Security
VerifiedAdded on 2022/12/29
|14
|4078
|1
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
INTRODUCTION...........................................................................................................................1
MAIN BODY...................................................................................................................................1
Task 1.....................................................................................................................................1
Types of security risks to organization.........................................................................1
Organizational security procedures...............................................................................2
Task 2.....................................................................................................................................3
Impact to IT security of incorrect configuration...........................................................3
Benefits to implement network-monitoring systems....................................................4
Task 3.....................................................................................................................................5
Risk assessment procedures..........................................................................................5
ISO 31000 risk management methodology...................................................................6
Data protection processes and regulations....................................................................7
Impacts to organisational security.................................................................................8
Task 4.....................................................................................................................................9
Designing and implementing security policy for an organisation................................9
Components of an organisational disaster recovery plan............................................10
CONCLUSION..............................................................................................................................10
References:.....................................................................................................................................12
INTRODUCTION...........................................................................................................................1
MAIN BODY...................................................................................................................................1
Task 1.....................................................................................................................................1
Types of security risks to organization.........................................................................1
Organizational security procedures...............................................................................2
Task 2.....................................................................................................................................3
Impact to IT security of incorrect configuration...........................................................3
Benefits to implement network-monitoring systems....................................................4
Task 3.....................................................................................................................................5
Risk assessment procedures..........................................................................................5
ISO 31000 risk management methodology...................................................................6
Data protection processes and regulations....................................................................7
Impacts to organisational security.................................................................................8
Task 4.....................................................................................................................................9
Designing and implementing security policy for an organisation................................9
Components of an organisational disaster recovery plan............................................10
CONCLUSION..............................................................................................................................10
References:.....................................................................................................................................12
INTRODUCTION
Information technology is defined as the framework which consist technical equipments
and services to the world. Equipments includes all the hardware devices and services which
generally involves software which provides convenience and easiness to the human activity.
Security is a major concept of the information technology because machines and systems often
requires security to work properly without any business or personal losses like leaking of
information, damage to the hardware and software devices and many more. Therefore, studying
about security in information technology is necessary for better operations in an organization
(Aldawood and Skinner, 2019). Hence, the following discussions are made on various types of
security risks associated with an organization, organizational security procedures, impact of
incorrect configuration, benefits to implement network monitoring systems, various risk
assessment procedures, data protection, impacts to organizational security, designing and
implementing security policy for an organization and components of organizational disaster
recovery plan with proper findings and conclusion.
MAIN BODY
Task 1
Types of security risks to organization
Spam
There are business mails which are most of spam which means that they are not of use or can
harm the system if they are opened by anyone. It consists various frauds and misconducts
which can easily destroy the system and it's data which can be important or confidential.
Therefore, it is one of the type of security risk.
Viruses
There are various viruses which affects the system's data and even can destroy the normal
working of the systems by corrupting it's operating systems and other major losses. There
are various types of viruses which attacks different fields of systems and different manner.
Therefore, it is an another type of security risk associated with IT.
Malware
1
Information technology is defined as the framework which consist technical equipments
and services to the world. Equipments includes all the hardware devices and services which
generally involves software which provides convenience and easiness to the human activity.
Security is a major concept of the information technology because machines and systems often
requires security to work properly without any business or personal losses like leaking of
information, damage to the hardware and software devices and many more. Therefore, studying
about security in information technology is necessary for better operations in an organization
(Aldawood and Skinner, 2019). Hence, the following discussions are made on various types of
security risks associated with an organization, organizational security procedures, impact of
incorrect configuration, benefits to implement network monitoring systems, various risk
assessment procedures, data protection, impacts to organizational security, designing and
implementing security policy for an organization and components of organizational disaster
recovery plan with proper findings and conclusion.
MAIN BODY
Task 1
Types of security risks to organization
Spam
There are business mails which are most of spam which means that they are not of use or can
harm the system if they are opened by anyone. It consists various frauds and misconducts
which can easily destroy the system and it's data which can be important or confidential.
Therefore, it is one of the type of security risk.
Viruses
There are various viruses which affects the system's data and even can destroy the normal
working of the systems by corrupting it's operating systems and other major losses. There
are various types of viruses which attacks different fields of systems and different manner.
Therefore, it is an another type of security risk associated with IT.
Malware
1
It is a type of software which is especially designed and developed to destroy or damage the
computer systems to it's extent. It consist trojan, worms, spyware and many more. These are
attacked through internet sources by visiting unknown or unauthorised sites. Therefore, it is
considered as the type of security risk to IT (Alshare, Lane and Lane, 2018).
