Security policy development and risk management Report 2022
Added on 2022-09-21
13 Pages2914 Words21 Views
4/14/2020
Running Head: CYBERSECURITY 0
Student name
Cybersecurity
Report
Running Head: CYBERSECURITY 0
Student name
Cybersecurity
Report
CYBERSECURITY 1
Table of Contents
Introduction................................................................................................................................1
Security policy development and risk management...................................................................1
Access control policy:............................................................................................................1
Data access:........................................................................................................................2
Software access control:.....................................................................................................2
Hardware access control:...................................................................................................2
Cost benefit analysis:.........................................................................................................2
Six phases of developing an incident response plan..........................................................4
Five examples of natural or human-made disasters...........................................................4
Risk assessment..........................................................................................................................4
Risk analysis:.........................................................................................................................6
Conclusion:................................................................................................................................8
References..................................................................................................................................8
Table of Contents
Introduction................................................................................................................................1
Security policy development and risk management...................................................................1
Access control policy:............................................................................................................1
Data access:........................................................................................................................2
Software access control:.....................................................................................................2
Hardware access control:...................................................................................................2
Cost benefit analysis:.........................................................................................................2
Six phases of developing an incident response plan..........................................................4
Five examples of natural or human-made disasters...........................................................4
Risk assessment..........................................................................................................................4
Risk analysis:.........................................................................................................................6
Conclusion:................................................................................................................................8
References..................................................................................................................................8
CYBERSECURITY 2
Introduction
Cybersecurity is necessary for managing the risks and threats of a firm. Most of the
companies have used Information System (IS) and Information Technology (IT). It is an
important part of a system to secure the data and information from different types of threats.
It can be used for managing all the services in a better way. Most of the systems have used an
advanced level of security to improve the basic processes. In Advanced Medicos Limited
(AML), the company sells healthcare products. The company has used IT-assets for
managing its business function. The company has faced emerging and contemporary risk
from cyber threats. Moreover, security controls are necessary to improve the privacy and
security of IT assets. It is a basic need for a system to make secure its components from the
outside world. In the case of the security system, most of the companies have developed their
security system based on the international security standards, such as ISO 27001, ISO 27005,
ISO 31000, and many more (Andrijcic & Horowitz, 2016). Risk management is necessary for
a system in a company. most of the countries have provided a fixed format for risk mitigation
strategies. This report will provide suggestions to the CIO of the company based on the risk
assessment. It will design an access control policy for AML as well.
Security policy development and risk management
Risk assessment can be used for identifying vulnerabilities and threats of the company. it
helps secure a firm from financial loss and bad incidents. It can be better for small, medium,
large scale firms as well (Purdy, 2010). A company should think about the basic processes of
security to avoid cybercrimes and cyber-attacks on its IT infrastructure. The most important
part is that computer systems should updated from antivirus and latest approaches (Arlitsch &
Edelman, 2014).
Access control policy:
In a company, computer systems have used for managing various types of services, as the
AML has provided a platform to sell products online by the customers as well. Thus, it is
necessary to provide web services to manage an online business as well. Access control
policy has used for providing proper access control to the different IT assets and business
processes. AML has stored data of their customers including personal details and credit card
details as well. Thus, it is mandatory to secure that information from other users as well as
Introduction
Cybersecurity is necessary for managing the risks and threats of a firm. Most of the
companies have used Information System (IS) and Information Technology (IT). It is an
important part of a system to secure the data and information from different types of threats.
It can be used for managing all the services in a better way. Most of the systems have used an
advanced level of security to improve the basic processes. In Advanced Medicos Limited
(AML), the company sells healthcare products. The company has used IT-assets for
managing its business function. The company has faced emerging and contemporary risk
from cyber threats. Moreover, security controls are necessary to improve the privacy and
security of IT assets. It is a basic need for a system to make secure its components from the
outside world. In the case of the security system, most of the companies have developed their
security system based on the international security standards, such as ISO 27001, ISO 27005,
ISO 31000, and many more (Andrijcic & Horowitz, 2016). Risk management is necessary for
a system in a company. most of the countries have provided a fixed format for risk mitigation
strategies. This report will provide suggestions to the CIO of the company based on the risk
assessment. It will design an access control policy for AML as well.
