IT Security & Technology Landscape - Report
VerifiedAdded on 2020/03/01
|5
|1124
|153
AI Summary
This report is based on the reports of SIA Megatrends, large convergences between systems and technologies produce vulnerabilities on several fronts to cyber-attacks. This report lists four goals for security practitioners to assist alleviate cyber threats: having hardened products and practices; integrating companies and educating stakeholders; IT best practices and establishing cybersecurity; and equalization of client desires and needs for implementation.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Task 1 – IT Security & Technology Landscape
Based on the reports of SIA Megatrends, large convergences between systems and
technologies produce vulnerabilities on several fronts to cyber-attacks. In 2015, as an
example, H.P. reported that seventy p.c of unremarkably used IoT devices square
measure liable to cyber-attacks and breaches. The report lists four goals for security
practitioners to assist alleviate cyber threats: having hardened product and practices;
integration companies and educating stakeholders; IT best practices and establishing cyber
security; and equalisation client desires and needs for implementation.
Now a day, we have a robust and growing security market at intervals the IT business. It
changes quickly and is complicated generally. It is terribly satisfying for somebody World
Health Organization is motivated as an easy string of commands will permit the user access
to data or management of necessary infrastructure. One thing rock bottom will have a
large pay-out.
There are well established doctrines for implementing security at intervals IT
infrastructure. So, now we should tend to do that a day in our IT domain
however as laptop power, AI (AI), and quick communications develop I see new risks.
There are 5 new security technologies which can help out in completely changing the
technology landscape:
1. AI, Machine and Deep Learning
2. Endpoint Hardware Authentication
3. Applications and solutions which are specific to cloud
4. Preventing Data Loss and Emerging Security Technologies
5. User Behaviour Analytics
Future cycle of IT security landscape:
With the help of providing a small view point on the future cycle of IT security landscape
illustration on the rapid growth of threat, vulnerability and national dependency has been
done.
Based on the reports of SIA Megatrends, large convergences between systems and
technologies produce vulnerabilities on several fronts to cyber-attacks. In 2015, as an
example, H.P. reported that seventy p.c of unremarkably used IoT devices square
measure liable to cyber-attacks and breaches. The report lists four goals for security
practitioners to assist alleviate cyber threats: having hardened product and practices;
integration companies and educating stakeholders; IT best practices and establishing cyber
security; and equalisation client desires and needs for implementation.
Now a day, we have a robust and growing security market at intervals the IT business. It
changes quickly and is complicated generally. It is terribly satisfying for somebody World
Health Organization is motivated as an easy string of commands will permit the user access
to data or management of necessary infrastructure. One thing rock bottom will have a
large pay-out.
There are well established doctrines for implementing security at intervals IT
infrastructure. So, now we should tend to do that a day in our IT domain
however as laptop power, AI (AI), and quick communications develop I see new risks.
There are 5 new security technologies which can help out in completely changing the
technology landscape:
1. AI, Machine and Deep Learning
2. Endpoint Hardware Authentication
3. Applications and solutions which are specific to cloud
4. Preventing Data Loss and Emerging Security Technologies
5. User Behaviour Analytics
Future cycle of IT security landscape:
With the help of providing a small view point on the future cycle of IT security landscape
illustration on the rapid growth of threat, vulnerability and national dependency has been
done.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Task 2 – IT Security Models and Access Control
Formal description of a security policy is known as security model.
Our next question can be what's a security policy?
And the answer for this question will be – Capturing the safety requirements of an enterprise
or examining the required steps which are needed to be taken to realize the security.
Most of security models area unit are utilized in security analysis which can be proofs of
security.
The model of Bell-LaPadula model is a crucial historic milestone in pc security.
The tactic for access control is about mediating every request to resources and knowledge
maintained by the system and decisive whether or not the request needs to be granted or
denied. The decision for access management is enforced by the mechanism of implementing
laws that established by a security policy. A completely different access control policies are
applied such as totally distinguish set of criteria for outlining what should, be allowed, what
should not be and in some other sense which is fully different definition of what is
guaranteeing security suggests that.
