logo

Managing and Resolving the Different Levels of Risk

   

Added on  2020-02-05

15 Pages5492 Words94 Views
IT Security1

Table of ContentsINTRODUCTION ...............................................................................................................................4TASK 1.................................................................................................................................................4Purpose and differences of security audits and risk assessments....................................................4Legal, regulatory and compliance requirements for companies to carry out risk assessments.......6Identify.............................................................................................................................................74. Description of above in its current state......................................................................................9Strategies to manage and resolve the different levels of risk when conducting a risk assessment11Actions that can be taken to resolve the high level risk items.......................................................12CONCLUSION..................................................................................................................................13References..........................................................................................................................................142

Illustration IndexIllustration 1: LAN Infrastructure........................................................................................................83

INTRODUCTION IT security is also called as cyber security or computer security. Information security isdesigned for protecting confidential, important and data in the computer system from theunauthorised access. IT security helps in protection of the information system, hardware or softwarefrom any kind of threat. This consists of controlling physical access to the hardware and protectingdata from harm through the network access or other means. With the creasing use of the computersand other IT technologies, security regarding them is also increasing. It is essential to securecomputer systems from various threats which include computer crime, Trojans, malware, exploits,viruses, denial of service, etc (Al-Aqrabi and et.al., 2012). The present study includes purpose of security audits and risk assessment, legal, regulatoryand compliance requirement for the company. Along with this, the file consists of loss to theorganisation in the case of data hijack and weighting for indicating the level of risk.TASK 1Purpose and differences of security audits and risk assessments.Security audit refers to the systematic measurable and technical evaluation of the system orapplications used by the company. IT firms conducts security audit of its system and otherapplications time to time for checking their security status. It also conducts manual assessment byasking the staff members, performs security vulnerability scans, check access controls related tothe operating system. System of the IT firms includes personal computer, servers, mainframes,switches and network routers. Purpose of the security audit: The purpose of IT firms behind conducting security audit is to check the vulnerability ofnetwork. With the help of audit only, company can identify issues or problems which lie in thenetwork or system. It is important for the firm to keep its information and data secure which is onlypossible through the audit. Along with this, security audit protects information from commonsecurity breaches and identifies loophole in the complete system. This evaluation helps thecompany in improving weaknesses for making security stronger. In addition to it, this process iscost effective so firm can conduct it whenever it feels the requirement (Baryshnikov, 2012). Another purpose of IT firms is to determine the higher and lower risks for evaluating propersolutions for resolving them accordingly. It is very difficult to detect vulnerability in the network orapplication automatically so audit is organised by the firm. In favour to this, it also helps in testingthe ability and capacity of the network defenders to detect attacks or harms to the information or4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Computer Security: Fundamentals, Examples, and Countermeasures
|15
|5240
|98

Ways to Mitigate Security Vulnerabilities for Wired and Non-Wired Devices
|13
|730
|170

Applications and Technology Conference (LISAT)
|11
|1209
|12

Computer Security: Elements, Issues, and Frameworks
|15
|5037
|1

Computer Security: Protecting Systems and Information
|15
|5076
|58

Cyber Security Communications
|4
|636
|31