ITC-596 IT Risk Management: A Comprehensive Cybersecurity Report
VerifiedAdded on 2024/06/27
|22
|6941
|382
Report
AI Summary
This report provides a comprehensive assessment of IT risk management for Gigantic Corporation, focusing on cybersecurity threats and vulnerabilities. It details the scope of risk assessment, including threat agents and potential consequences, and suggests mitigation measures through specific policies. The report covers informational compromises, highlighting the importance of protecting information assets and outlines recommendations for management, such as keeping software updated, enabling VPNs, and conducting employee training programs. It further classifies information assets, identifies threats based on probability, and emphasizes the need for strong cybersecurity practices to safeguard against financial, legal, and business risks. This document is available on Desklib, a platform that provides study tools for students.
ASSESSMENT ITEM: 3
SUBJECT: ITC-596 IT RISK MANAGEMENT
LECTURER:
STUDENT NAME:
STUDENT ID:
SUBJECT: ITC-596 IT RISK MANAGEMENT
LECTURER:
STUDENT NAME:
STUDENT ID:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Executive Summary
Gigantic Corporation is working on this issue of cybersecurity from long period of time and also
has controlled the security of certain activities conducted only by using the proposed
mechanisms and frameworks against the cyber-attacks such as creating money through
performing certain threats, access to the company’s personal and confidential information, many
other companies or organizations are developing their own hackers which are responsible for
getting the inside information of the other competitive and successful IT companies by knowing
their secrets, their USP etc. Such threats should never be overlooked as these actions can be from
anyone within or outside the company. The technical level of the risk associated with internet or
cyber is growing gradually. The risk or the problem which was earlier a major one in the
previous year, may not be that major by this year because of the remedies and thoughtful
solutions for that problems but now the other new risk and security issues have developed for
which the solutions are required to be developed. So this responsibility for managing the risks
should be well managed by the higher authorities or experts who as assigned specifically to
handle such issues in the corporation’s (Yasin, et. al., 2018).
This report covers the scope of risk assessment, overview of risk assessment, the threats and the
vulnerabilities of the cybersecurity along with the consequences and impact of these threats on
the Gigantic Corporation. Various measures are also suggested to mitigate these vulnerabilities
and threats by the adoption of the specific policies.
A risk management overview is also detailed below which provides the assessment approach,
key threat agents, types of the threats with the description by dividing its impact in the category
of high, medium, low.
Informational Compromises
Comprising the information assets of the company can lead to the damage in the coming future
for the company. There should be no negligence on the part of the organization like for example
if any error or mistake done by the employee or even by an outsider can have a long-lasting
impact on the growth of the business. Informational compromises include:
It causes loss of productivity.
It causes reputational damage.
It may hamper intellectual property loss.
Cyber-attacks may leave an impact on the profits.
Adverse media coverage can be faced by the corporation.
It will lead to a reduction in a competitive market.
To protect or to avoid any of the above situations it is very important to make sure that the expert
or the lead of the cybersecurity is well aware of all the activities being carried out in the
organization and also must have the up to date information regarding the threats and the
vulnerabilities for avoiding any kind of risk or threats related to the business organization.
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
Gigantic Corporation is working on this issue of cybersecurity from long period of time and also
has controlled the security of certain activities conducted only by using the proposed
mechanisms and frameworks against the cyber-attacks such as creating money through
performing certain threats, access to the company’s personal and confidential information, many
other companies or organizations are developing their own hackers which are responsible for
getting the inside information of the other competitive and successful IT companies by knowing
their secrets, their USP etc. Such threats should never be overlooked as these actions can be from
anyone within or outside the company. The technical level of the risk associated with internet or
cyber is growing gradually. The risk or the problem which was earlier a major one in the
previous year, may not be that major by this year because of the remedies and thoughtful
solutions for that problems but now the other new risk and security issues have developed for
which the solutions are required to be developed. So this responsibility for managing the risks
should be well managed by the higher authorities or experts who as assigned specifically to
handle such issues in the corporation’s (Yasin, et. al., 2018).
This report covers the scope of risk assessment, overview of risk assessment, the threats and the
vulnerabilities of the cybersecurity along with the consequences and impact of these threats on
the Gigantic Corporation. Various measures are also suggested to mitigate these vulnerabilities
and threats by the adoption of the specific policies.
A risk management overview is also detailed below which provides the assessment approach,
key threat agents, types of the threats with the description by dividing its impact in the category
of high, medium, low.
Informational Compromises
Comprising the information assets of the company can lead to the damage in the coming future
for the company. There should be no negligence on the part of the organization like for example
if any error or mistake done by the employee or even by an outsider can have a long-lasting
impact on the growth of the business. Informational compromises include:
It causes loss of productivity.
It causes reputational damage.
It may hamper intellectual property loss.
Cyber-attacks may leave an impact on the profits.
Adverse media coverage can be faced by the corporation.
It will lead to a reduction in a competitive market.
To protect or to avoid any of the above situations it is very important to make sure that the expert
or the lead of the cybersecurity is well aware of all the activities being carried out in the
organization and also must have the up to date information regarding the threats and the
vulnerabilities for avoiding any kind of risk or threats related to the business organization.