Security Policy (rule): In few steps, the high level rules are outlined by the access
management should be regulated by this.
Security Model: A complete correct illustration is provided by it for the access control
security policy and it’s operational. The proof of properties on the security is permits by
systemization and provided by the access system being designed.
Security Mechanism: An occasional level hardware and computer code functions which can
control obligatory and enforced by the policy and formally specific inside the model.
Formal description of a security policy is known as security model.
Our next question can be what's a security policy?
And the answer for this question will be – Capturing the safety requirements of an enterprise
or examining the required steps which are needed to be taken to realize the security.
Most of security models area unit are utilized in security analysis which can be proofs of
security.
The model of Bell-LaPadula model is a crucial historic milestone in pc security.
The tactic for access control is about mediating every request to resources and knowledge
maintained by the system and decisive whether or not the request needs to be granted or
denied. The decision for access management is enforced by the mechanism of implementing
laws that established by a security policy. A completely different access control policies are
applied such as totally distinguish set of criteria for outlining what should, be allowed, what
should not be and in some other sense which is fully different definition of what is
guaranteeing security suggests that.
Security Policy (rule): In few steps, the high level rules are outlined by the access
management should be regulated by this.
Security Model: A complete correct illustration is provided by it for the access control
security policy and it’s operational. The proof of properties on the security is permits by
systemization and provided by the access system being designed.
Security Mechanism: An occasional level hardware and computer code functions which can
control obligatory and enforced by the policy and formally specific inside the model.
Task 3 – IT security Threat and Risk Assessment
A large advancement in the data technology (IT) have raised and issue which is related to the
risk of information related to weak IT security, further illustration as vulnerability to viruses,
malware, attacks and compromises of network services and systems. In compromised
confidentiality, integrity and availability of the knowledge due to unauthorized access
because of inadequate IT security can finish.
To form positive that every individual privacy stays painstakingly protected in native and
state education agencies which got to implement progressive data security practices.
Staying before the ever-evolving threat of associate degree info breach desires diligence on
the part of the education community in understanding and anticipating the risks. This short
paper outlines essential threats to tutorial information and information systems.
Threats unit divided into a pair of categories: technical and non-technical. Technical Threats:
- Non-existent security architecture
- Un-patched client side software and application
- “Phishing” and targeted attacks
- Internet web sites
- Poor configuration management
- Mobile device
- Cloud computing
- Removable media
- Botnets
- Zero-day attack
Non-Technical Threats:
- Insider
- Poor Passwords
- Physical security
- Insufficient Backup Recovery
- Social Media
- Improper Destruction
- Social Engineering
A large advancement in the data technology (IT) have raised and issue which is related to the
risk of information related to weak IT security, further illustration as vulnerability to viruses,
malware, attacks and compromises of network services and systems. In compromised
confidentiality, integrity and availability of the knowledge due to unauthorized access
because of inadequate IT security can finish.
To form positive that every individual privacy stays painstakingly protected in native and
state education agencies which got to implement progressive data security practices.
Staying before the ever-evolving threat of associate degree info breach desires diligence on
the part of the education community in understanding and anticipating the risks. This short
paper outlines essential threats to tutorial information and information systems.
Threats unit divided into a pair of categories: technical and non-technical. Technical Threats:
- Non-existent security architecture
- Un-patched client side software and application
- “Phishing” and targeted attacks
- Internet web sites
- Poor configuration management
- Mobile device
- Cloud computing
- Removable media
- Botnets
- Zero-day attack
Non-Technical Threats:
- Insider
- Poor Passwords
- Physical security
- Insufficient Backup Recovery
- Social Media
- Improper Destruction
- Social Engineering
Information security risk assessment is Associate in Nursing on-going method of discovering,
correcting and preventing security issues. The chance assessment is Associate in
Nursing integral a part of a risk management method designed to produce applicable levels of
security for data systems. Data security risk assessments area unit a part of sound security
practices and area unit needed by the Commonwealth Enterprise data Security Policy.
