Managing IT Security and Risk
Added on 2023-01-04
25 Pages7497 Words68 Views
Managing IT Security and Risk
1
1
EXECUTIVE SUMMARY
In this documentation, it has analysed about the concept of modern technology that applicable
within organization to improve their business performance and efficiency. This report is mainly
focused on the ABC University that has been implemented as ISMS (Information security
management system) technique to protect or secure different business operations. It helps to
prevent data and information. In this report it has been summarised about the University of ABC
and its operations, roles of personnel, IT infrastructure and stakeholders. Identifying the different
key asset that help to protect ISMS. Thus, it is necessary to identify risk which can occur in it so
that accordingly strategies and measures are taken.
2
In this documentation, it has analysed about the concept of modern technology that applicable
within organization to improve their business performance and efficiency. This report is mainly
focused on the ABC University that has been implemented as ISMS (Information security
management system) technique to protect or secure different business operations. It helps to
prevent data and information. In this report it has been summarised about the University of ABC
and its operations, roles of personnel, IT infrastructure and stakeholders. Identifying the different
key asset that help to protect ISMS. Thus, it is necessary to identify risk which can occur in it so
that accordingly strategies and measures are taken.
2
Contents
EXECUTIVE SUMMARY.............................................................................................................2
INTRODUCTION...........................................................................................................................4
TASKS.............................................................................................................................................4
Define the organisation and the business unit’s operations, roles of the personnel, IT and
physical infrastructure, and stakeholders.....................................................................................4
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets......................................................................6
Threats and exposures Research..................................................................................................9
CONCLUSION..............................................................................................................................23
REFERENCES..............................................................................................................................24
3
EXECUTIVE SUMMARY.............................................................................................................2
INTRODUCTION...........................................................................................................................4
TASKS.............................................................................................................................................4
Define the organisation and the business unit’s operations, roles of the personnel, IT and
physical infrastructure, and stakeholders.....................................................................................4
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets......................................................................6
Threats and exposures Research..................................................................................................9
CONCLUSION..............................................................................................................................23
REFERENCES..............................................................................................................................24
3
INTRODUCTION
With advancement in technology there are many new software and tools which are
developed. so, it is necessary to prevent data and information. This is because there are many
threats which are occurring and it has led to breach of security. Due to that, data security is being
affected. Thus, it is necessary to identify risk which can occur in it so that accordingly strategies
and measures are taken (Al-Dhahri, Al-Sarti, and Abdul, 2017). For that new and advance
technology is being implemented. Moreover, technology is helpful in preventing data threats and
breach of it. By stealing confidential data, hackers are able to earn money. For every business its
privacy and security are necessary elements to be protected. Similarly, The University of ABC
is university in which a new information security management system is been installed. This is
done to prevent risk that can occur in it. Furthermore, the new system can be used to store and
manage info. It will protect key asset of university as well. ISMS is a security management
system refer to policy and procedure for managing confidential data and info. It also enables in
reducing risk and protecting data privacy and security in it.
In this report it will be discussed about The University of ABC and its operations, roles of
personnel, IT infrastructure and stakeholders. Also, it will be described about key asset that
ISMS protect. In addition, the threats and elements which has occurred is explained. Also, threats
and risk assessment as well as strategies to control it will be mentioned. The risk associated with
new technology along with strategies will be included in this report as well (Ključnikov¹,, Mura,
and Sklenár, 2019).
