IT Security Risk Assessment: A BTEC HND Computing Unit 5 Report
VerifiedAdded on 2025/06/24
|18
|4235
|194
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
Unit 5: BTEC HND in Computing
Student Name:
Student ID:
Student Name:
Student ID:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction................................................................................................................................3
LO1 Assess risks to IT security.................................................................................................4
P1 Identify types of security risks to organisations...............................................................4
P2 Describe organisational security procedures....................................................................6
M1 Propose a method to assess and treat IT security risks....................................................7
LO2 Describe IT security solutions...........................................................................................9
P3 Identify the potential impact on IT security of incorrect configuration of firewall
policies and third-party VPNs................................................................................................9
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security..................................................................................9
M2 Discuss three benefits to implement network monitoring systems with supporting
reasons..................................................................................................................................10
LO3 Review mechanisms to control organisational IT security..............................................11
P5 Discuss risk assessment procedure.................................................................................11
P6 Explain data protection processes and regulation as applicable to an organisation.......11
M3 Summarise the ISO 31000 risk management methodology and its application in IT
security.................................................................................................................................12
M4 Discuss possible impacts on organisation security resulting from an IT security audit.
..............................................................................................................................................12
LO4. Manage organisational security......................................................................................13
P7. Design and implement a security policy for an organisation.........................................13
P8. List the main components of an organisational disaster recovery plan, justifying the
reasons for the inclusion.......................................................................................................14
M5. Discuss the role of the stakeholders in the organisation in order to implement security
audit recommendations........................................................................................................14
Conclusion................................................................................................................................16
References................................................................................................................................17
2
Introduction................................................................................................................................3
LO1 Assess risks to IT security.................................................................................................4
P1 Identify types of security risks to organisations...............................................................4
P2 Describe organisational security procedures....................................................................6
M1 Propose a method to assess and treat IT security risks....................................................7
LO2 Describe IT security solutions...........................................................................................9
P3 Identify the potential impact on IT security of incorrect configuration of firewall
policies and third-party VPNs................................................................................................9
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security..................................................................................9
M2 Discuss three benefits to implement network monitoring systems with supporting
reasons..................................................................................................................................10
LO3 Review mechanisms to control organisational IT security..............................................11
P5 Discuss risk assessment procedure.................................................................................11
P6 Explain data protection processes and regulation as applicable to an organisation.......11
M3 Summarise the ISO 31000 risk management methodology and its application in IT
security.................................................................................................................................12
M4 Discuss possible impacts on organisation security resulting from an IT security audit.
..............................................................................................................................................12
LO4. Manage organisational security......................................................................................13
P7. Design and implement a security policy for an organisation.........................................13
P8. List the main components of an organisational disaster recovery plan, justifying the
reasons for the inclusion.......................................................................................................14
M5. Discuss the role of the stakeholders in the organisation in order to implement security
audit recommendations........................................................................................................14
Conclusion................................................................................................................................16
References................................................................................................................................17
2
Introduction
Implementing the safety risks and maintain security is vital to understand as it can prevent
organizational hazards and other issues, for example, vulnerabilities, that can impact
information of great value to the business. Therefore, GANT IT security needs to be
improved by entry to risks, vulnerabilities and dangers. Threats to the organisation that can
damage the organization's structure and other networks.
This report comprises various supportive research knowledge on the topic of IT security,
where types of security risks are identified along with their solutions and also the mechanism
is reviewed for the data security of the organisation. Also, the management of the
organisational data is discussed in this report.
3
Implementing the safety risks and maintain security is vital to understand as it can prevent
organizational hazards and other issues, for example, vulnerabilities, that can impact
information of great value to the business. Therefore, GANT IT security needs to be
improved by entry to risks, vulnerabilities and dangers. Threats to the organisation that can
damage the organization's structure and other networks.
This report comprises various supportive research knowledge on the topic of IT security,
where types of security risks are identified along with their solutions and also the mechanism
is reviewed for the data security of the organisation. Also, the management of the
organisational data is discussed in this report.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
LO1 Assess risks to IT security.