Network monitoring
It consists servers which are connected to the systems and which are responsible to manage all its
client’s activities. It mainly monitors network throughout various other systems which are
connected to it. This can be insecure because data travels around the network which
sometimes can be private otherwise public and anyone can use or misuse such data. This has
proven a major loss to the business and can affect the business negatively. Therefore, it can
create the risk to the IT security.
Other risks
Unauthorized use of a system without damage to data, Unauthorized removal or copying of data
or code from a system, Damage to or destruction of physical system assets and environment,
Damage to or destruction of data or code inside or outside the system and naturally
occurring risks.
Organizational security procedures
Administrative procedures
This procedure includes various other forms like acceptable use procedures, general use and
ownership, security and proprietary information and unacceptable use. These are the forms
in which company works and implement accordingly as per their needs and requirements.
Therefore, such procedures are managed by the top level management of an organization.
Technical procedures
This procedure includes various other forms like information sensitivity, public information,
sensitive information, transmission encryption methodology, website access to high risk
information, remote access, database storage sensitive information, password procedures
and many more. These are the forms in which company works and implement accordingly
as per their needs and requirements. Therefore, such procedures are managed by the IT
employees of an organization.
2
computer systems to it's extent. It consist trojan, worms, spyware and many more. These are
attacked through internet sources by visiting unknown or unauthorised sites. Therefore, it is
considered as the type of security risk to IT (Alshare, Lane and Lane, 2018).
Network monitoring
It consists servers which are connected to the systems and which are responsible to manage all its
client’s activities. It mainly monitors network throughout various other systems which are
connected to it. This can be insecure because data travels around the network which
sometimes can be private otherwise public and anyone can use or misuse such data. This has
proven a major loss to the business and can affect the business negatively. Therefore, it can
create the risk to the IT security.
Other risks
Unauthorized use of a system without damage to data, Unauthorized removal or copying of data
or code from a system, Damage to or destruction of physical system assets and environment,
Damage to or destruction of data or code inside or outside the system and naturally
occurring risks.
Organizational security procedures
Administrative procedures
This procedure includes various other forms like acceptable use procedures, general use and
ownership, security and proprietary information and unacceptable use. These are the forms
in which company works and implement accordingly as per their needs and requirements.
Therefore, such procedures are managed by the top level management of an organization.
Technical procedures
This procedure includes various other forms like information sensitivity, public information,
sensitive information, transmission encryption methodology, website access to high risk
information, remote access, database storage sensitive information, password procedures
and many more. These are the forms in which company works and implement accordingly
as per their needs and requirements. Therefore, such procedures are managed by the IT
employees of an organization.
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Anti-virus procedures
This procedure assist the company in maintaining the system secure by downloading or
installing the anti virus software in the systems which are responsible to fight with viruses
that can damage the systems drastically.
Server procedures
This procedure includes various other forms like ownership and responsibilities, general
configuration guidelines and monitoring. These are the forms in which company works and
implement accordingly as per their needs and requirements. Therefore, such procedures are
managed by the central department of an organization (Easttom, 2019)(Haqaf and Koyuncu,
2018).
Router procedures
This procedure includes various other forms like wireless communication procedures and
encryption and authentication. These are the forms in which company works and implement
accordingly as per their needs and requirements. Therefore, such procedures are managed by
the networking department of an organization.
Physical procedures
This procedure includes various other forms like storage and compliance information. Therefore,
such procedures are managed by the database handling department of an organization.
Others procedures
Initiate, plan, execute, monitor and control information security activities across the
organization, in an effort to successfully achieve organizational security objectives, roles
and responsibilities for information security and need to consider: data, network, systems,
operational impact of security breaches, web systems and wireless systems.
Task 2
Impact to IT security of incorrect configuration
Firewall policies
Compliance violations
While configuring the firewall policies, it is important to ensure that the proper rules and
regulations are followed as per the laws and ethics. And if they are not followed then it can
3
This procedure assist the company in maintaining the system secure by downloading or
installing the anti virus software in the systems which are responsible to fight with viruses
that can damage the systems drastically.
Server procedures
This procedure includes various other forms like ownership and responsibilities, general
configuration guidelines and monitoring. These are the forms in which company works and
implement accordingly as per their needs and requirements. Therefore, such procedures are
managed by the central department of an organization (Easttom, 2019)(Haqaf and Koyuncu,
2018).