TASKS
Define the organisation and the business unit’s operations, roles of the personnel, IT and physical
infrastructure, and stakeholders
The University of ABC is a university that is operating in UK. In that there are various
departments which are being run such as management, science, biology, etc. There is a large
campus in which all these operations are interconnected with one another. Besides that, there are
various sections as well for each department like IT, help desk, administrator, etc. Therefore,
4
With advancement in technology there are many new software and tools which are
developed. so, it is necessary to prevent data and information. This is because there are many
threats which are occurring and it has led to breach of security. Due to that, data security is being
affected. Thus, it is necessary to identify risk which can occur in it so that accordingly strategies
and measures are taken (Al-Dhahri, Al-Sarti, and Abdul, 2017). For that new and advance
technology is being implemented. Moreover, technology is helpful in preventing data threats and
breach of it. By stealing confidential data, hackers are able to earn money. For every business its
privacy and security are necessary elements to be protected. Similarly, The University of ABC
is university in which a new information security management system is been installed. This is
done to prevent risk that can occur in it. Furthermore, the new system can be used to store and
manage info. It will protect key asset of university as well. ISMS is a security management
system refer to policy and procedure for managing confidential data and info. It also enables in
reducing risk and protecting data privacy and security in it.
In this report it will be discussed about The University of ABC and its operations, roles of
personnel, IT infrastructure and stakeholders. Also, it will be described about key asset that
ISMS protect. In addition, the threats and elements which has occurred is explained. Also, threats
and risk assessment as well as strategies to control it will be mentioned. The risk associated with
new technology along with strategies will be included in this report as well (Ključnikov¹,, Mura,
and Sklenár, 2019).
TASKS
Define the organisation and the business unit’s operations, roles of the personnel, IT and physical
infrastructure, and stakeholders
The University of ABC is a university that is operating in UK. In that there are various
departments which are being run such as management, science, biology, etc. There is a large
campus in which all these operations are interconnected with one another. Besides that, there are
various sections as well for each department like IT, help desk, administrator, etc. Therefore,
4
there is no centralised system within university. But data and info of all students is stored in
database that is accessible to all sections and departments. Moreover, it has been analysed that a
technical support help desk in university is established. The role is to maintain overall IT
infrastructure in university. Also, they operate with other departments as well. There are various
people who are working in university in different department and sections. It is stated that their
role and responsibility vary from one another (Proença, and Borbinha, 2018). The administrator
role is to manage all activities such as approving students details, checking it, etc. Besides that,
in technical support IT expert role is to monitor overall IT systems and equipment, maintain it,
installation, checking, etc. The IT manager control and take report from IT expert regarding IT
section.
The IT infrastructure in university is not so advance enough. It is evaluated that there is
one central database where all students data is stored. Also, there is central server through which
all other departments server is connected. Each department is having its own server.
Furthermore, entire university is connected via LAN. There is also communication system
installed that is followed by The University of ABC . The IT infrastructure consists of building,
computer systems, printer, fax machine, etc that are connected to server. Additionally, physical
infra of university is campus, inverter, A/c, and other facilities. Thus, these all are entire infra of
university.
It has been stated that there are various stakeholders of university which can impact on its
operation and implementation of ISMS. These stakeholders need to be involved in decision
making and their needs must be identified. So, they are identified as below:
Students- they are main stakeholder of university that take admission in it. Also, they are those
whose data and info is stored in database. Alongside, student use systems and other IT software
tools and equipment (Stewart, and Jürjens, 2017).
Government- The government is stakeholder as they form rules and regulations that is applied
and followed by university. Other than this, they are responsible for controlling and monitoring
university as well. Here, both local and state government monitor and control university
5
database that is accessible to all sections and departments. Moreover, it has been analysed that a
technical support help desk in university is established. The role is to maintain overall IT
infrastructure in university. Also, they operate with other departments as well. There are various
people who are working in university in different department and sections. It is stated that their
role and responsibility vary from one another (Proença, and Borbinha, 2018). The administrator
role is to manage all activities such as approving students details, checking it, etc. Besides that,
in technical support IT expert role is to monitor overall IT systems and equipment, maintain it,
installation, checking, etc. The IT manager control and take report from IT expert regarding IT
section.
The IT infrastructure in university is not so advance enough. It is evaluated that there is
one central database where all students data is stored. Also, there is central server through which
all other departments server is connected. Each department is having its own server.
Furthermore, entire university is connected via LAN. There is also communication system
installed that is followed by The University of ABC . The IT infrastructure consists of building,
computer systems, printer, fax machine, etc that are connected to server. Additionally, physical
infra of university is campus, inverter, A/c, and other facilities. Thus, these all are entire infra of
university.
