Components of Information Security Risk Management | Report
13 Pages4756 Words555 Views
Added on 2019-09-30
Components of Information Security Risk Management | Report
Added on 2019-09-30
ShareRelated Documents
DIPLOMA IN NETWORKING (LEVEL 7)INFORMATION SECURITYName[Email address]ASSESSMENT 2- Case Study Base
Task 1. Based on the case study, identify and analyse at least four (4) components ofinformation security risk management that the Te Mata Estate company could haveapplied in response to security breaches of its system.Ans. As mention in above case study of “Te Mata Estate company” that one of the employeesshared some sensitive information to a hacker in exchange of money, so there is need tofollow these component as I mention below.Identify — In this part our aim to develop an understanding of the cybersecurity risksto systems, people, assets, data and capabilities. Need to aware our staff membersabout the hacking and how it is so risky to share a little bit of company data to astranger. Understanding of a business context, current business needs and related riskshelps organizations determine threats and assign prioritize to their security efforts.Protect — Organisation shall implement appropriate safety guards and securitycontrols to protect their most critical assets against cyber threats. For Example, herewe can apply identity management system (Like ISE2.0 identity service Engine),that is very popular now a days and need to parallel apply some access controlpolicies on network devices to set privileges, role and rules and keep promoting/awareness and provide training to staff.Detect— Organisation need to quickly detect events that could pose risks to datasecurity with the help of some security device like IDS (intrusionDetection System)helps to quickly detect intrusion on network (As it wasanold technique). Usuallyorganizations rely on continuous security monitoring by some monitoring tools andincident detection techniques and remedy tools. Organizations take action against adetected cybersecurity easily if they have some auto prevention system Example IPS(intrusion prevention System),Its not only detect but also prevent from unnecessaryattacks/ malware as it is embedded by AMP (Advanced malware protection ) thatis always connected with Cloud to update the latest signature of worms etc.Recover — Organizations need to develop or implement various activities to restoresuch a capabilities by having some personal data center service. That was impacted bya security breaches, with the help this activities aim at supporting timely recovery tonormal operation so that it can reduce the impact from any attack , It also consider arecovery planning , improvements .(For eg. Introduce new policies or updates forexisting policies).(Reference – CCNP Security SIAS)1 | P a g e
Task 2. You are working as a security expert, evaluate whether the Te MataEstatecompany has followed the recommended assurance and compliance components inenhancing the system security. At least three (3) components to be evaluated.Ans. There are three components that Te Mata Estate company shall followed to enhancingthe system security breaches are:1. Confidentiality:When we talking about protecting information, we just want to be able to restrict access tothose who are permitted, everyone else should be disallowed from learning anything about itscontents. This phenomenon known as confidentiality. For example, A company restrictaccess to unauthenticated user of sensitive information. The company must be sure thatonly those who are authorized have access to view data / files.2. Integrity:Integrity is the assurance that the information being accessed has not been altered and trulyrepresents what is intended. Just as a person with integrity means what he or she says and canbe trusted to consistently represent the truth, information integrity means information trulyrepresents its intended meaning. Information can lose its integrity through malicious intent,such as when someone who is not authorized makes a change in function to intentionallydown something. An example of this would be when a hacker is hired to go into thecompany’s system and shoot an attack in system to downgrade it.3. Authentication:A most common way to identify someone is through their physical appearance, but how dowe identify someone sitting behind a computer screen or any system. Tools for authenticationare used to ensure that the person accessing the information is ,indeed , who they presentthemselves to be. Authentication can be accomplished by identifying someone through one ormore of three factors , something they know, something they have , or something they are.For example , The most common form of authentication today is the user id and password. Inthis case the authentication is done by confirming something that the user knows (their IDand password). But after successfully authentication next step is to push user an authorizationpolicy with access list. (Reference CCNA – security)2 | P a g e
Task 3.a. Select three (3) information security risk management controls and three standards.b. Identify and analyse these six controls and standards, which the Te Mata Estatecompany could have utilised prior to setting up the information system.Ans. Three information security risk management controls are:IT Security Policies- In this document it sets the baseline standards of IT security policy for Government bureaux / departments. It explains the aspects of paramount importance.IT Security Guidelines: It says on the policy requirements and sets the implementation standard on security requirements specified in Baseline IT Security Policy.Security Risk Assessment- This document states the reference and practical guidance for security risk assessment & audit in Government.Three information security risks Standard are:ISO 27001- This document states the requirements for ISO standards for establishing,implementing, maintaining and improving the information security management systemwithin the organizationCOBIT - Standards Board of Information Systems Audit and Control Association (ISACA)published the Control Objectives for Information and related Technology (COBIT) isproviding a control framework for the management and governance of enterprise IT.ITIL - This document tells best practices in IT service management (ITSM) and focuses onthe service IT processes and reviews the central role of user. A company (Like Te Mata Estate) can utilise these controls and Standard by: Follow the policies and stay to the policies:The organization should implement, maintenance and establish the Guidelines and policies ofinformation security. This is to ensure to access the information, employees should follow therule. Information security policies are very important in the organization because the information security policies will states the requirements for the information security.Hiring qualificatied employees:To secure and protect the confidential information well, organization should hire IT experts and employee who have the right qualification or certified like (CCIE /ITIL etc) to protect the data. This is to ensure the employee know what procedures should follow if problem occurs and to protect the data as well. Besides that, the IT expert or Employee have better knowledge of information security and know the steps to ensure the information is to keeping safely the information.3 | P a g e
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Assessment | DIPLOMA IN NETWORKING (LEVEL 7)lg...
|13
|4898
|279
Information Security Risk Management for Te Mata Estate Companylg...
|13
|4898
|293
Task 1. Based on the case study, identify and analyse alg...
|11
|4510
|1781
Assignment Information Security Hitches in Te Mata Estatelg...
|15
|5013
|179
Signs of a Network Data Breach & How to Prevent Onelg...
|6
|1682
|13
Early Detection of Cybersecurity Threats Using Collaborativelg...
|10
|8629
|3