Understanding IT Security Risks, Audit, and Policies towards Organizational Information Security
Added on 2024-05-14
17 Pages3957 Words352 Views
|
|
|
Understanding IT security risks, audit, and policies
towards organizational information security (L4)
towards organizational information security (L4)
Table of Contents
Introduction................................................................................................................................................. 3
LO1 Assess risks to IT security....................................................................................................................... 4
P1 Identify types of security risks to organizations...........................................................................................4
P2 Describe organizational security procedures...............................................................................................5
LO2 Describe IT security solutions................................................................................................................. 7
P3 Identify the potential impact on IT security of incorrect configuration of firewall policies and third-party
VPNs.................................................................................................................................................................7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
network security...............................................................................................................................................7
LO3 Review mechanisms to control organizational IT security.......................................................................9
P5 Discuss risk assessment procedures.............................................................................................................9
P6 Explain as data protection processes and regulation applicable to an organization.................................10
LO4 Manage organizational security............................................................................................................ 12
P7 Design and implement a security policy for an organization.....................................................................12
P8 List the main components of an organizational disaster recovery plan, justifying the reasons for inclusion.
....................................................................................................................................................................... 12
Conclusion.................................................................................................................................................. 15
Reference List............................................................................................................................................. 16
Table of Figures
Figure 1 – Configuring a DMZ..................................................................................................8
Introduction................................................................................................................................................. 3
LO1 Assess risks to IT security....................................................................................................................... 4
P1 Identify types of security risks to organizations...........................................................................................4
P2 Describe organizational security procedures...............................................................................................5
LO2 Describe IT security solutions................................................................................................................. 7
P3 Identify the potential impact on IT security of incorrect configuration of firewall policies and third-party
VPNs.................................................................................................................................................................7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
network security...............................................................................................................................................7
LO3 Review mechanisms to control organizational IT security.......................................................................9
P5 Discuss risk assessment procedures.............................................................................................................9
P6 Explain as data protection processes and regulation applicable to an organization.................................10
LO4 Manage organizational security............................................................................................................ 12
P7 Design and implement a security policy for an organization.....................................................................12
P8 List the main components of an organizational disaster recovery plan, justifying the reasons for inclusion.
....................................................................................................................................................................... 12
Conclusion.................................................................................................................................................. 15
Reference List............................................................................................................................................. 16
Table of Figures
Figure 1 – Configuring a DMZ..................................................................................................8
Introduction
Companies today face a lot of threat from the outside world that has the potential to deal with
financial damage in the System of Information of the company. The losses could not be
measured properly sometimes it could cause the destruction of the entire system of
information and on the other hand, sometimes it could be dealt with little losses.
Considerably the threat effects vary with their types: some challenges the integrity and
confidentiality in the stored database while others may dent towards the system's availability.
Recently it's noted that constant struggle lies with the companies to identifying the
information threats present and understanding them and their impacts and what means of the
measure could they implement to fight back these attacks, a continuous battle challenge. For
enhancing security threats understanding, a model classification for security threats is
proposed which facilitates towards the threats impact class study rather than the impact threat
as with time threat evolves and varies (Jouini, Rabai, and Aissa, 2014).
Companies today face a lot of threat from the outside world that has the potential to deal with
financial damage in the System of Information of the company. The losses could not be
measured properly sometimes it could cause the destruction of the entire system of
information and on the other hand, sometimes it could be dealt with little losses.
Considerably the threat effects vary with their types: some challenges the integrity and
confidentiality in the stored database while others may dent towards the system's availability.
Recently it's noted that constant struggle lies with the companies to identifying the
information threats present and understanding them and their impacts and what means of the
measure could they implement to fight back these attacks, a continuous battle challenge. For
enhancing security threats understanding, a model classification for security threats is
proposed which facilitates towards the threats impact class study rather than the impact threat
as with time threat evolves and varies (Jouini, Rabai, and Aissa, 2014).
LO1 Assess risks to IT security.