Router procedures
This procedure includes various other forms like wireless communication procedures and
encryption and authentication. These are the forms in which company works and implement
accordingly as per their needs and requirements. Therefore, such procedures are managed by
the networking department of an organization.
Physical procedures
This procedure includes various other forms like storage and compliance information. Therefore,
such procedures are managed by the database handling department of an organization.
Others procedures
Initiate, plan, execute, monitor and control information security activities across the
organization, in an effort to successfully achieve organizational security objectives, roles
and responsibilities for information security and need to consider: data, network, systems,
operational impact of security breaches, web systems and wireless systems.
Task 2
Impact to IT security of incorrect configuration
Firewall policies
Compliance violations
While configuring the firewall policies, it is important to ensure that the proper rules and
regulations are followed as per the laws and ethics. And if they are not followed then it can
3
result in misconduct and can leads to the compliance violations. Which means not following
the appropriate methods to configure that contradicts the ethics of firewall policies (Limba,
Plėta, Agafonov and Damkus, 2019).
Unplanned outages
It means that if firewall is not connected or configured properly throughout the network then an
organization will face huge difficulty in connecting with it's customers and if they aren't able
to communicate with the customers then it will be impossible for the business to maintain
it's stability in the market, which can cause a great loss to the company.
Third-party VPNs
Data breach
If third party VPNs are not configured properly then it can lead to the breaches especially data
which is the most important part for every every business. This cannot be taken as lightly as
it seems to be. Because data breach is very serious problem through which business can
result in shutting down due to the huge losses borne by the company.
Connection inaccuracy
Third party VPNs, if not configured correctly then it can create a connection problem to the
internet which is the most important resource for any business. If internet or network
connection is not proper in an organization then it can be the most difficult for the firm to
manage it's operations successfully. Therefore, it is required to configure all the networks
very carefully (Loukaka and Rahman, 2017).
Benefits to implement network-monitoring systems
DMZ
Enabling access control
DMZ helps the business in providing access to the users to their services through it's networking
modes installed and developed in their systems. It provides more easiness and convenient to
access and control such systems to the users to enable them to access the services they are
providing.
Preventing network reconnaissance
DMZ benefits the business by preventing them from useless buffering between the internet and
private network because this creates the sense of huge complications between personal and
4
the appropriate methods to configure that contradicts the ethics of firewall policies (Limba,
Plėta, Agafonov and Damkus, 2019).
Unplanned outages
It means that if firewall is not connected or configured properly throughout the network then an
organization will face huge difficulty in connecting with it's customers and if they aren't able
to communicate with the customers then it will be impossible for the business to maintain
it's stability in the market, which can cause a great loss to the company.
Third-party VPNs
Data breach
If third party VPNs are not configured properly then it can lead to the breaches especially data
which is the most important part for every every business. This cannot be taken as lightly as
it seems to be. Because data breach is very serious problem through which business can
result in shutting down due to the huge losses borne by the company.
Connection inaccuracy
Third party VPNs, if not configured correctly then it can create a connection problem to the
internet which is the most important resource for any business. If internet or network
connection is not proper in an organization then it can be the most difficult for the firm to
manage it's operations successfully. Therefore, it is required to configure all the networks
very carefully (Loukaka and Rahman, 2017).
Benefits to implement network-monitoring systems
DMZ
Enabling access control
DMZ helps the business in providing access to the users to their services through it's networking
modes installed and developed in their systems. It provides more easiness and convenient to
access and control such systems to the users to enable them to access the services they are
providing.
Preventing network reconnaissance
DMZ benefits the business by preventing them from useless buffering between the internet and
private network because this creates the sense of huge complications between personal and
4
private network so therefore preventing network reconnaissance function is performed by
the DMZ (Nasir, Arshah and Ab Hamid, 2017).
Static IP
Stability
Static IP helps the firm in maintaining the stability in consistency in it's IP addresses of their
systems and network without any complications and easy to use methodology. This supports
the company in it's smooth operations and handling the management in an organization.
Fast speed of downloads and uploads
Static IP has a good speed and provide better network in accessing the internet by an
organization. This assist the firm in maintaining the speedily access to the network so that
they can communicate to their customers in a n instant manner without any hindrances.
NAT
Conserving IP address space
There are various servers and different clients connected to them. This means they can obviously
takes space in connecting large number of clients to it's servers. NAT helps the firm to
conserve IP address space in their systems therefore maintaining the sustainability in IT.
