IT Security Risks and Measures for Protection

Verified

Added on 2022/12/30

AI Summary

This report discusses IT security risks and measures for protection. It covers topics such as the potential impact of incorrect configuration of firewall policies and third party VPNs, the implementation of DMZ, static IP, and NAT for network security improvement, risk assessment procedures, data protection processes, the design of a security policy for an organization, and the components of an organizational disaster recovery plan. The report focuses on Soteria Cyber Safety Ltd, a global leader in physical and cyber security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
INTRODUCTION...........................................................................................................................3
TASK 1............................................................................................................................................4
P1 and P2 covered in power point presentation..........................................................................4
TASK2.............................................................................................................................................4
P3 Potential impact to IT security of incorrect configuration of firewall policies and third
party VPNs. ................................................................................................................................4
P4 How implementation of DMZ, static IP and NAT can improve network security with
examples. ....................................................................................................................................5
TASK3.............................................................................................................................................6
P5 Risk assessment procedures...................................................................................................6
P6 Data protection processes and regulations that are applicable to organisation. ....................7
TASK4.............................................................................................................................................7
P7 Design and implement a security policy for an organisation. ...............................................7
P8 Components of the organisational disaster recovery plan.....................................................8
CONCLUSION................................................................................................................................9
REFERENCES................................................................................................................................9

INTRODUCTION
IT security refers to security of data. They focus on three elements; confidentiality,
integrity and availability of data. In today's world, all important data is saved in laptop, PCs or in
any software. Earlier, data used to be secured in a filling cabinet but now everyone makes sure
that their data is secured enough and is a much broader term than cyber security. It is very
important to protect data, softwares so IT security helps in protecting it from all the damage
which can be done to particular information. There are many hackers so it is more necessary that
alll softwares are been secured. The below report involves security risks to organization,
procedures of organizational security, potential impact of wrong configuaration of firewall
policies and third party VPNs, implementation of DMZ, static IP, NAT can improve data
security, risk assessment procedures, process of data protection and regulations that are
applicable to organisation, designing and impletation of security policy and components of
organisational disaster recovery plan. The below report is about Soteria Cyber Safety Ltd. It is
the global leader in development and implementation of advanced physical and cyber security.
(Dycus and et.al, 2020)
TASK 1
P1 and P2 covered in power point presentation.
TASK2
P3 Potential impact to IT security of incorrect configuration of firewall policies and third party
VPNs.
The impact of IT security of incorrect configuration of firewall policies and third party
VPNs :-
FIREWALL POLICIES

 Non-standard authentication methods:- If an organisation uses non standard
method then they may face risk in their cyber security and they rely completely on that
particular firewall even it has some kind of default. So, it is recommended that they
should use standard ways so that their security becomes strong. Various obstacles can
arise if an organisation uses non standard methods. Through non-standard methods it
becomes very easy for hackers to break network. In case of Soteria cyber safety ltd., they
always used standard methods and through this their security was very strong and they
were not facing any barrier.
 Risky management services:- A security can be damaged if unncessary services
are running on firewall. There may be some IP conflicts that can arise due to rogue
DHCP servers who distributes IP addresses. So, organization must follow the concept of
generating lowest level of privileges which are necessary for organisation. As if too many
services will run together then it will not only affect performance but also increases
network load. In case of Soteria cyber safety ltd., they made sure that no unnecessary
services are being operating in firewall policy. (De Goede, 2018)
 Open policy configurations:- Security risk occurs if firewalls allow traffic from
any source to ultimate destination. There are certain situations when organization is not
sure about what they exactly need so they use open policy configurations. The teams
should provide minimum level of privilege that are needed by users. To reduce risks,
organisation should regularly visit policies so that they can generate information
regarding whether their applications are being properly used or not.
THIRD PARTY VPNs
 Compromised devices:- It is considered that third party VPNs will never destroy
vulnerabilities on internal basis. But the parties who use their own devices through the
use of VPN generate risk and due to this they bring malware to network.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Credential theft:- If incorrect configuration of third party VPN is done then there
may be a situation that passwords can be hacked through brute force attacks. The
username and password are also risky while accessing its credentials. If an organization is
using third party VPNs, then it increases the choice of cyber attacks. There are many
threats that are arising due to the use of third party VPNs.(Peoples and Vaughan-
Williams, 2020)
P4 How implementation of DMZ, static IP and NAT can improve network security with
examples. DMZ:- It refers to Demilitarized Zone which is considered as a security layer and also
protects internal system. The main function of DMZ is to control network traffic because
its the main principle to move all services from one network to another so that no
violation occurs. Due to this concept, the network remains safe from hackers who wish to
just delete all data. There are some services which uses DMZ so that their network can be
secured like web servers which are used in maintaining communication with an external
server so DMZ helps in ensuring safety for internal database. Static IP :- This refers to the concept of permanent address which is assigned to
computer by internet providers. The main advantage of static IP are speed and reliability.
It is implemented to improve netwrok security because their address remain same due to
which organization don't have to face difficulty in their connection which is very much
necessray to perform their tasks. Through the use of static IP address, it allows all
individuals to connect to the virtual network. It also plays a role when an individual want
to maintain private email server at their own business or even at home. (Easttom, 2019)
 NAT:- It refers to network address translation which is used to map multiple local private
address befor sending the information. This concept improves network security because it
enhance security by keeping internal addresses private from external network. It provides
both security and privacy because it transfers data from public to private address and
ensure no one else can access that data. (Sun, Hahn and Liu, 2018)