P1 Identify types of security risks to organizations.
In this dangerous world data protection is the major focus of all the IT organizations
functioning, to protect the integrity of the data related to the user, confidential for a company,
sellers, etc. Hackers try their best to part user information from them by several evolving
means and would use that business or confidential information for future usage.
Here is the list of few of the security threats defined as follows –
Trojan Horse: These types of the virus could infect a computer or organization's system via
an application that is downloaded from the incredible source and one thinks is legitimate
rather comes with malicious effects. Once the trojan horse is installed or present in your
computer it could perform any function it is programmed for. For example, using keystroke
logger can track computers activity by recording and analyzing keystrokes pressed resulting
in password recording and many severe actions like tracking bank details, recording every
move by webcam and microphone hijacking.
Computer Worm: Without the indulgence of human being worm software are capable of
replicating itself to several computers from another one. With great volume and speed,
worms replicate itself. To understand the working methodology of worm let’s understand it
by an example, worm software or code snippet could transmit themselves through email to all
your contacts and then further from your contact emails to their contact email addresses.
Rootkit: Software being used to access the authority level of the administrator to the
computer network or computer are known as a rootkit. Cybercriminal in a legitimate
application or software could find a security hole or vulnerability for exploitation by
installing a rootkit in one's personal computer that contains software for spying such as
hijacking microphone and recording keypress activity as admin.
Malware: Malware full form elaborates to malicious software which is the program code or
software which are intrusive, hostile, and annoying. Malware in present in the system could
be a trojan horse, malicious rootkits, worms, viruses. All of which are discussed in other
points.
Rogue Software of Security: Rogue software of security are false applications that are
implemented for luring the user to falsely click over a link that pops up unwantedly. When
P1 Identify types of security risks to organizations.
In this dangerous world data protection is the major focus of all the IT organizations
functioning, to protect the integrity of the data related to the user, confidential for a company,
sellers, etc. Hackers try their best to part user information from them by several evolving
means and would use that business or confidential information for future usage.
Here is the list of few of the security threats defined as follows –
Trojan Horse: These types of the virus could infect a computer or organization's system via
an application that is downloaded from the incredible source and one thinks is legitimate
rather comes with malicious effects. Once the trojan horse is installed or present in your
computer it could perform any function it is programmed for. For example, using keystroke
logger can track computers activity by recording and analyzing keystrokes pressed resulting
in password recording and many severe actions like tracking bank details, recording every
move by webcam and microphone hijacking.
Computer Worm: Without the indulgence of human being worm software are capable of
replicating itself to several computers from another one. With great volume and speed,
worms replicate itself. To understand the working methodology of worm let’s understand it
by an example, worm software or code snippet could transmit themselves through email to all
your contacts and then further from your contact emails to their contact email addresses.
Rootkit: Software being used to access the authority level of the administrator to the
computer network or computer are known as a rootkit. Cybercriminal in a legitimate
application or software could find a security hole or vulnerability for exploitation by
installing a rootkit in one's personal computer that contains software for spying such as
hijacking microphone and recording keypress activity as admin.
Malware: Malware full form elaborates to malicious software which is the program code or
software which are intrusive, hostile, and annoying. Malware in present in the system could
be a trojan horse, malicious rootkits, worms, viruses. All of which are discussed in other
points.
Rogue Software of Security: Rogue software of security are false applications that are
implemented for luring the user to falsely click over a link that pops up unwantedly. When
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security / BTEC-L5c Assessment 2022lg...
|70
|29740
|26
Assignment on Risks and Risk Managementlg...
|11
|781
|13
IT Security: Types of Risks, Organizational Procedures, Impact of Firewall Configuration, Implementation of DMZ, Static IP and NATlg...
|18
|1181
|61
Network Security: A Comprehensive Guide to Protecting Your Organizationlg...
|28
|5139
|104
Assignment On Implements Technological 2022lg...
|62
|17151
|26
iT Securitylg...
|17
|5127
|60