Privacy
NAT helps the firm in maintaining the privacy in it's IP address and do not share internal and
external IP address with each other until and unless permission is not being received by the
authorised people (Nieles, Dempsey and Pillitteri, 2017).
Task 3
Risk assessment procedures
Identification of assets
It is important to identify the IT assets such as Software, Hardware, Data, Interfaces,
Users, Support personnel, Mission or purpose, Criticality, Functional requirements, IT security,
policies, IT security architecture, Network topology, Information storage protection, Information,
flow, Technical security controls, Physical security environment and Environmental security.
Identification of threats
5
the DMZ (Nasir, Arshah and Ab Hamid, 2017).
Static IP
Stability
Static IP helps the firm in maintaining the stability in consistency in it's IP addresses of their
systems and network without any complications and easy to use methodology. This supports
the company in it's smooth operations and handling the management in an organization.
Fast speed of downloads and uploads
Static IP has a good speed and provide better network in accessing the internet by an
organization. This assist the firm in maintaining the speedily access to the network so that
they can communicate to their customers in a n instant manner without any hindrances.
NAT
Conserving IP address space
There are various servers and different clients connected to them. This means they can obviously
takes space in connecting large number of clients to it's servers. NAT helps the firm to
conserve IP address space in their systems therefore maintaining the sustainability in IT.
Privacy
NAT helps the firm in maintaining the privacy in it's IP address and do not share internal and
external IP address with each other until and unless permission is not being received by the
authorised people (Nieles, Dempsey and Pillitteri, 2017).
Task 3
Risk assessment procedures
Identification of assets
It is important to identify the IT assets such as Software, Hardware, Data, Interfaces,
Users, Support personnel, Mission or purpose, Criticality, Functional requirements, IT security,
policies, IT security architecture, Network topology, Information storage protection, Information,
flow, Technical security controls, Physical security environment and Environmental security.
Identification of threats
5
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
It is important to identify the threats related such as natural disasters, hardware failure,
malicious behaviour, interference, interception and impersonation so that backup plan could b
created accordingly.
Identification of vulnerabilities
It is important to identify vulnerabilities such as analysis, audit reports, the NIST
vulnerability database, vendor data, information security test and evaluation procedures,
penetration testing, and automated vulnerability scanning tools (Paté‐Cornell, Kuypers, Smith
and Keller, 2018).
Analysing controls
It is important to analyse and determine the controls of systems in IT department in an
organization so that company can be able to examine that where they need to dominate and
where they can feel free regarding such assessments of risk.
Determining an incident
It is important to determine an incident in an organization so that company can prepare
itself from future consequences which can affect the firm negatively, it can also be considered as
estimation of risky incident in a company.
Assessing the impacts
After analysing all estimations and consequences, it is important to observe the impacts
that can greatly affect the company so that firm could deal with that in future.
Prioritizing the IT security risks
This stage helps the firm in giving the priority to the IT security risks so that
recommending controls can be more easier to implement in an organization.(Saifuzzaman, Khan,
Moon and Nur, 2017).
Documenting results
This is a final stage of risk assessment which states that it is important to document all
the outcomes or results which were analysed in the previous stages for proper identification of
risks associated with the security of a company.
ISO 31000 risk management methodology
Concept
6
malicious behaviour, interference, interception and impersonation so that backup plan could b
created accordingly.
Identification of vulnerabilities
It is important to identify vulnerabilities such as analysis, audit reports, the NIST
vulnerability database, vendor data, information security test and evaluation procedures,
penetration testing, and automated vulnerability scanning tools (Paté‐Cornell, Kuypers, Smith
and Keller, 2018).
Analysing controls
It is important to analyse and determine the controls of systems in IT department in an
organization so that company can be able to examine that where they need to dominate and
where they can feel free regarding such assessments of risk.
Determining an incident
It is important to determine an incident in an organization so that company can prepare
itself from future consequences which can affect the firm negatively, it can also be considered as
estimation of risky incident in a company.
Assessing the impacts
After analysing all estimations and consequences, it is important to observe the impacts
that can greatly affect the company so that firm could deal with that in future.
Prioritizing the IT security risks
This stage helps the firm in giving the priority to the IT security risks so that
recommending controls can be more easier to implement in an organization.(Saifuzzaman, Khan,
Moon and Nur, 2017).
Documenting results
This is a final stage of risk assessment which states that it is important to document all
the outcomes or results which were analysed in the previous stages for proper identification of
risks associated with the security of a company.