P1 Identify types of security risks to organisations.
The implementation of its security risk is important to understand as it can be able to prevent
the organisational threats and other complications such are vulnerabilities which can be the
reason for affecting the information that is very valuable to the organisation. Therefore, in
order for the improvement of GANT’s IT security, there must be an accessing of risks,
vulnerability and threats required. Threats to the organisation that has the potential to cause
damage to the organisation’s systems and the other networks. The threats are to be classified
as the two major categories like deliberate and accidental threats. The threat in the case of
accidental can be called as hazards like human error, disaster that in natural and malfunction
of the system. Meanwhile, the threats that are deliberate like cyber terrorism, hacking, and
other high-tech crimes (Jaatun, et. Al., 2015).
The threats in GANT is included with the valuable type of information about every member,
places of meetings, activities held in groups, website and many other work aspects that will
be easier for the unauthorised people to access the information. Hacker can easily get access
to the organisation information that is unauthorised and that too without the company being
aware. The very second threat to the organisation is the habitats of netter jack toad in which
organisation motives are used. The website risk is comprised of some unofficial messages
that may be added into it.
There are some of the risks that can affect the whole system for the management of work and
are as follows: -
1) Rogue software for security: - the scammers and computer hackers have found new
ways today to commit some kind of internet fraud and develop new viruses. Among
which the rogue software is one of the methods. It is a malicious software which
manipulates the computer user to think that their system is infected by viruses and their
measures for the security of threats aren’t up to date. Then the software takes the
advantage and asks the user to install new updates for the security settings and install
their program to the user’s computer once the user allows and then the malware update
infect the computer then after.
4
P1 Identify types of security risks to organisations.
The implementation of its security risk is important to understand as it can be able to prevent
the organisational threats and other complications such are vulnerabilities which can be the
reason for affecting the information that is very valuable to the organisation. Therefore, in
order for the improvement of GANT’s IT security, there must be an accessing of risks,
vulnerability and threats required. Threats to the organisation that has the potential to cause
damage to the organisation’s systems and the other networks. The threats are to be classified
as the two major categories like deliberate and accidental threats. The threat in the case of
accidental can be called as hazards like human error, disaster that in natural and malfunction
of the system. Meanwhile, the threats that are deliberate like cyber terrorism, hacking, and
other high-tech crimes (Jaatun, et. Al., 2015).
The threats in GANT is included with the valuable type of information about every member,
places of meetings, activities held in groups, website and many other work aspects that will
be easier for the unauthorised people to access the information. Hacker can easily get access
to the organisation information that is unauthorised and that too without the company being
aware. The very second threat to the organisation is the habitats of netter jack toad in which
organisation motives are used. The website risk is comprised of some unofficial messages
that may be added into it.
There are some of the risks that can affect the whole system for the management of work and
are as follows: -
1) Rogue software for security: - the scammers and computer hackers have found new
ways today to commit some kind of internet fraud and develop new viruses. Among
which the rogue software is one of the methods. It is a malicious software which
manipulates the computer user to think that their system is infected by viruses and their
measures for the security of threats aren’t up to date. Then the software takes the
advantage and asks the user to install new updates for the security settings and install
their program to the user’s computer once the user allows and then the malware update
infect the computer then after.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2) Computer virus: - a computer virus is nothing but a program that consists of algorithms
that infect the computer system. Being exposed to the internet the system is at all-time
risk of having threats to the cybersecurity. A survey shows that around 34% of computer
that is used for the household purpose is infected with a virus or some kind of malware.
The computer is also capable of transferring to one another computer if the two systems
are connected anyhow.
3) Spyware and adware: - adware is a software that keeps the track on user’s internet
surfing activities and then shows the pop-up ads accordingly. It is a good source of
income for the companies that wanted the user to try their product. The adware hides the
necessary thing in the user agreement most of the time. But this can be avoided if the user
reads everything before installing a program or software. The adware can be recognised
easily in pop-ups. this can sometimes slow down the computer’s operations and
processing.