TASK3
P5 Risk assessment procedures.
There are five steps that are involved in assessing risks and it are explained as below:- Identify the hazards:- It involve three elements which should be considered while
identifying hazards; Practice, equipment and environment. Practice involves to look at
work activity which will cause them least harm and is there any activity which can be
done at unusual places. Equipment involves deciding which substance should be use and
identifying which hazards are connected with those substances. Environment refers to the
conditions of all local environment which are satisfied for all work activities. In case of
Soteria cyber safety ltd, they identified all their hazards and them implemented their
substances so that they can ensure better network security. Decide who could be harmed:- After assessing all hazards it is necessary to identify
which person is involved in activity and what they need to perform. There are certain
considerations that is given to specific people like nightworkers, workings who are
suffering from disabilities. The moment when it is identified that who may be at risk,
think about how they may be exposed to relevant hazards. In case of Soteria cyber safety
ltd. , they decided in advance that who can be harmed and also given consideration to
particular people. (Bramas, 2018) Evaluate the risk and decide on precautions:- It is very much necessary that
organization tries their best to avoid as many risk as possible. There is no rule to
eliminate all risks that they facing but protecting people to maximum possible way
should be done. There are certain measure that can be used for precautions like safety
signals, training and instructions, policies and so on. Record and implement:- It is necessary to record all your findings and it is directly
recorded in datix management system which allows to record detail about risk, summary
of risk, risk grade and after recording all details about risks, it should be implemented.
Through this it determines a safe workplace and organisational obejectives are achieved.
In case of Soteria organization also, they recorded all their findings regarding risk that
might affect them in context with their sensitive data.
 Review and update:- In an organisation risks should be reviewed on a continual basis
because if any update is necessary then it should be performed on time because it may be