ISO 31000 risk management methodology
Concept
6
ISO 31000 risk management methodology consist various activities that must be
performed such as risk identification, risk analysis, risk evaluation, risk treatment, establishing
the context, monitoring and review, communication and consultation. These actions are essential
to carry out by an organization for better risk assessment and to follow the guidelines which are
related with this methodology.
Application
Identification of threats and opportunities
This methodology helps the an organization to identify various threats and opportunities
related to the risk associated with the IT security in a firm. This is the major application of ISO
31000 risk management methodology which assist the business examining different menace and
possibilities to deal with such a risk in an organization (Shadrin and Leonov, 2018).
Minimise losses
This methodology is efficient to adopt in an organization because it's effectiveness in it's
theory helps the firms to minimise the risks and losses in the company. This supports the firm in
gaining potential people handling such issues so that risk assessment can be managed properly in
an appropriate manner.
Enhances operational efficiency
If risk assessment is performed properly by an expertise in an organization then it can
prove that the operations in the company can be now more effective and efficiently working
mode by especially the IT people because they are responsible in managing such risk
assessments.
Data protection processes and regulations
Lawful
Data protection processes and regulations must be lawful because there are various
regulations which are associated with the data protection processes and that must be followed
strictly because it benefits the firm in various aspects to deal with the risks and security in an
organization.
Specified
Data protection processes and regulations are specific which needs to be studied and
analysed by the company so that they can formulate those policies and regulation in the same
7
performed such as risk identification, risk analysis, risk evaluation, risk treatment, establishing
the context, monitoring and review, communication and consultation. These actions are essential
to carry out by an organization for better risk assessment and to follow the guidelines which are
related with this methodology.
Application
Identification of threats and opportunities
This methodology helps the an organization to identify various threats and opportunities
related to the risk associated with the IT security in a firm. This is the major application of ISO
31000 risk management methodology which assist the business examining different menace and
possibilities to deal with such a risk in an organization (Shadrin and Leonov, 2018).
Minimise losses
This methodology is efficient to adopt in an organization because it's effectiveness in it's
theory helps the firms to minimise the risks and losses in the company. This supports the firm in
gaining potential people handling such issues so that risk assessment can be managed properly in
an appropriate manner.
Enhances operational efficiency
If risk assessment is performed properly by an expertise in an organization then it can
prove that the operations in the company can be now more effective and efficiently working
mode by especially the IT people because they are responsible in managing such risk
assessments.
Data protection processes and regulations
Lawful
Data protection processes and regulations must be lawful because there are various
regulations which are associated with the data protection processes and that must be followed
strictly because it benefits the firm in various aspects to deal with the risks and security in an
organization.
Specified
Data protection processes and regulations are specific which needs to be studied and
analysed by the company so that they can formulate those policies and regulation in the same
7
way by following such specifications of the data protection processes and regulations, therefore
specified structure is necessary for the company.
Updated information
Data protection processes and regulations also states that any information either private
or public, important or not must be updated time to time for accuracy and to manage the database
efficiently so that company could not lack in data management and not suffer any loss due to
data breach or loss (Toapanta, Mero, Huilcapi and Mafla, 2018).
Data subject rights
There are various which are associated with the data management in an organization and
these are important to follow so that any employee who deserves accessing the data could not
violate such rights because of the company regulations.
Safety
Data protection provides safety to the company from unethical practices by anyone
within or outside of an organization. Because it is significant to follow such guidelines and
regulations and if firm is following the same then it can be more secure than other firms who are
not following.
Impacts to organisational security
Reduction in data breaches
It is essential to secure the systems in an organization because it has a positive impact on
the company as it reduces the data breaches which means that data leakages can be minimised,
reduction in the misusing of data and reduction in the using of data by an unauthorised user
outside or inside of the company thus supporting the company in reducing the data breaching of
private or confidential information of the firm.
Prevents losses
Information security in an organization leads to the prevention of losses in the company
because if security is not available in the firm then how the company can secure their systems
and data through which their basic and important functions are going on. That is why security
helps the company in minimising the losses which they can bear without having any security of
information technology in the company.
Protects customer privacy
8
specified structure is necessary for the company.
Updated information
Data protection processes and regulations also states that any information either private
or public, important or not must be updated time to time for accuracy and to manage the database
efficiently so that company could not lack in data management and not suffer any loss due to
data breach or loss (Toapanta, Mero, Huilcapi and Mafla, 2018).