It has been stated that there are various stakeholders of university which can impact on its
operation and implementation of ISMS. These stakeholders need to be involved in decision
making and their needs must be identified. So, they are identified as below:
Students- they are main stakeholder of university that take admission in it. Also, they are those
whose data and info is stored in database. Alongside, student use systems and other IT software
tools and equipment (Stewart, and Jürjens, 2017).
Government- The government is stakeholder as they form rules and regulations that is applied
and followed by university. Other than this, they are responsible for controlling and monitoring
university as well. Here, both local and state government monitor and control university
5
operations. The installation of ISMS has to be in accordance with government policies and
guidelines.
Professors- They are teachers, lecturers, etc. who teaches students within university. They play
vital role in it as teachers uses IT infrastructure and systems in it. Apart from it, professors also
get involved in decision making. Moreover, in implementing of ISMS they will play important
role.
Trustee- These stakeholders provide or donate fund to university for its operations. The trustee
also allocates resources and capital to university. Furthermore, there is high impact of operations
on university by them. However, for implementing ISMS they provide funds.
Suppliers and vendors- They are the stakeholder that provide tools and equipment to university.
There is high impact on them with implementation of ISMS. The vendors are directly liked to
university. It is important to select right suppliers so that high quality materials are purchased
from them.
ISMS is a security management system refer to policy and procedure for managing
confidential data and info. It also enables in reducing risk and protecting data privacy and
security in it. Here, risk assessment is done to find out various risk which can occur and
strategies to reduce it. By implementing this it helps in proper and effective storing of data and
info. Furthermore, all policy and procedure will be followed in storing of info. (Stewart, and
Jürjens, 2017).
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets.
The University of ABC that are endeavouring to implement an information security management
system. It has been already to attempt to determine all essential key assets. There are various
kind of assets register in place and consider an idea of ISMS. Furthermore, there are different
kind of key assets applicable in the information security management system (ISMS) in the
organization (Kotenko, Fedorchenko and Doynikov, 2020). It involves information assets,
6
guidelines.
Professors- They are teachers, lecturers, etc. who teaches students within university. They play
vital role in it as teachers uses IT infrastructure and systems in it. Apart from it, professors also
get involved in decision making. Moreover, in implementing of ISMS they will play important
role.
Trustee- These stakeholders provide or donate fund to university for its operations. The trustee
also allocates resources and capital to university. Furthermore, there is high impact of operations
on university by them. However, for implementing ISMS they provide funds.
Suppliers and vendors- They are the stakeholder that provide tools and equipment to university.
There is high impact on them with implementation of ISMS. The vendors are directly liked to
university. It is important to select right suppliers so that high quality materials are purchased
from them.
ISMS is a security management system refer to policy and procedure for managing
confidential data and info. It also enables in reducing risk and protecting data privacy and
security in it. Here, risk assessment is done to find out various risk which can occur and
strategies to reduce it. By implementing this it helps in proper and effective storing of data and
info. Furthermore, all policy and procedure will be followed in storing of info. (Stewart, and
Jürjens, 2017).
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets.
The University of ABC that are endeavouring to implement an information security management
system. It has been already to attempt to determine all essential key assets. There are various
kind of assets register in place and consider an idea of ISMS. Furthermore, there are different
kind of key assets applicable in the information security management system (ISMS) in the
organization (Kotenko, Fedorchenko and Doynikov, 2020). It involves information assets,
6
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber security Planning and Compliance (pdf)lg...
|11
|3109
|30
Comprehensive Risk Report for ABC Fitness Gymlg...
|6
|713
|74
Implementing an Information Security Management System (ISMS) for ABC Organizationlg...
|2
|593
|260
Information Security Management: Guidelines for Risk Management and Certificationlg...
|14
|3312
|209
Professional Skills In Information Communication Technology: Cyber Securitylg...
|20
|6717
|27
Developing a security program in Banks of Americalg...
|14
|3858
|413