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
The types of individual vary as per the need and requirement for the fraud. To overcome or to
face such threats prevailing in the corporation should be handled by increasing the risk
management strategies and plans along with the awareness among the employees and the
specialists or experts who are specifically hired for ensuring the cybersecurity in the corporation.
Risks can be related to the financial, legal or any other business risks which could lead to loss of
critical information. The key to mitigating such risks involves having the proper knowledge and
information about the activities of the corporation, finding the appropriate solutions to overcome
the problems.
What is basically Information?
Information is said to be the data or the information about the particular people, system or the
entire organization. It is generally considered as the lifeblood of the organization. With the
growing automation and dependency among the various sectors of the business corporation, the
disturbance in any one of the sector can lead to the destruction of the overall IT business.
Information is said to be present everywhere from customers to employees to stakeholders.
Information is stored in the business systems related to the management, customer relationship
information. Operational systems, ensuring protection, safety, and the process control
mechanism for the overall organization. All these above-stated areas need to be considered while
identification of the information assets. All the activities in the business contain a certain amount
of relevant information or data it can either be user access to the information, corporate
management decisions, and process control systems operational networks. All these information
should be review and evaluated deeply to know the proper mitigation solutions and coming up
with the appropriate and successful solutions to ensure the cybersecurity.
Recommendations
The recommendations which are beneficial for the management are detailed below:
Keeping all the software updated to avoid the inbound of threats and attacks in the
system.
Keep the applications in the updated version as per the stated guidelines.
Enabling VPN (virtual private network) in the computer systems.
Taking the back-up of the data from the system on regular basis to avoid any future
problems.
Enabling and installing various virus and attack detection software such as application
firewall and network firewall which helps in the prevention of attacks and threats.
Framing up of better policies, procedures, and standards which are supported by the
cybersecurity.
Conduction of the training programs for the employees in the corporation regarding the
cybersecurity.
Formulation of the cybersecurity proposed plan which helps in avoiding the future
mistakes which have been repeated earlier.
Using smart password while setting the credentials for the system or any files which
cannot be easily hacked by the hackers.
should be done to keep the track record of these individuals. These individuals may include:
The types of individual vary as per the need and requirement for the fraud. To overcome or to
face such threats prevailing in the corporation should be handled by increasing the risk
management strategies and plans along with the awareness among the employees and the
specialists or experts who are specifically hired for ensuring the cybersecurity in the corporation.
Risks can be related to the financial, legal or any other business risks which could lead to loss of
critical information. The key to mitigating such risks involves having the proper knowledge and
information about the activities of the corporation, finding the appropriate solutions to overcome
the problems.
What is basically Information?
Information is said to be the data or the information about the particular people, system or the
entire organization. It is generally considered as the lifeblood of the organization. With the
growing automation and dependency among the various sectors of the business corporation, the
disturbance in any one of the sector can lead to the destruction of the overall IT business.
Information is said to be present everywhere from customers to employees to stakeholders.
Information is stored in the business systems related to the management, customer relationship
information. Operational systems, ensuring protection, safety, and the process control
mechanism for the overall organization. All these above-stated areas need to be considered while
identification of the information assets. All the activities in the business contain a certain amount
of relevant information or data it can either be user access to the information, corporate
management decisions, and process control systems operational networks. All these information
should be review and evaluated deeply to know the proper mitigation solutions and coming up
with the appropriate and successful solutions to ensure the cybersecurity.
Recommendations
The recommendations which are beneficial for the management are detailed below:
Keeping all the software updated to avoid the inbound of threats and attacks in the
system.
Keep the applications in the updated version as per the stated guidelines.
Enabling VPN (virtual private network) in the computer systems.
Taking the back-up of the data from the system on regular basis to avoid any future
problems.
Enabling and installing various virus and attack detection software such as application
firewall and network firewall which helps in the prevention of attacks and threats.
Framing up of better policies, procedures, and standards which are supported by the
cybersecurity.
Conduction of the training programs for the employees in the corporation regarding the
cybersecurity.
Formulation of the cybersecurity proposed plan which helps in avoiding the future
mistakes which have been repeated earlier.
Using smart password while setting the credentials for the system or any files which
cannot be easily hacked by the hackers.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Executives should be involved in the cybersecurity issues and decisions because this
issue needs to be considered well while taking the important decisions by the upper-level
management.