4) Trojan horse: - the trojan house basically refers to the tricking of someone to enter in
their computer by hiding under a genuine program. A trojan is an attacking code of
attacking code. It is the software that the user in such a way that the user makes the trojan
enter the program by themselves. These are often spread by mails. It may look like an
email but when the mail is clicked and the mail has an attached file then the malware has
entered to your system. Some trojans are created when a user clicks a wrong ad. Once a
trojan gets into the computer it will hack the webcam, record the passwords, and may leak
important data and passwords.
5) DDOS and DOS attacks: - it is the attack that is seen when a user tries to open website
and is continuously refreshing it and then at sudden the website shows the loading error
and the user thinks that is must be very much traffic on the website but the reason behind
this may be that the scammers have overflooded the website with the traffic so that the
content of the website would not be visible to the users. This kind of attacks are called
DOS attacks and it may be performed by even one machine and an internet connection.
This can be done by flooding website with packets with making the process impossible
for the users that are legitimate and wanted to access the website content.
6) Computer worm: - these are the malware program pieces that replicates spread and
quickly from a system to another. a worm is spread from a system that is infected. This is
5
that infect the computer system. Being exposed to the internet the system is at all-time
risk of having threats to the cybersecurity. A survey shows that around 34% of computer
that is used for the household purpose is infected with a virus or some kind of malware.
The computer is also capable of transferring to one another computer if the two systems
are connected anyhow.
3) Spyware and adware: - adware is a software that keeps the track on user’s internet
surfing activities and then shows the pop-up ads accordingly. It is a good source of
income for the companies that wanted the user to try their product. The adware hides the
necessary thing in the user agreement most of the time. But this can be avoided if the user
reads everything before installing a program or software. The adware can be recognised
easily in pop-ups. this can sometimes slow down the computer’s operations and
processing.
4) Trojan horse: - the trojan house basically refers to the tricking of someone to enter in
their computer by hiding under a genuine program. A trojan is an attacking code of
attacking code. It is the software that the user in such a way that the user makes the trojan
enter the program by themselves. These are often spread by mails. It may look like an
email but when the mail is clicked and the mail has an attached file then the malware has
entered to your system. Some trojans are created when a user clicks a wrong ad. Once a
trojan gets into the computer it will hack the webcam, record the passwords, and may leak
important data and passwords.
5) DDOS and DOS attacks: - it is the attack that is seen when a user tries to open website
and is continuously refreshing it and then at sudden the website shows the loading error
and the user thinks that is must be very much traffic on the website but the reason behind
this may be that the scammers have overflooded the website with the traffic so that the
content of the website would not be visible to the users. This kind of attacks are called
DOS attacks and it may be performed by even one machine and an internet connection.
This can be done by flooding website with packets with making the process impossible
for the users that are legitimate and wanted to access the website content.
6) Computer worm: - these are the malware program pieces that replicates spread and
quickly from a system to another. a worm is spread from a system that is infected. This is
5
done by a worm sending itself to the other computer’s contact and to the self systems
contact.
7) Rootkit: - It is the software collection which enables the accessing using remote control
and at the administration level for getting access over the computer networks and once the
remote accessing is enabled, it will be able to perform various malicious actions. They are
equipped with password stealer, antivirus disabler and a keylogger.
8) Phishing: - it is a method of getting the username, credit card number and passwords
through social engineering. These attacks are mainly in instant messages form and
phishing emails. The email recipient is then tricked into the malicious link.
P2 Describe organisational security procedures.
There are some of the security procedures that are followed by the organisations in order to
get away from the malware and all the malicious activities. Few sets of procedures or rule are
to be followed by the organisation for the protection of their sensitive data.
Some of the security procedures that are followed by the organisation that must be required to
be evaluated are considered to be as follows: -
1) The user only has authorization for accessing the information. Inside the system to access.
2) The system must be able to restrict the connection or limit the access destruction of and
modification of the important information in the protected resources. There is for the
particular authorised user that needs to know the information involved.
3) The actions of the authorised user are counted within the system by keeping track of the
actions.
