Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

COM2067 - Security Risk Analysis: MGB Ltd's Social Security System

Verified

Added on 2023/06/12

AI Summary

This report presents a comprehensive risk analysis of MGB Ltd's social security system, addressing key aspects such as asset valuation, threat identification, vulnerability assessment, and countermeasure implementation. The analysis covers various risks, including unavailability of services, loss of assets, unauthorized disclosure, and unauthorized modification. It details the process of identifying and valuing assets, determining potential threats like software bugs and unauthorized access, and assessing the effectiveness of existing countermeasures. The report also discusses the impact of threat occurrences, categorizing losses as modification, disclosure, denial of service, and destruction, and proposes risk control strategies, including risk prevention, impact reduction, early detection, and recovery. Furthermore, the report touches upon ethical and social issues in IT security, challenges such as cybercrime, and the importance of system ethics, concluding with the need for continuous risk management to protect company assets and maintain information security. The report also mentions the use of GnuPG and the design of a security-related application.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

PART 1
Key pair generated successfully

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

PART-2
Introduction:
Security of any organization is determined by security risk analysis which is also known
as risk assessment .100 % security is not assured by security risk analysis. Risk analysis consist of
checking system vulnerabilities and the threats facing it. These are the major part in risk assessment
program. Risk analysis ensure that controls and cost are fully commensurate with the risks to which
industry is exposed. Two important approaches in risk analysis one is quantitative another one is
qualitative. Qualitative risk analysis methods uses these elements threats, vulnerabilities, controls.
Quantitative risk analysis is based on unreliability and inaccuracy of data. Risk assessment on
business objectives is based on following features, key assets must be focused, and prevention and
production against threats .unavailability of services and facilities, loss of assets, unauthorized
disclosure and unauthorized modification are known as risk. Using cyber security risk assessment
techniques we can identify the various information assets that could be affected by vulnerability.
Cyber-attack on hardware, software, laptops, systems, personal data affect those assets. Risk is
reduced only through risk assessment. Organization must develop assessment criteria and assess
the risk and also prioritize the risk then finally avoid those risk.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Risk Analysis
Risk Analysis Terminology
Asset-Anything with value and in need of protection
Threat –An action which causes damage on assets.
Vulnerability - Being attacked or harmed, either physically or emotionally.
Countermeasure - Any action with the ability to reduce attack and vulnerability.
Expected Loss –loss due to attack and vulnerability
Risk analysis
Current level of risk is identified through examination on vulnerabilities, threats, assets. And
using countermeasures reduce the risk. First step of risk analysis is to identify and assign a value
to the assets in need of protection. Here significant factor is value of assets .Hardware, people,
data, software, documentation, supplies are affected by security problem. The first step is we have
to identify which are affected and we have to create a list. Cost, sensitivity and mission critically
these are the values of assets. Second step is to identify the threats. Threats are software bug,
unauthorized access, denial of service and misconfigured systems. Risk analysis process is used to
determine whether the countermeasures are active and effective.
Prepare a risk analysis report
The risk analysis process is used for minimizes the risk and identify the cost to each
countermeasures. Writing a security risk analysis report is biggest challenge. Organization only
focus on summary information and only focus on technical part. These report includes system
connectivity, the use of environment , applicable threats and their frequency, data sensitivity
level, residual risk, detailed annual loss and expectancy calculations.

The level of vulnerability decreases as countermeasures increase.
Determine the Impact of Threat Occurrence
When vulnerability occurs, assets are losses. The losses are categorized as
Modification, Disclosure, Denial of service, Destruction and Modification.
Disclosure
Confidentiality issues is referred as disclosure. Personal information is leaked or unauthorized
person access the personal information.
Modification
This is occurred when the original message is modified by the effect of threats. Threats modify
the content of database causes loss of assets.

Destruction
Original message is damaged due to threats activity. Intruders hack the database and damage the
system causes loss of assets. Data is un-available due to attack is called destruction.
Vulnearability assesment
The Vulnerabilities are mainly used to attack the specific threats of the different Organization.
The Main purpose is to exploit the attack of an information asset. The Organization are used to
list asserts and vulnerabilities. The vulnerability are mainly explain to examine the each threats
of the Organization. Identification process are best one justify the customer and the Organization
work is serious one.
SD
Firewall
Certificates
PKI
System Audits
Physical Security
Redundant Array of
Inexpensive Drives (RAID)
Uninterrupted Power
Supply (UPS)
SD
Professional Workstation 6000
PRO
Tape Backups
User Training
Password Protection
Countermeasures
System Certification and Accreditation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Risk assesment
Using risk assenment process we can determine risk and vulnerabilities.,Risk assesment
procss assigns a value to each specific informationj assets .Likelihood,uncertaninty,value of
information assets and percent of risk are the estimate factors of risk.