Data subject rights
There are various which are associated with the data management in an organization and
these are important to follow so that any employee who deserves accessing the data could not
violate such rights because of the company regulations.
Safety
Data protection provides safety to the company from unethical practices by anyone
within or outside of an organization. Because it is significant to follow such guidelines and
regulations and if firm is following the same then it can be more secure than other firms who are
not following.
Impacts to organisational security
Reduction in data breaches
It is essential to secure the systems in an organization because it has a positive impact on
the company as it reduces the data breaches which means that data leakages can be minimised,
reduction in the misusing of data and reduction in the using of data by an unauthorised user
outside or inside of the company thus supporting the company in reducing the data breaching of
private or confidential information of the firm.
Prevents losses
Information security in an organization leads to the prevention of losses in the company
because if security is not available in the firm then how the company can secure their systems
and data through which their basic and important functions are going on. That is why security
helps the company in minimising the losses which they can bear without having any security of
information technology in the company.
Protects customer privacy
8
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Customer satisfaction Is the biggest priority of any organization and if customer only
don't like their services then it can be impossible for the firm to grow mad develop in the market.
That is why customer information keeping private is a necessary action of an organization so that
it cannot be misused by anyone (Uktamov, 2020).
Supports code of ethics
Information technology security helps and assist the firm in maintaining it's code of
ethics which they have maintained in their organization because it has a procedure to follow
some rules and norms which directly impacts the code of ethics that supports the company in
following the same by the employees.
Task 4
Designing and implementing security policy for an organisation
Rules for developing policies
There are various rules which are important to consider before developing policies for an
organization such as it must define a purpose and goal to build up security policies, what
technical resources are needed to develop, it also defines the roles and responsibilities of security
policies, top management support is highly required to enforce such policies, it also defines the
identification, implementation, budgeting and analysis of risks and it's security and the most
essential that it must cover all the legalities associated with the security policy in an organization.
Designing
Designing is done by following various steps like preparation, constructing usage policy
statements, produce a risk analysis study, form a security team foundation, prevention, approving
security changes, monitoring the security of network, response, security violations, restoration
and reviewing (Hwang, Kim, Kim and Kim, 2017).
Implementation
Implementation of security policy can be done through communicating with the
employees by emails, notices, circulars and many other forms so that they can be convinced by
such new policies in an organization. Moreover, it is necessary to teach them that how they can
execute such policies by training and developing them in the company.
9
don't like their services then it can be impossible for the firm to grow mad develop in the market.
That is why customer information keeping private is a necessary action of an organization so that
it cannot be misused by anyone (Uktamov, 2020).
Supports code of ethics
Information technology security helps and assist the firm in maintaining it's code of
ethics which they have maintained in their organization because it has a procedure to follow
some rules and norms which directly impacts the code of ethics that supports the company in
following the same by the employees.
Task 4
Designing and implementing security policy for an organisation
Rules for developing policies
There are various rules which are important to consider before developing policies for an
organization such as it must define a purpose and goal to build up security policies, what
technical resources are needed to develop, it also defines the roles and responsibilities of security
policies, top management support is highly required to enforce such policies, it also defines the
identification, implementation, budgeting and analysis of risks and it's security and the most
essential that it must cover all the legalities associated with the security policy in an organization.
Designing
Designing is done by following various steps like preparation, constructing usage policy
statements, produce a risk analysis study, form a security team foundation, prevention, approving
security changes, monitoring the security of network, response, security violations, restoration
and reviewing (Hwang, Kim, Kim and Kim, 2017).
Implementation
Implementation of security policy can be done through communicating with the
employees by emails, notices, circulars and many other forms so that they can be convinced by
such new policies in an organization. Moreover, it is necessary to teach them that how they can
execute such policies by training and developing them in the company.
9
Components of an organisational disaster recovery plan
Developing team
It is the first and the most basic component of disaster recovery plan that is developing
the team because without formulation of a team, recovery plan cannot be executed at any cost
that is why it is considered as an important component of disaster recovery plan.
Identification of risks
It is the second most important component of disaster recovery plan because until and
unless risks are not identified, then recovery cannot be possible for the damage that has happened
due to violating the policy terms and security guidelines in an organization.
Determining various resources
It is considered as the third most component of disaster recovery plan because it is
important to find out all the technical resources which are present in an organization. It is
necessary to analyse so that recovery plan can be successful and company can maintain it's
security wisely without any hindrances or shortages in resources required for the same
(Williams, McGraw and Migues, 2018).
