Information Security Threats and Risk Assessment

Verified

Added on 2020/02/24

AI Summary

This assignment delves into the realm of information security, examining prevalent threats like denial-of-service attacks, hacking, phishing, and ransomware. It emphasizes the distinction between active and passive attacks, highlighting the severity of data breaches caused by active threats. The core focus is on risk assessment – a structured process for identifying, analyzing, and prioritizing potential risks associated with information systems. This process involves evaluating the likelihood and impact of various threats to guide organizations in implementing effective security measures and mitigating vulnerabilities.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
IT RISK MANAGEMENT
Table of Contents
Topic 1- IT Security and Technology Landscape................................................................2
Topic 2- IT Security Models and access controls................................................................3
Topic 3- IT security Threat and Risk Assessment...............................................................4
References............................................................................................................................6

2
IT RISK MANAGEMENT
Topic 1- IT Security and Technology Landscape
IT security or data security is a major concern in every industry and organization. The
data associated with the organization is needed to be protected in order to prevent the origin of
information security threat associated with a system. Information technology security or IT
security is a process of implementing different measures to protect and safeguard the information
associated with the system. Information security management is a procedure of managing an
organization’s confidential data. IT security management is necessary to manage the risks
systematically (Von Solms & Van Niekerk, 2013).
Information Technology enables a set of strategies used for managing the tools and
procedures necessary to detect and prevent the threats associated with the system. In order to
manage and protect the business processes and confidentiality of the data, proper information
security is necessary. Confidential information associated with a system can be vulnerable to a
number of attacks. These attacks include virus and malware attacks apart from hacking, spoofing
phishing and so on. In an organization, information technology devices includes, computer and
associated devices, servers, routers and switches that manages all the data and information
associated with an organization. Information technology security deals with managing and
controlling these sensitive data to prevent illegitimate or unauthorized uses. There are a number
of ways of maintaining the data security in an organization (Peltier, 2013). Certain organization
uses protected network or intranet to share their resources among all the employees of the
organization in a secure manner. This ensures that the data is not hacked or misused while
transfer and also prevent the unauthorized access. Information Technology security is a complex
task, as there is no place for mistake. This is particularly because it is not always possible for the
organization or its employees to circulate data only in the organization premises. Features such

3
IT RISK MANAGEMENT
as data access from remote location, which is a necessity in today’s business in prone to attacks
as well. Hence, data or information security needs to be properly maintained in an organization.
Technology landscape refers to the different things associated with different business. It
provides a one to one solution related to any IP goal and is a category of assessments that results
in different outcomes depending on the strategy and context the business organization is
following. Technological landscape associated with a business is an intellectual property of
business intelligence that might be sometimes difficult to understand (CeArley & Claunch,
2012).
Topic 2- IT Security Models and access controls
Security policies associated with an organization deals with the process by which the data
of a particular organization is accessed and the level of security required to protect a particular
data associated with a system. The security models associated with an organization outlines the
process by which the security measures are to be implemented. It also explains the process by
which the data can be accessed the actions to be taken to maintain the confidentiality of the data.
Security models support the security policies implemented in an organization (Zissis & Lekkas,
2012). If the policy requires all the employees to register before providing access to certain
system, security models ensures the process by which this authentication can be achieved.
Security mainly deals with the availability, integrity and confidentiality of the data. Security
models thus play an important role in managing the security essentials associated with an
organization. Proper security models are essential to ensure that the confidentially, availability
and the integrity of the data is properly maintained in an organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
IT RISK MANAGEMENT
Access control in the information security system can be defined as the selective
restriction of unauthorized user from accessing the system and resources. Access control limits
the availability of information only to the specified person and prevents access for the
unauthorized users. Access control is enforced in order to protect the confidential data of a
system from illegal use. This adds to an additional layer of protection to the data associated with
an organization. Moreover, it limits the access to the physical and virtual resources of an
organization thus protecting it from theft and misuse (Lin et al., 2012). Access control is
generally ensured by protecting a system or resource of virtual information with the help of user
id and password. Only the authorized user has knowledge about these two credentials and thus
can be accessed only by them. Access control systems forces the users to provide required
credentials before the grant of access. The type of credential might be different for accessing the
physical resources. Access control of physical resources may include CCTV surveillance,
restricted areas and data entry before the access, finger print protection, use of card or key and so
on. Access control can be classified into two major types, physical and logical. Physical access
control protects the physical resources of an organization such as IT assets, components and so
on. Logical physical control deals with protection of certain resources of an organization, which
includes, the network connections, data resources, systems files and data (Almutairi et al., 2012).
Topic 3- IT security Threat and Risk Assessment
Information Security threat can be defined as a possible danger associated with the
vulnerability and the data security breach that is capable of causing certain harm to the system.
The common information security threats include Denial of service attack, hacking, phishing,
ransom ware attack, Spam, Pharming, spoofing and so on. These threats are capable of causing
serious harms to the computer system. Threats are an outcome of the different types of attack a

5
IT RISK MANAGEMENT
computer or Information security system might face or is exposed to. The attack in and
information security system can be broadly classifies into active attack and passive attack. An
active attack is more dangerous than passive attack as it mainly deals with the data breach and
serious loss of information. Passive attack is however, less severe which involves no direct
attack but the attacker keeps a track of the system to collect necessary information required to
plan and execute an active attack. In passive attack, the system is monitored and thoroughly
scanned in order to identify the vulnerabilities of a system. The purpose of passive attack is to
gain information of a targeted attack (Crossler et al., 2013).
Information Technology risk assessment is a process of identifying and analyzing the risk
associated with a system. It is a structured document that reviews the threat associated with a
system and differentiate it according to their likelihood of occurrence and then multiplied with
their affect on the operation or impact. There are a number of processes associated with the risk
management, which includes, identifying the hazards and evaluating the risks associated with the
system and records the result in a proper document (Alhawari et al., 2012). This document is
updated with the addition or deletion of the associated risks in an organization. This is an
effective method of preventing the security problems. Risk assessment according to their priority
of occurrence is an integral part of the risk management process. The information security risks
deals with the data protection against all the vulnerabilities a system is exposed to. Risk
assessment document is maintained in order to track, monitor and control the overall risks
associated with the information system of the organization.

6
IT RISK MANAGEMENT
References
Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk
management framework for information technology project. International Journal of
Information Management, 32(1), 50-65.
Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., & Ghafoor, A. (2012). A distributed access
control architecture for cloud computing. IEEE software, 29(2), 36-44.
CeArley, D., & Claunch, C. (2012). The top 10 strategic technology trends for 2013. The Top,
10.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013).
Future directions for behavioral information security research. computers & security, 32,
90-101.
Lin, G. Y., He, S., Huang, H., Wu, J. Y., & Chen, W. (2012). Access control security model
based on behavior in cloud computing environment. Journal of China Institute of
Communications, 33(3), 59-66.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security.
computers & security, 38, 97-102.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation
computer systems, 28(3), 583-592.

1 out of 7

+13062052269

info@desklib.com

Information Security Threats and Risk Assessment

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

IT Security: Models, Threats, and Landscape

One-Time Password Security in Mobile Applications

Cyber Security in Corporate Governance: Ways to Improve Cyber Resilience and Integration with Cyber Security

Fundamental Concepts of Digital Security and Security Mechanisms in a Digitally Networked Environment

iT Security

IT Security Management and Models