4) Security with the label: - the system should be capable of limiting its access for the
information that is based on: -
a) Information sensitivity which is contained inside the objects and is represented by
labels.
b) A formal clearance of accessing of user are represented by their profiles which
enforce the system to access the rules prevented for a user to access the information
with higher sensitivity than the operating. This prevents the users to downgrade
information to minimum sensitivity.
6
contact.
7) Rootkit: - It is the software collection which enables the accessing using remote control
and at the administration level for getting access over the computer networks and once the
remote accessing is enabled, it will be able to perform various malicious actions. They are
equipped with password stealer, antivirus disabler and a keylogger.
8) Phishing: - it is a method of getting the username, credit card number and passwords
through social engineering. These attacks are mainly in instant messages form and
phishing emails. The email recipient is then tricked into the malicious link.
P2 Describe organisational security procedures.
There are some of the security procedures that are followed by the organisations in order to
get away from the malware and all the malicious activities. Few sets of procedures or rule are
to be followed by the organisation for the protection of their sensitive data.
Some of the security procedures that are followed by the organisation that must be required to
be evaluated are considered to be as follows: -
1) The user only has authorization for accessing the information. Inside the system to access.
2) The system must be able to restrict the connection or limit the access destruction of and
modification of the important information in the protected resources. There is for the
particular authorised user that needs to know the information involved.
3) The actions of the authorised user are counted within the system by keeping track of the
actions.
4) Security with the label: - the system should be capable of limiting its access for the
information that is based on: -
a) Information sensitivity which is contained inside the objects and is represented by
labels.
b) A formal clearance of accessing of user are represented by their profiles which
enforce the system to access the rules prevented for a user to access the information
with higher sensitivity than the operating. This prevents the users to downgrade
information to minimum sensitivity.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
This method used for the classification of the information that is based on the criteria set by
the organisation. The classification is generally based on the value relative to the
organisational value and the interest that limits the information dissemination. It determines
the information classification rules but not to determine classification. The scope of the
system of information technology excluded with the method for the determination of
clearances instead it is based on trust placed by the organisation in an individual user to some
extent within organisation boundaries.
Policies adopted by the organisation for IT security: -
1) Access control policies- ACP
2) Acceptable use policy- AUP
3) Change management policy
4) Information security policy
5) Incident response policy
6) Remote control policy
7) Disaster recovery policy
8) Business community plan- BCP (Hayslip, 2018)
M1 Propose a method to assess and treat IT security risks.
Risk assessment is mostly used for the identification, prioritization and estimation of
operations within the organisation and the assets that are resulting from the user information
system for the operation. It is a primary business and is all about the money. It tells how the
available assets and the employees affect the business profitability and the risk that will be
resulting in a larger number of monetary loss. To the company. After this it makes them think
about the chances of enhancing the IT infrastructure for the reduction of security risks. This
will surely lead to a big loss financially to the organisation (Krishnaswamy, 2018).
Basically, the risks involve three main factors which are:
What is the asset’s importance in risk?
7
the organisation. The classification is generally based on the value relative to the
organisational value and the interest that limits the information dissemination. It determines
the information classification rules but not to determine classification. The scope of the
system of information technology excluded with the method for the determination of
clearances instead it is based on trust placed by the organisation in an individual user to some
extent within organisation boundaries.
Policies adopted by the organisation for IT security: -
1) Access control policies- ACP
2) Acceptable use policy- AUP
3) Change management policy
4) Information security policy
5) Incident response policy
6) Remote control policy
7) Disaster recovery policy
8) Business community plan- BCP (Hayslip, 2018)
M1 Propose a method to assess and treat IT security risks.
Risk assessment is mostly used for the identification, prioritization and estimation of
operations within the organisation and the assets that are resulting from the user information
system for the operation. It is a primary business and is all about the money. It tells how the
available assets and the employees affect the business profitability and the risk that will be
resulting in a larger number of monetary loss. To the company. After this it makes them think
about the chances of enhancing the IT infrastructure for the reduction of security risks. This
will surely lead to a big loss financially to the organisation (Krishnaswamy, 2018).
Basically, the risks involve three main factors which are:
What is the asset’s importance in risk?