RISK = vulnerabilty of occurrences
Risk Control Strategy
• Risk prevention
• Reduction of impact
• Reduction of likelihood
• Early detection
• Recovery
• Risk transfer
• Fits company culture
• Flexible
• Easy and quick to use
• Modelling capability
• Secure
Avoidance, loss prevention, loss reduction, Separation, duplication and diversification are the
fundamental techniques for risk control.
Vulnerability
Threat
Countermeasures
Risk
Management

The additional details needed for the design of the system.
Access control techniques
 DAC
 MACs
 NDC
Discretionary Access Control are implemented by the database user. MACs is an expansion of
Mandatory access controls. NDC is an expansion of Non-discretionary controls. Lattice based
control is another type of Non-discretionary. The structure of lattice based control is matrix. The
structure have rows and columns. Row is referred to subject .Colum is referred to objects.
Specific Requirements
 Use at any stage of Project Life Cycle
 Identify all or selected risks
 Classify systems and projects
 Countermeasure guidance
 Audit trail
Organization must do
Information security risk criteria is identified, established and maintained. Repeat risk
assessment process to ensure the consistent, valid and comparable results. Protect the company
from knowable challenges is done by risk assessment Evaluating the potential, financial damages
and loss of assets. Understand mission and objectives of an organization and risk associated with.
Take risk assessment to generate value. Company must follow weakly risk assessment process to
generate value to protect from loss assets.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information Asset Valuation
Identify which information asset is success for the organization. Identify which information
asset produce the most revenue. . Identify which information asset produce the most profitability.
Identify which information asset would be the most expensive to replace. Identify which
information asset would be the most expensive to protect. Identify which information asset
would be the most cause the greatest liability. The below diagram show information asset
valuation process.

Security Risk Management:
The Risk Management is one of the important process for the Organization. The
process contain the controlling of threats of a business organization. The threats from a large
different of information, including organization Errors. Finally, a risk management increasing a
process for finding the treats and sophic character.
Risk Management contains two types are given below:
 Risk Authority
 Risk Determination
1. Risk Authority:
Risk Authority is used for the important concepts for the System Security. Risk
authority applying the Control to remit the risk to an Organization. Thus the reduce risk are
applicable for the data and information of the organization business.
2. Risk Determination:
Risk Determination is used to identify the Current information of the System. It’s
mainly used for the determining the data from the Organization. Risk management
identifying the knowledge of the organization and clarifying the organization attack. The
threats are important one for the Organization System, the large number of the threats are
attacked by assets.
Conformation determination and Valuation:
The following process involving the determination are given below:
 User
 Information and data
 System Software
 System Hardware
 Networking

The Components of the Risk Identification
Classification Asset Information:
Classification is the important one for the Organization. It’s mainly used to identify the
data Classification. E.g. security, internal, privacy, information .Most of the Organization must
be specified the Components and find out the levels of the organization. The levels must be
present in the Organization are mutually exclusive and spacious one.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Data Classification and Management:
Many of the Organization are widely used for the Schemes. They are different types of
the Classification Schemes are used to Financial Organization and military organization. The
Information are handled by the owners. The owners are fully responsible for identify and classify
their information asserts. The Information of the organization are mainly focused for the
Classification and must be analysis sequentially. Many of the Organization do not give the full
view level of the Classification. Thus the classification are used by the military and financial
Organization. The important one for the Organization need to identify the data and Security.
Risk control:

The following Vulnerability Components are given below:
 Avoidance
 Transference
 Mitigation
 Security
 Privacy
 Acceptance
Avoidance:
The Vulnerability are Control the levels of the Organization Exploitation.
Risk Avoidance are mainly prepared the following Condition are given below:
 Counting the Threats
 Limiting number of the threats.
 Adding the threats for Protection.
The Three methods of Avoidance are given below:
 Education and Research
 Technology
 Privacy and Policy
Transference:
Transference is mainly used for the transfer the one asserts to other asserts.In this
approach are mainly used for the organization. Many of the organization contains the Complex
risk to transferred one to another System Organization. Organization are acting as individual
thinking and should provide the Security Management and organization Experience.
Mitigation: Mitigation are used to reduce Vulnerability. They are more number of impacts
are consider through Analysis and Requirements process. They are the three types of Mitigation
are given below:

 IRP
 DRP
 BCP
The Mitigation types are explained detailed:
DRP stands for Disaster recovery Plan are the important one of the Mitigation
Process. Thus the DRP are working in a progress, in this action take to define the IRP. BCP
working is continuously of the Military Organization, thus process working periodically, if
complex or earthquake events are Occurs.
Benchmarking:
Benchmarking is the one of approach to manage the Risk. It is another type of the
Risk Analysis and Management. Benchmarking is the purpose for the Studying the Organization.
It could be generated the duplicate one, that could be desired the own.
Benchmarking used two measures are given below:
 Metrics based measures
 Process based measures

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Ethical and Social Issues of Security in Information Technology:
Information is mainly used for the current world. Many of the Organization are working
great full today, some Companies are Facebook, Google. Many of the organization are using
wrong way. Thus the Organization create a problems for the employees.
Challenges of the System Security:
 Cyber Crime
 System Ethics
 ICT
Cyber Crime:
Information technology are widely used for the Crime. It could range from the
personal computer system to very large area of the financial Organization. Cyber Crime are
widely used to loss the Human life. Many of the new technology growth are connected to the
internet. Thus the growth of the technology are contributed to encourage the Cyber Crime.

Cyber Crime Types:
 Identity theft
 Identity fraud
 Copyright Infringement
 Hacking
 Computer Virus
Identity Theft:
The identity theft is one of contribution to grow the Cyber Crime. The Cyber Criminal
hack someone personal details. Some criminal hack the personal details like passbook numbers,
passport numbers, debit card and credit card.
Hacking:
Hacking is the part of the Cyber Crime. The hacker access the Unauthorized System. The
hacker attack once the personal system, to gathering the whole information of the System users.
Computer Virus:
Virus is one part of the program. Virus are attacking the System, it could be causes the
some problems and re-stored the information. Viruses is the Unauthorized programs, it could be
used any users.
System Security:
System Security are used to protect the unauthorized person. In computer System, the
System security is weakness. It’s very useful for the hacker, easily attack the System to gathering
the information easily.

System Ethics:
Ethics is one of the important for the people. Thus ethics are referred, to guide the
people to taking the correct decision. Ethics are widely used to guide the people to take the Right
or wrong decision. In information system, ethics are used to protect the System individually.
Information system is responsible for the System Security.
Conclusion
Risk management is not an event it’s a continual process. If risk management is
performed properly it could be a powerful tool that enables organization run risk free and
maximize their value creation. You need not fear about the result if you know yourself and
enemy. Hundred percentage security is not assured by security risk analysis.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Administration and Finance. (2018). Information Security Risk Assessment
Guidelines. [online] Available at: http://www.mass.gov/anf/research-and-
tech/cyber-security/security-for-state-employees/risk-assessment/risk-assessment-
guideline.html [Accessed 19 May 2018].
Anon, (2018). [online] Available at: https://www.csiweb.com/industries-we-
serve/financial-institutions/regulatory-compliance/services/cybersecurity-risk-
assessment [Accessed 19 May 2018].
Anon, (2018). [online] Available at:
https://www.sciencedirect.com/science/book/9780128002216 [Accessed 19 May
2018].
Cyber security risk management at the Bonnevile Power Administration. (2008).
[Washington, D.C.]: U.S. Dept. of Energy, Office of Inspector General, Office of
Audit Services.
Green, P. (n.d.). Enterprise Risk Management.
Nr.no. (2018). [online] Available at: https://www.nr.no/~abie/RA_by_Jenkins.pdf
[Accessed 19 May 2018].
SearchSecurity. (2018). Cybersecurity risk assessment: a basic framework. [online]
Available at: https://searchsecurity.techtarget.com/Cybersecurity-risk-assessment-
a-basic-framework [Accessed 19 May 2018].
Security-risk-analysis.com. (2018). Introduction to Security Risk Analysis & Security
Risk Assessment. [online] Available at: http://www.security-risk-
analysis.com/introduction.htm [Accessed 19 May 2018].
Trim, P. and Lee, Y. (2016). Cyber security management. London: Routledge.
Walsh, T. (2018). Security Risk Analysis and Management: An Overview (2013
update). [online] Library.ahima.org. Available at:
http://library.ahima.org/doc?oid=300266#.Wv_0qe6FPcs [Accessed 19 May
2018].