Backup plans
It is the fourth most important component of disaster recovery plan which states that
backup plans are mandatory to design because until and unless backup plans are not built up then
recovery can be difficult and company can suffer in loss of huge data. Backup plans can help in
recovering the lost data in a safe manner.
Testing and maintenance
It is the fift5h most important component of disaster recovery plan which states that after
developing or building up of the recovery plan, it is essential to test that plan and after succession
of that plan, it is necessary to maintain so that it cannot go outdated in terms of technology and it
is significant for any technology to be updated every time with it's new security features in an
organization.
CONCLUSION
It is concluded that learning about information technology is important but it will be more
relevant if security is analysed better along with it, because IT and security are complementary to
each other, IT cannot cannot be studied without gaining knowledge of it's security approaches
10
Developing team
It is the first and the most basic component of disaster recovery plan that is developing
the team because without formulation of a team, recovery plan cannot be executed at any cost
that is why it is considered as an important component of disaster recovery plan.
Identification of risks
It is the second most important component of disaster recovery plan because until and
unless risks are not identified, then recovery cannot be possible for the damage that has happened
due to violating the policy terms and security guidelines in an organization.
Determining various resources
It is considered as the third most component of disaster recovery plan because it is
important to find out all the technical resources which are present in an organization. It is
necessary to analyse so that recovery plan can be successful and company can maintain it's
security wisely without any hindrances or shortages in resources required for the same
(Williams, McGraw and Migues, 2018).
Backup plans
It is the fourth most important component of disaster recovery plan which states that
backup plans are mandatory to design because until and unless backup plans are not built up then
recovery can be difficult and company can suffer in loss of huge data. Backup plans can help in
recovering the lost data in a safe manner.
Testing and maintenance
It is the fift5h most important component of disaster recovery plan which states that after
developing or building up of the recovery plan, it is essential to test that plan and after succession
of that plan, it is necessary to maintain so that it cannot go outdated in terms of technology and it
is significant for any technology to be updated every time with it's new security features in an
organization.
CONCLUSION
It is concluded that learning about information technology is important but it will be more
relevant if security is analysed better along with it, because IT and security are complementary to
each other, IT cannot cannot be studied without gaining knowledge of it's security approaches
10
and vice versa. It is essential because only execution of IT is not sufficient until and unless
security is not being implemented in it, otherwise an organization can face various difficulties as
stated in the report. Therefore, it is significant to determine the types of security risks related to
an organization, analysing organizational security procedures, observing impacts of incorrect
configuration, examining the benefits of network monitoring systems, studying about the risk
assessment procedures with data protection process and impacts to organizational security,
making out the plan for designing and implementing of security policy for an organization with
components of disaster recovery plan for better understanding of the concept of IT security in an
organization for managing better operations throughout.
11
security is not being implemented in it, otherwise an organization can face various difficulties as
stated in the report. Therefore, it is significant to determine the types of security risks related to
an organization, analysing organizational security procedures, observing impacts of incorrect
configuration, examining the benefits of network monitoring systems, studying about the risk
assessment procedures with data protection process and impacts to organizational security,
making out the plan for designing and implementing of security policy for an organization with
components of disaster recovery plan for better understanding of the concept of IT security in an
organization for managing better operations throughout.
11
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References:
Books and Journals
Aldawood, H. and Skinner, G., 2019, January. An academic review of current industrial and
commercial cyber security social engineering solutions. In Proceedings of the 3rd
International Conference on Cryptography, Security and Privacy (pp. 110-115).
Paté‐Cornell, M.E., Kuypers, M., Smith, M. and Keller, P., 2018. Cyber risk management for
critical infrastructure: a risk analysis model and three case studies. Risk Analysis. 38(2).
pp.226-241.
Saifuzzaman, M., Khan, A.H., Moon, N.N. and Nur, F.N., 2017. Smart Security for an
Organization based on IoT. International Journal of Computer Applications. 165(10).
pp.33-38.
Shadrin, A.S. and Leonov, P.Y., 2018. Risks evaluation of financial-economic activity and their
management in the system of economic security of the organization. KnE Social
Sciences, pp.427-435.
Toapanta, M., Mero, J., Huilcapi, D. and Mafla, E., 2018, November. A blockchain approach to
mitigate information security in a public organization for Ecuador. In IOP Conf. Ser.
Mater. Sci. Eng (Vol. 423, No. 1, p. 012164).