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The criticality of the risk?
The vulnerability of the system to the threat?
These factors can be used to determine the risk. It is about the constructs that are logical and
not the numbers.
Risk = Asset * vulnerability * threats
There are various different methods to collect the information for accessing the risks. just for
an instance.
a) Data owners, interview management and other employees.
b) Reviewing the documents.
c) Analysing the infrastructure and system.
Steps to be followed, to begin with, the risk assessment: -
1) Identification of threats
2) Identification of potential consequences
3) Assess the likelihood and identify the vulnerability
4) Assessing risk
5) Creating a risk management plan as shown: -
8
The vulnerability of the system to the threat?
These factors can be used to determine the risk. It is about the constructs that are logical and
not the numbers.
Risk = Asset * vulnerability * threats
There are various different methods to collect the information for accessing the risks. just for
an instance.
a) Data owners, interview management and other employees.
b) Reviewing the documents.
c) Analysing the infrastructure and system.
Steps to be followed, to begin with, the risk assessment: -
1) Identification of threats
2) Identification of potential consequences
3) Assess the likelihood and identify the vulnerability
4) Assessing risk
5) Creating a risk management plan as shown: -
8
LO2 Describe IT security solutions.
P3 Identify the potential impact on IT security of incorrect configuration of
firewall policies and third-party VPNs.
Firewall policies: -
The policies of the firewall allow the system to block and also allow certain network traffic
types which are not specified. The policies decide that which feature is to be enabled and
disabled. Firewalls are cornerstones in the infrastructure of security and most of the
enterprises. It has been the most deployed for the protection of the private network
(Commentary, 2012).
The protection quality provided by the firewall is depending directly upon the quality of
policy or the firewall policies configuration. Due to the tool lacking for the process of
analysing of the firewall policies. There are many firewalls that have policy errors. An error
of firewall policies creates some security holes allowing malicious traffic to sneak into the
network of private and blocking the legitimate traffic and also disrupted in the process of
normal business. Which can lead to irreplaceability if there are no tragic consequences
(Mayfield, 2019)?
Third-Party VPN: -
In the four-slide sequence which follows, the encountered four tables top third party VPN for
using for the enterprise. It includes the golden frog and team viewer, open VPN and
PureVPN etc. the VPNs are selected from the bunch of potential VPN clients that are
surveyed across the internet and which include the respected option for commercial.
P4 Show, using an example for each, how implementing a DMZ, static IP and
NAT in a network can improve network security.
DMZ is considered as demilitarized fields equivalent to and called static ground networks. It
is really a physical sub-network which separates the local internal network from certain
networks, which interacts carelessly with internal pcs, installations and resources. The reality
of LAN with the help of the Web, therefore, continues unavailable. That is how it should be.
That is how it is, This also enables LAN security because it prevents hackers from directly
9
P3 Identify the potential impact on IT security of incorrect configuration of
firewall policies and third-party VPNs.
Firewall policies: -
The policies of the firewall allow the system to block and also allow certain network traffic
types which are not specified. The policies decide that which feature is to be enabled and
disabled. Firewalls are cornerstones in the infrastructure of security and most of the
enterprises. It has been the most deployed for the protection of the private network
(Commentary, 2012).
The protection quality provided by the firewall is depending directly upon the quality of
policy or the firewall policies configuration. Due to the tool lacking for the process of
analysing of the firewall policies. There are many firewalls that have policy errors. An error
of firewall policies creates some security holes allowing malicious traffic to sneak into the
network of private and blocking the legitimate traffic and also disrupted in the process of
normal business. Which can lead to irreplaceability if there are no tragic consequences
(Mayfield, 2019)?
Third-Party VPN: -
In the four-slide sequence which follows, the encountered four tables top third party VPN for
using for the enterprise. It includes the golden frog and team viewer, open VPN and
PureVPN etc. the VPNs are selected from the bunch of potential VPN clients that are
surveyed across the internet and which include the respected option for commercial.
P4 Show, using an example for each, how implementing a DMZ, static IP and
NAT in a network can improve network security.