possible that theer are some actions which are required to update the process so review
should be properly taken. (Hassija and et.al, 2019)
P6 Data protection processes and regulations that are applicable to organisation. Data processing under the data:-It processes personal data which is related to their work
seekers, their staff and client contacts which is used for the pupose of data protection
laws. It holds all processes in order for staff administration, accounts and records,
processing of client personal details for the pupose of giving work finding services. Information security:- The only person who can assess to add or delete some kind of
personal data is data protection officer. It is very important that all information is secured
and no incorrect processing should be done like personal details sent to the wrong person. Rights of the individual:- There are various rights for individual in case of data
protection laws like right to access personal data, right to erase some kind of personal
data in certain barriers, right to restrict processing of data, right to be informed and so on. Personal data breaches:- There are different measures that are taken by officer that
whether data breach has occurred or not. They are also responsible for giving alert to the
data controller as they have identified personal data breach. The moment when daat
breach is identified which leads to high risk in relation to their freedom of individuals. Record keeping:- The activities of the company are recorded on a written basis and it can
also be in electronic form which includes the name and contact details, what is the
purpose of process, details of recepients. (Goold and Lazarus, 2019)
 Complaints:- There are individuals who have complaint regarding their personal data
that it is used by hackers so all complaints are been transferred to data protection officer.
TASK4
P7 Design and implement a security policy for an organisation.1. Purpose:- It is the first step while designing and implementing security policy. Each
company has their own sub-phases. So, before designing any security policy and
implementing those policies, it is necessary that policy statements should be properly
constructed and a proper team structure should be established.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2. Audiences:- When a policy statement is constructed, so while managing all network
security a partner is important so they should get all information which is available to
them only. (Kirchner and Sperling, 2018)3. Information security objectives:- For every organisation the main purpose is to ensure
that their information is secured so for this every department should have a cross-
functional security team which are given certain security trainings.4. Security awareness and behaviour:- It means to identify changes that happened in
network which verifies that whether it has some violation or not. It depends on phase of
security changes.
5. Restoration:- This concept is related to gain back all information regarding normal
network operations. It determines how normal backups can get available for systems.
P8 Components of the organisational disaster recovery plan.
There are six steps that are considered in disaster recovery plan and it is explained as
below:-
 The scope of your plan:- Organisations can get affected by many crises so it is necessary
that all attributes of organisation should be properly protected so scope of plan should be
properly defined in relation to what it includes.
 Organisational roles and responsibilities:- There should be a proper recovery team in
organisation who is well known about all recovery plan processes. There are many
responsibilities that team plays like ensuring that workers know how they have to
perform their tasks, proper training is been given to them.
 Critical business functions:- These type of functions are the most important function for
an organisation because without performing these functions no organisation can work
effectively. To recover in an organisation it is necessary that certain strategies are made
by team but before making such strategies it is necessary that all functions are
determined. (Anderson, 2020)
 Strategies, process and procedures:- To have a proper business function it is important
that all recovery actions are taken, proper analysis is done on the resources which are
required.

 Communication plan:- In an organisation effective communication is very much
important so that even if organisation is in a problem, in front of employees it is shown
that situation is under control and it will be solved. (Marsh, 2018)
 Testing, reviewing and improving:- When a company invests their time in making a
recovery plan then it should be properly tested and reviewed that whether it will be
suitable for organisation or if any improvement is necessary then it should be properly
updated.
CONCLUSION
According to above analysis it is concluded that, daat security is the most important thing
for any organisation. There are many risks that affects organisation and due to which personal
details and all sensitive information regarding organisation is hacked by third parties. The
different security risks that affects the organisation are phishing, computer viruses, zero day
attack and so on. Every organisation ensures that their data is secured by following certain
procedures. So, it is necessary that all hazards which may affect organisation should be
identified.

REFERENCES
Books and Journals
Anderson, R., 2020. Security engineering: a guide to building dependable distributed systems.
John Wiley & Sons.
Bramas, Q., 2018. The Stability and the Security of the Tangle.
De Goede, M., 2018. The chain of security. Review of International Studies, 44(1), pp.24-42.\
Dycus, S., and et.al, 2020. National security law. Aspen Publishers.
Easttom, C., 2019. Computer security fundamentals. Pearson IT Certification.
Goold, B.J. and Lazarus, L. eds., 2019. Security and human rights. Bloomsbury Publishing.
Hassija, V., and et.al, 2019. A survey on IoT security: application areas, security threats, and
solution architectures. IEEE Access, 7, pp.82721-82743.
Kirchner, E. and Sperling, J., 2018. EU security governance. Manchester University Press.
Li, X.,and et.al, 2020. A survey on the security of blockchain systems. Future Generation
Computer Systems, 107, pp.841-853.
Marsh, L., 2018. Report on Social Security for Canada: New Edition (Vol. 244). McGill-Queen's
Press-MQUP.
Peoples, C. and Vaughan-Williams, N., 2020. Critical security studies: An introduction.
Routledge.
Prosekov, A.Y. and Ivanova, S.A., 2018. Food security: The challenge of the present. Geoforum,
91, pp.73-77.
Safran, N., 2018. Saudi Arabia: the ceaseless quest for security. Cornell University Press.
Salman, T., and et.al, 2018. Security services using blockchains: A state of the art survey. IEEE
Communications Surveys & Tutorials, 21(1), pp.858-880.
Sennewald, C.A. and Baillie, C., 2020. Effective security management. Butterworth-Heinemann.
Sun, C.C., Hahn, A. and Liu, C.C., 2018. Cyber security of a power grid: State-of-the-art.
International Journal of Electrical Power & Energy Systems, 99, pp.45-56.