SBM4304 IS Security and Risk Management

Added on -2020-02-24

| SBM4304| 13 pages| 2597 words| 34 views

Trusted by 2+ million users,
1000+ happy students everyday

Showing pages 1 to 4 of 13 pages

REPORT
ContentsIntroduction......................................................................................................................................2Content of the Security Policy.........................................................................................................2Security Model for IT......................................................................................................................3Security standards and controls.......................................................................................................4Risk analysis and contingency planning..........................................................................................5General management controls and application controls for IS........................................................7Security Principles...........................................................................................................................8Analysis of IT threats, vulnerabilities and tools including social engineering................................9importance of auditing IS and safeguarding data quality..............................................................10References......................................................................................................................................12
IntroductionThe IT security for Cisco is based on the computer systems from the theft or damage to handle the hardware, software or information with the disruption or the misdirection of the services, as and when they provided. The cyber security is included in the organisation with control of the physical access to the hardware and protecting the harm that comes through the network access, data and the code injection. The information security means to protect the data and the information system that comes from any of the unauthorised access, or the use, disclosure or the disruption. The information security management for Cisco is defined for controlling the securityand protecting the different information assets. The implementation of the information security isto argue and work towards the monitoring of the scree with secured knowledge. The operating systems are considered to seek for the beginning of the implementation of the security program and the objectives. Content of the Security Policy The security policy is based on the program to implement the information with the real proof of concepts and the explanation to be displayed on the monitoring screen. (Gerber et al, 2016). The OS passwords are then stored with proper acknowledgement of protecting the company and the assets for Cisco, the management of the risks is mainly through the identification of the assets and then working over the discovery of the same, with its proper estimation. One needs to provide with the proper security activities which are through framing of the information, procedures and setting the guidelines based on the baseline format. There are pogroms which are important for determining the security programs which includes:
A.The top down approach where there is a proper initiation, management and the support which comes from the top management and the work is handled through the middle management.(Diffie, 2016).B.The bottom up approach is for securely handle the program without any extra support anddirection.The advancement of the procedures is based on effectively handling the communication with the use of security control programs. They are designed for the developing and then publishing the policies, standards and the procedures. Security Model for ITThe best security model is the organisational based access control (OrBAC) for Cisco which is for the accessing of control that rests on the subject, action and the object. It is mainly to control the access of the policies with the specifications related to the permission to realize about the actions on a particular object. The OrBAC works on allowing the policy designer to properly define the security policy which is based on the implementation plan. The methods are chosen with the fulfillment of the goals and subjects which are abstracted into the roles. The activity includes the different set of actions which relates to the same security rule. The view includes thedifferent sets of the objects to identify about the security rules. (Ament & Haag, 2016).

Found this document preview useful?

You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss

Premium

$45

Q&A Library Access

Chat support

12

Document Unlocks

4

Answer Unlocks

Students who viewed this