DMZ is considered as demilitarized fields equivalent to and called static ground networks. It
is really a physical sub-network which separates the local internal network from certain
networks, which interacts carelessly with internal pcs, installations and resources. The reality
of LAN with the help of the Web, therefore, continues unavailable. That is how it should be.
That is how it is, This also enables LAN security because it prevents hackers from directly
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
interacting with internal pcs and any other data. Services along with proxy servers, IP
addresses and domain names system provided. You should place this DMZ network.
Not routed VLANs are used for the switch holding of the DMZ as a Host. DMZs are operated
on the public IPs but not with any personal IP addresses or any NAT. Basically, it lessens
down the effect of the Internal server and internet services. IT doesn’t contain any other
appropriate security for it. The only way to protect this kind of server comes out with the
isolated LAN servers that are provided by the public servers and this thing exposes the ports
of the DMZs. To implement DMZ, the following is the process:
a. Firstly login to the D-link.
b. Mention the correct IP router address.
c. Initially, the process should be shaved.
d. The same IP address should be used (Dandamudi, 2015).
Static IP Implementation
a. Use of 3800A
b. Creation of static router
c. 3 network should be used.
d. Intercepting command should be used.
e. If the return error is there, the gateway for the last process should be there (Malekian,
2016).
NAT Implementation
The only IP address that connects the group of networks. It works on linking with computer
and internet router.
a. Allow traffic for the transaction of data
b. A NAT address puddle should be arranged.
c. ACL name with NAT should be identified to allow PAT
d. Arrange a NAT interface (Kettlewell, 2015).
M2 Discuss three benefits to implement network monitoring systems with
supporting reasons.
Productivity can be improved using this process as network monitoring is important.
10
addresses and domain names system provided. You should place this DMZ network.
Not routed VLANs are used for the switch holding of the DMZ as a Host. DMZs are operated
on the public IPs but not with any personal IP addresses or any NAT. Basically, it lessens
down the effect of the Internal server and internet services. IT doesn’t contain any other
appropriate security for it. The only way to protect this kind of server comes out with the
isolated LAN servers that are provided by the public servers and this thing exposes the ports
of the DMZs. To implement DMZ, the following is the process:
a. Firstly login to the D-link.
b. Mention the correct IP router address.
c. Initially, the process should be shaved.
d. The same IP address should be used (Dandamudi, 2015).
Static IP Implementation
a. Use of 3800A
b. Creation of static router
c. 3 network should be used.
d. Intercepting command should be used.
e. If the return error is there, the gateway for the last process should be there (Malekian,
2016).
NAT Implementation
The only IP address that connects the group of networks. It works on linking with computer
and internet router.
a. Allow traffic for the transaction of data
b. A NAT address puddle should be arranged.
c. ACL name with NAT should be identified to allow PAT
d. Arrange a NAT interface (Kettlewell, 2015).
M2 Discuss three benefits to implement network monitoring systems with
supporting reasons.
Productivity can be improved using this process as network monitoring is important.
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Reliability can be improved using it as monitoring helps in providing a good quality
product.
Cost is most important and it is maintained in this process as in lower cost, same benefits
of high-quality network connection can be achieved for small businesses.
LO3 Review mechanisms to control organisational IT security
P5 Discuss risk assessment procedure.
1. Find out what regions could be influenced and how? Who is susceptible to injury? Day to
day failures at a low level must be minimized because they can pose a major risk. Since it is
essential to use human resources. Watching them is easier.
2. The features, behaviour or factors behind the risks of these measurements should be
understood in order to minimize the risk and Identify the hazards.
3. Keep the information file, the action schedule. And also the moment for paperwork to
execute those activities. and ancient evaluations that would assist the fresh people with links
to finish.
4. Risk assessment and precautionary analysis The magnitude and frequency of hazards need
to be monitored here. And then thereafter. to decide whether to reduce there is something to
be accomplished.
P6 Explain data protection processes and regulation as applicable to an
organisation
1. IDAM or Identity and Access Management regulate the data of people who attempt to
break their employment. Unless you are working you can't obtain somebody's personal
data.