Uktamov, H.F., 2020. Problems of Evaluation and Procuring Economic Security At
Enterprises. Asian Journal of Technology & Management Research. 10(01).
Williams, L., McGraw, G. and Migues, S., 2018. Engineering security vulnerability prevention,
Alshare, K.A., Lane, P.L. and Lane, M.R., 2018. Information security policy compliance: a
higher education case study. Information & Computer Security.
Easttom, C., 2019. Computer security fundamentals. Pearson IT Certification.
Haqaf, H. and Koyuncu, M., 2018. Understanding key skills for information security managers.
International Journal of Information Management, 43, pp.165-172.
Hwang, I., Kim, D., Kim, T. and Kim, S., 2017. Why not comply with information security? An
empirical approach for the causes of non-compliance. Online Information Review.
Limba, T., Plėta, T., Agafonov, K. and Damkus, M., 2019. Cyber security management model
for critical infrastructure.
Loukaka, A. and Rahman, S., 2017. Discovering new cyber protection approaches from a
security professional prospective. International Journal of Computer Networks &
Communications (IJCNC) Vol, 9.
Nasir, A., Arshah, R.A. and Ab Hamid, M.R., 2017, April. Information security policy
compliance behavior based on comprehensive dimensions of information security
culture: A conceptual framework. In Proceedings of the 2017 International Conference
on Information System and Data Mining (pp. 56-60).
Nieles, M., Dempsey, K. and Pillitteri, V., 2017. An introduction to information security (No.
NIST Special Publication (SP) 800-12 Rev. 1 (Draft)). National Institute of Standards
and Technology.
detection, and response. IEEE Software. 35(5). pp.76-80.
12
Books and Journals
Aldawood, H. and Skinner, G., 2019, January. An academic review of current industrial and
commercial cyber security social engineering solutions. In Proceedings of the 3rd
International Conference on Cryptography, Security and Privacy (pp. 110-115).
Paté‐Cornell, M.E., Kuypers, M., Smith, M. and Keller, P., 2018. Cyber risk management for
critical infrastructure: a risk analysis model and three case studies. Risk Analysis. 38(2).
pp.226-241.
Saifuzzaman, M., Khan, A.H., Moon, N.N. and Nur, F.N., 2017. Smart Security for an
Organization based on IoT. International Journal of Computer Applications. 165(10).
pp.33-38.
Shadrin, A.S. and Leonov, P.Y., 2018. Risks evaluation of financial-economic activity and their
management in the system of economic security of the organization. KnE Social
Sciences, pp.427-435.
Toapanta, M., Mero, J., Huilcapi, D. and Mafla, E., 2018, November. A blockchain approach to
mitigate information security in a public organization for Ecuador. In IOP Conf. Ser.
Mater. Sci. Eng (Vol. 423, No. 1, p. 012164).
Uktamov, H.F., 2020. Problems of Evaluation and Procuring Economic Security At
Enterprises. Asian Journal of Technology & Management Research. 10(01).
Williams, L., McGraw, G. and Migues, S., 2018. Engineering security vulnerability prevention,
Alshare, K.A., Lane, P.L. and Lane, M.R., 2018. Information security policy compliance: a
higher education case study. Information & Computer Security.
Easttom, C., 2019. Computer security fundamentals. Pearson IT Certification.
Haqaf, H. and Koyuncu, M., 2018. Understanding key skills for information security managers.
International Journal of Information Management, 43, pp.165-172.
Hwang, I., Kim, D., Kim, T. and Kim, S., 2017. Why not comply with information security? An
empirical approach for the causes of non-compliance. Online Information Review.
Limba, T., Plėta, T., Agafonov, K. and Damkus, M., 2019. Cyber security management model
for critical infrastructure.
Loukaka, A. and Rahman, S., 2017. Discovering new cyber protection approaches from a
security professional prospective. International Journal of Computer Networks &
Communications (IJCNC) Vol, 9.
Nasir, A., Arshah, R.A. and Ab Hamid, M.R., 2017, April. Information security policy
compliance behavior based on comprehensive dimensions of information security
culture: A conceptual framework. In Proceedings of the 2017 International Conference
on Information System and Data Mining (pp. 56-60).
Nieles, M., Dempsey, K. and Pillitteri, V., 2017. An introduction to information security (No.
NIST Special Publication (SP) 800-12 Rev. 1 (Draft)). National Institute of Standards
and Technology.
detection, and response. IEEE Software. 35(5). pp.76-80.
12
1 out of 14
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.