Security policy development and risk management
Risk assessment can be used for identifying vulnerabilities and threats of the company. it
helps secure a firm from financial loss and bad incidents. It can be better for small, medium,
large scale firms as well (Purdy, 2010). A company should think about the basic processes of
security to avoid cybercrimes and cyber-attacks on its IT infrastructure. The most important
part is that computer systems should updated from antivirus and latest approaches (Arlitsch &
Edelman, 2014).
Access control policy:
In a company, computer systems have used for managing various types of services, as the
AML has provided a platform to sell products online by the customers as well. Thus, it is
necessary to provide web services to manage an online business as well. Access control
policy has used for providing proper access control to the different IT assets and business
processes. AML has stored data of their customers including personal details and credit card
details as well. Thus, it is mandatory to secure that information from other users as well as
CYBERSECURITY 3
attackers. Therefore, access to data should be in limit according to their level as well
(Bendovschi, 2015).
Besides, the company has used a physical database server that is used for storing customer’s
information. Thus, it is necessary to make secure access to centralized data of all the
customers of the company. in addition, office 365 email hosting is used for effective
communication with customers. Therefore, it is mandatory to secure emails using encryption
techniques as well (Bhagat, 2012).
Access control policy can be applied to all the employees and other staff members. They
should know about their limits and security system will stop the unauthorized access of
various people (Caruana, 2016).
There is the main three access control required in AML, which areas:
Data access:
Data must secure from various types of users, as customers can only access their accounts
and general information about the company. Admin can access the server and database server
as well. Moreover, employees can access a limited data and information from servers and
database. It should be restricted as well from outsiders. In addition, there are many benefits
to information access.
Software access control:
Online software should be restricted to other users. It can only access by authorized persons.
Software code should be secure from employees and operators, as anyone can change codes
of the financial data as well. Thus, the software can be access by the admin as well.
Hardware access control:
Server and other networking devices should be in surveillance. It must secure from physical
and technical security. All the servers must be in locked room and only admin can access that
premises. It will provide better security to the system as well.
Cost benefit analysis:
It is a necessary process to know about the benefits of various resources. In addition, there is
a huge impact of the cost benefits analysis in the systems as well.
attackers. Therefore, access to data should be in limit according to their level as well
(Bendovschi, 2015).
Besides, the company has used a physical database server that is used for storing customer’s
information. Thus, it is necessary to make secure access to centralized data of all the
customers of the company. in addition, office 365 email hosting is used for effective
communication with customers. Therefore, it is mandatory to secure emails using encryption
techniques as well (Bhagat, 2012).
Access control policy can be applied to all the employees and other staff members. They
should know about their limits and security system will stop the unauthorized access of
various people (Caruana, 2016).
There is the main three access control required in AML, which areas:
Data access:
Data must secure from various types of users, as customers can only access their accounts
and general information about the company. Admin can access the server and database server
as well. Moreover, employees can access a limited data and information from servers and
database. It should be restricted as well from outsiders. In addition, there are many benefits
to information access.
Software access control:
Online software should be restricted to other users. It can only access by authorized persons.
Software code should be secure from employees and operators, as anyone can change codes
of the financial data as well. Thus, the software can be access by the admin as well.
Hardware access control:
Server and other networking devices should be in surveillance. It must secure from physical
and technical security. All the servers must be in locked room and only admin can access that
premises. It will provide better security to the system as well.
Cost benefit analysis:
It is a necessary process to know about the benefits of various resources. In addition, there is
a huge impact of the cost benefits analysis in the systems as well.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Computer viruses Report 2022lg...
|10
|2865
|14
Cybersecurity Traininglg...
|4
|790
|406
IS Security and Risk Managementlg...
|12
|3177
|391
Cybersecurity Assignment 2022lg...
|12
|3058
|22
Cyber Security in Corporate Governance: Ways to Improve Cyber Resilience and Integration with Cyber Securitylg...
|12
|3215
|375
Security Plan and Training Programlg...
|13
|3113
|315