2. Data Loss Prevention-instruments like DLP is available, which arcs are essential to
prevent breaches. Added a security coating between the personal data of both the
organization and the potential hazards.
3. Encryption organizations can tailor their encryption information to protect it from an
internal brochure. All information should be encrypted, whether they are existing or
recorded.
11
product.
Cost is most important and it is maintained in this process as in lower cost, same benefits
of high-quality network connection can be achieved for small businesses.
LO3 Review mechanisms to control organisational IT security
P5 Discuss risk assessment procedure.
1. Find out what regions could be influenced and how? Who is susceptible to injury? Day to
day failures at a low level must be minimized because they can pose a major risk. Since it is
essential to use human resources. Watching them is easier.
2. The features, behaviour or factors behind the risks of these measurements should be
understood in order to minimize the risk and Identify the hazards.
3. Keep the information file, the action schedule. And also the moment for paperwork to
execute those activities. and ancient evaluations that would assist the fresh people with links
to finish.
4. Risk assessment and precautionary analysis The magnitude and frequency of hazards need
to be monitored here. And then thereafter. to decide whether to reduce there is something to
be accomplished.
P6 Explain data protection processes and regulation as applicable to an
organisation
1. IDAM or Identity and Access Management regulate the data of people who attempt to
break their employment. Unless you are working you can't obtain somebody's personal
data.
2. Data Loss Prevention-instruments like DLP is available, which arcs are essential to
prevent breaches. Added a security coating between the personal data of both the
organization and the potential hazards.
3. Encryption organizations can tailor their encryption information to protect it from an
internal brochure. All information should be encrypted, whether they are existing or
recorded.
11
4. The incident response schedule-this is a huge method with risk identification measures.
Options for retrieval etc. and if such assaults are facing an organization. Within 72 hours,
the Data Protection Authority must publish it.
5. Management of policies: the organization must have policies to regulate and manage the
safety of its data as if risks are avoided and there will be no effects whatsoever.
M3 Summarise the ISO 31000 risk management methodology and its application
in IT security.
This methodology has two processes:
1. The framework: in this process, planning, execution, and the acting cycle is processed and
the internal elements of this process are:
a. Policies and governance
b. Program design
c. Execution
d. Reviewing
e. Improvement
2. The Process: After completing the framework, processes are initiated and using the
repetitive method of risk assessment, the structure is prepared which contains:
a. Active communication
b. Process execution
c. Oversight.
M4 Discuss possible impacts on organisation security resulting from an IT
security audit.
1. Assessment of the stream of business data: the information types and their transition
from within or out of an organization are identified in these audits. And who can
control it? And who can control it?
2. Detects susceptible elements and issue regions: shocks if an organizational structure
has a neck or possibly harmful issue.
3. They set out how the technique can be leveraged in the safety of an organization:
Their systems must fulfil the safety criteria of the organization.
12
Options for retrieval etc. and if such assaults are facing an organization. Within 72 hours,
the Data Protection Authority must publish it.
5. Management of policies: the organization must have policies to regulate and manage the
safety of its data as if risks are avoided and there will be no effects whatsoever.
M3 Summarise the ISO 31000 risk management methodology and its application
in IT security.
This methodology has two processes:
1. The framework: in this process, planning, execution, and the acting cycle is processed and
the internal elements of this process are:
a. Policies and governance
b. Program design
c. Execution
d. Reviewing
e. Improvement
2. The Process: After completing the framework, processes are initiated and using the
repetitive method of risk assessment, the structure is prepared which contains:
a. Active communication
b. Process execution
c. Oversight.
M4 Discuss possible impacts on organisation security resulting from an IT
security audit.
1. Assessment of the stream of business data: the information types and their transition
from within or out of an organization are identified in these audits. And who can
control it? And who can control it?
2. Detects susceptible elements and issue regions: shocks if an organizational structure
has a neck or possibly harmful issue.
3. They set out how the technique can be leveraged in the safety of an organization:
Their systems must fulfil the safety criteria of the organization.
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.