within organization.
Secure third party validation- this is another type of risk treatment strategy that help for
providing secure IT infrastructure. Basically, ABC University can validate the cloud
security from third party and validating its current performance of business (Islam, Fenz
and Mouratidis, 2017). In order to authorization of person who have managed and
controlled the entire operational activities of university in proper manner. This will help
for eliminating cloud based risk or threat within organization.
Develop an incident response plan- it is one of effective plan and procedure that help for
developing guidelines related data breach incident. It plays important role to perform
certain actions to maintain security and privacy in proper manner.
22
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CONCLUSION
From above discussion, it has concluded that managing IT security and risk by using
ISMS, which plays important role for collecting large amount of data or information. in order to
protect or secure the information effectively and efficiently. It has been identified the conceptual
and logical framework of ISMS that needed to be consider all essential resources. In this report it
has been described about The University of ABC and its operations, roles of personnel, IT
infrastructure and stakeholders.
Furthermore, it can be identified the different kind of described key asset that help for
providing the better opportunities to secure or protect the university of ISMS. In addition, it has
been analysed that it may arise different threats, risk at the time of task executions. However, it
can be implementing as risk treatment strategies before identifying threats and risk in order to
control or manage the performance. Through analysis, this documentation has been addressed the
risk with implementing a new technology along with strategies must be included.
23
From above discussion, it has concluded that managing IT security and risk by using
ISMS, which plays important role for collecting large amount of data or information. in order to
protect or secure the information effectively and efficiently. It has been identified the conceptual
and logical framework of ISMS that needed to be consider all essential resources. In this report it
has been described about The University of ABC and its operations, roles of personnel, IT
infrastructure and stakeholders.
Furthermore, it can be identified the different kind of described key asset that help for
providing the better opportunities to secure or protect the university of ISMS. In addition, it has
been analysed that it may arise different threats, risk at the time of task executions. However, it
can be implementing as risk treatment strategies before identifying threats and risk in order to
control or manage the performance. Through analysis, this documentation has been addressed the
risk with implementing a new technology along with strategies must be included.
23
REFERENCES
Book and Journals
Akinrolabu, O., Nurse, J.R. and New, S., 2019. Cyber risk assessment in cloud provider
environments: Current models and future needs. Computers & Security. 87. p.101600.
Al-Dhahri, S., Al-Sarti, M. and Abdul, A., 2017. Information Security Management
System. International Journal of Computer Applications, 158(7), pp.29-33.
Aven, T. and Ylönen, M., 2019. The strong power of standards in the safety and risk fields: A
threat to proper developments of these fields?. Reliability Engineering & System Safety.
189. pp.279-286.
Brunner, M., Mussmann, A. and Breu, R., 2019, April. Enabling change-driven workflows in
continuous information security management. In Proceedings of the 34th ACM/SIGAPP
Symposium on Applied Computing (pp. 1924-1933).
Colicchia, C., Creazza, A. and Menachof, D.A., 2019. Managing cyber and information risks in
supply chains: insights from an exploratory analysis. Supply Chain Management: An
International Journal.
Foege, J.N., Lauritzen, G.D. and Salge, T.O., 2019. Reconceptualizing the paradox of openness:
How solvers navigate sharing-protecting tensions in crowdsourcing. Research Policy.
48(6). pp.1323-1339.
Islam, S., Fenz, S. and Mouratidis, H., 2017. A risk management framework for cloud migration
decision support. Journal of Risk and Financial Management. 10(2). p.10.
Kar, J. and Mishra, M.R., 2016. Mitigating Threats and Security Metrics in Cloud
Computing. JIPS. 12(2). pp.226-233.
Kavallieratos, G. and Katsikas, S., 2020. Managing Cyber Security Risks of the Cyber-Enabled
Ship. Journal of Marine Science and Engineering. 8(10). p.768.
Ključnikov¹, A., Mura, L. and Sklenár, D., 2019. Information security management in SMEs:
factors of success.
24
Book and Journals
Akinrolabu, O., Nurse, J.R. and New, S., 2019. Cyber risk assessment in cloud provider
environments: Current models and future needs. Computers & Security. 87. p.101600.