The risk assessment can facilitate every agency verify the suitable level of risk and therefore
the ensuing security needs for every system. The agency should then devise, implement and
monitor a group of security measures to handle the extent of known risk. For a
replacement system the chance assessment is usually conducted at the start of the System
Development Life Cycle (SDLC). For Associate in Nursing existing system, risk
assessments is also conducted on an everyday basis throughout the SDLC Associate in
Nursing and on an ad-hoc basis in response to specific events like once major
modifications area unit created to the system’s setting or in response to a security incident or
audit.
Risk Assessment Process:
1. System Document Phases
a. System Identification
b. System Purpose and Description
c. System Security Level
2. Risk Determination Phases
a. Identify vulnerabilities and threats
b. Describe risk
c. Identify existing controls
d. Determine likelihood of occurrence
e. Determine severity of risk
f. Determine risk level
3. Safeguard Determination Phases
a. Recommended safeguards and controls
b. Determine residual likelihood of occurrence
c. Determine residual risk levels
correcting and preventing security issues. The chance assessment is Associate in
Nursing integral a part of a risk management method designed to produce applicable levels of
security for data systems. Data security risk assessments area unit a part of sound security
practices and area unit needed by the Commonwealth Enterprise data Security Policy.
The risk assessment can facilitate every agency verify the suitable level of risk and therefore
the ensuing security needs for every system. The agency should then devise, implement and
monitor a group of security measures to handle the extent of known risk. For a
replacement system the chance assessment is usually conducted at the start of the System
Development Life Cycle (SDLC). For Associate in Nursing existing system, risk
assessments is also conducted on an everyday basis throughout the SDLC Associate in
Nursing and on an ad-hoc basis in response to specific events like once major
modifications area unit created to the system’s setting or in response to a security incident or
audit.
Risk Assessment Process:
1. System Document Phases
a. System Identification
b. System Purpose and Description
c. System Security Level
2. Risk Determination Phases
a. Identify vulnerabilities and threats
b. Describe risk
c. Identify existing controls
d. Determine likelihood of occurrence
e. Determine severity of risk
f. Determine risk level
3. Safeguard Determination Phases
a. Recommended safeguards and controls
b. Determine residual likelihood of occurrence
c. Determine residual risk levels
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
REFERENCES:
PTAC-IB, (Dec,2011), Data Security: Top Threats to Data Protection. Retrieved
from http://ptac.ed.gov/sites/default/files/issue-brief-threats-to-your-data.pdf
Pierangela Samarati and Sabrina De Capitani di Vimercati. Access Control: Policies,
Models, and Mechanisms. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.66.8406&rep=rep1&type=pdf
Australian Government, Department of Defense. Future Cyber Security Landscape.
Retrieved from https://www.dst.defence.gov.au/sites/default/files/publications/documents/
Future-Cyber-Security-Landscape.pdf
Romuald Thion. (2008). Access Control Models. Retireved from
http://liris.cnrs.fr/romuald.thion/files/RT_Papers/Thion07:Cyber:Access.pdf
PTAC-IB, (Dec,2011), Data Security: Top Threats to Data Protection. Retrieved
from http://ptac.ed.gov/sites/default/files/issue-brief-threats-to-your-data.pdf
Pierangela Samarati and Sabrina De Capitani di Vimercati. Access Control: Policies,
Models, and Mechanisms. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.66.8406&rep=rep1&type=pdf
Australian Government, Department of Defense. Future Cyber Security Landscape.
Retrieved from https://www.dst.defence.gov.au/sites/default/files/publications/documents/
Future-Cyber-Security-Landscape.pdf
Romuald Thion. (2008). Access Control Models. Retireved from
http://liris.cnrs.fr/romuald.thion/files/RT_Papers/Thion07:Cyber:Access.pdf
1 out of 5
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.