Al-Dhahri, S., Al-Sarti, M. and Abdul, A., 2017. Information Security Management
System. International Journal of Computer Applications, 158(7), pp.29-33.
Aven, T. and Ylönen, M., 2019. The strong power of standards in the safety and risk fields: A
threat to proper developments of these fields?. Reliability Engineering & System Safety.
189. pp.279-286.
Brunner, M., Mussmann, A. and Breu, R., 2019, April. Enabling change-driven workflows in
continuous information security management. In Proceedings of the 34th ACM/SIGAPP
Symposium on Applied Computing (pp. 1924-1933).
Colicchia, C., Creazza, A. and Menachof, D.A., 2019. Managing cyber and information risks in
supply chains: insights from an exploratory analysis. Supply Chain Management: An
International Journal.
Foege, J.N., Lauritzen, G.D. and Salge, T.O., 2019. Reconceptualizing the paradox of openness:
How solvers navigate sharing-protecting tensions in crowdsourcing. Research Policy.
48(6). pp.1323-1339.
Islam, S., Fenz, S. and Mouratidis, H., 2017. A risk management framework for cloud migration
decision support. Journal of Risk and Financial Management. 10(2). p.10.
Kar, J. and Mishra, M.R., 2016. Mitigating Threats and Security Metrics in Cloud
Computing. JIPS. 12(2). pp.226-233.
Kavallieratos, G. and Katsikas, S., 2020. Managing Cyber Security Risks of the Cyber-Enabled
Ship. Journal of Marine Science and Engineering. 8(10). p.768.
Ključnikov¹, A., Mura, L. and Sklenár, D., 2019. Information security management in SMEs:
factors of success.
24
Kotenko, I., Fedorchenko, A. and Doynikova, E., 2020. Data Analytics for Security Management
of Complex Heterogeneous Systems: Event Correlation and Security Assessment Tasks.
In Advances in Cyber Security Analytics and Decision Systems (pp. 79-116). Springer,
Cham.
Longley, A., 2019. Understanding and managing cyber security threats and countermeasures in
the process industries. Loss Prevention Bulletin. (268).
Proença, D. and Borbinha, J., 2018, July. Information security management systems-a maturity
model based on ISO/IEC 27001. In International Conference on Business Information
Systems (pp. 102-114). Springer, Cham.
Radanliev, P. and et.al., 2019. Cyber risk management for the Internet of Things.
Radanliev, P. and et.al., 2019. Definition of cyber strategy transformation roadmap for
standardisation of IoT risk impact assessment with a goal-oriented approach and the
internet of things micro Mart. University of Oxford.
Stewart, H. and Jürjens, J., 2017. Information security management and the human aspect in
organizations. Information & Computer Security.
Wisniewska, M. and et.al., 2019, July. The Human Factor in Managing the Security of
Information. In International Conference on Applied Human Factors and Ergonomics (pp.
38-47). Springer, Cham.
25
of Complex Heterogeneous Systems: Event Correlation and Security Assessment Tasks.
In Advances in Cyber Security Analytics and Decision Systems (pp. 79-116). Springer,
Cham.
Longley, A., 2019. Understanding and managing cyber security threats and countermeasures in
the process industries. Loss Prevention Bulletin. (268).
Proença, D. and Borbinha, J., 2018, July. Information security management systems-a maturity
model based on ISO/IEC 27001. In International Conference on Business Information
Systems (pp. 102-114). Springer, Cham.
Radanliev, P. and et.al., 2019. Cyber risk management for the Internet of Things.
Radanliev, P. and et.al., 2019. Definition of cyber strategy transformation roadmap for
standardisation of IoT risk impact assessment with a goal-oriented approach and the
internet of things micro Mart. University of Oxford.
Stewart, H. and Jürjens, J., 2017. Information security management and the human aspect in
organizations. Information & Computer Security.
Wisniewska, M. and et.al., 2019, July. The Human Factor in Managing the Security of
Information. In International Conference on Applied Human Factors and Ergonomics (pp.
38-47). Springer, Cham.
25
1 out of 25
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.