issue needs to be considered well while taking the important decisions by the upper-level
management.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Executive Summary.........................................................................................................................1
1. Introduction.............................................................................................................................. 5
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:.......................................7
2.1 Risk Assessment.................................................................................................................... 7
2.2 Threat Agents....................................................................................................................... 12
2.3 Vulnerabilities...................................................................................................................... 14
2.4 Recommendations................................................................................................................ 16
2.5 Mitigation Measures............................................................................................................ 17
2.6 Areas of Vulnerabilities in the Organization.......................................................................20
2.7 Threats and the impacts of threats........................................................................................20
3. Summary................................................................................................................................ 22
4. Conclusion..............................................................................................................................23
Executive Summary.........................................................................................................................1
1. Introduction.............................................................................................................................. 5
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:.......................................7
2.1 Risk Assessment.................................................................................................................... 7
2.2 Threat Agents....................................................................................................................... 12
2.3 Vulnerabilities...................................................................................................................... 14
2.4 Recommendations................................................................................................................ 16
2.5 Mitigation Measures............................................................................................................ 17
2.6 Areas of Vulnerabilities in the Organization.......................................................................20
2.7 Threats and the impacts of threats........................................................................................20
3. Summary................................................................................................................................ 22
4. Conclusion..............................................................................................................................23
1. Introduction
Many business organizations, universities, and financial institutions are storing their private and
confidential data and information related to the business on their computers. This data and
information are shared among the various people with the help of internet. The internet has
facilitated the transferring and sharing of information from one person or organization to another
but the same internet is also giving rise to the problem of security. This rapid growth or the
internet is also growing the cyberattacks which result in a huge loss of data and information for
the business organizations.
Cybersecurity is basically termed as the introduction of the various mechanisms or frameworks
which help in protecting the computer hardware, computer software, various networks and
unauthorized access to data and information. Cybersecurity aims at protecting the network
equipment and internet from the various attacks and viruses which are said to be harmful to the
computer and aims at destroying the information or data stored in the computer which is very
important for the business organizations. Internet in today’s life plays a major role and is
considered to be very beneficial as it helps in promoting the business online, it facilitates the
communication among the people, and various financial transactions are conducted online with
the help of the internet. As the internet is providing us with a lot of benefits, it is also providing
the benefits to the people who are connected with the terrorism. It helps them in the gathering of
confidential and secret information; it also facilitates the dissemination of information among the
various people or group of people with the help of internet.
Cybersecurity is said to be the important part as it helps in protecting the individuals from the
online frauds. For the transactions related to finance which are generated the online certain
amount of risk is attached with that which requires financial security. It is very essential that all
the users of the internet should understand the ways or methods to protect themselves from the
online frauds and ensure cyber security. While working for the Gigantic Corporation as the IT
risk assessment lead consultant it is my duty or responsibility to ensure that all the activities
taking place online by the various stakeholders and technologist is conducted securely and safely
by avoiding any kind of threats which are harmful for the overall corporation. Cybersecurity
needs to be considered very seriously in the organization as it has the impact on the decisions
being made at the higher level.
1.1 Cyberspace:
Cyberspace is a virtual space which uses the electromagnetic spectrum and electronics which
help in storing, modification and exchange of information with the help of the network system. It
is basically an intangible place where the communication and various other activities which are
related to the internet take place. It is called to be expandable and borderless which has no
boundaries. With the growing type is growing gradually by providing a platform for sharing their
ideas, services, views and conduct the business activities online.
Many business organizations, universities, and financial institutions are storing their private and
confidential data and information related to the business on their computers. This data and
information are shared among the various people with the help of internet. The internet has
facilitated the transferring and sharing of information from one person or organization to another
but the same internet is also giving rise to the problem of security. This rapid growth or the
internet is also growing the cyberattacks which result in a huge loss of data and information for
the business organizations.
Cybersecurity is basically termed as the introduction of the various mechanisms or frameworks
which help in protecting the computer hardware, computer software, various networks and
unauthorized access to data and information. Cybersecurity aims at protecting the network
equipment and internet from the various attacks and viruses which are said to be harmful to the
computer and aims at destroying the information or data stored in the computer which is very
important for the business organizations. Internet in today’s life plays a major role and is
considered to be very beneficial as it helps in promoting the business online, it facilitates the
communication among the people, and various financial transactions are conducted online with
the help of the internet. As the internet is providing us with a lot of benefits, it is also providing
the benefits to the people who are connected with the terrorism. It helps them in the gathering of
confidential and secret information; it also facilitates the dissemination of information among the
various people or group of people with the help of internet.
Cybersecurity is said to be the important part as it helps in protecting the individuals from the
online frauds. For the transactions related to finance which are generated the online certain
amount of risk is attached with that which requires financial security. It is very essential that all
the users of the internet should understand the ways or methods to protect themselves from the
online frauds and ensure cyber security. While working for the Gigantic Corporation as the IT
risk assessment lead consultant it is my duty or responsibility to ensure that all the activities
taking place online by the various stakeholders and technologist is conducted securely and safely
by avoiding any kind of threats which are harmful for the overall corporation. Cybersecurity
needs to be considered very seriously in the organization as it has the impact on the decisions
being made at the higher level.
1.1 Cyberspace:
Cyberspace is a virtual space which uses the electromagnetic spectrum and electronics which
help in storing, modification and exchange of information with the help of the network system. It
is basically an intangible place where the communication and various other activities which are
related to the internet take place. It is called to be expandable and borderless which has no
boundaries. With the growing type is growing gradually by providing a platform for sharing their
ideas, services, views and conduct the business activities online.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:
2.1 Risk Assessment
Risk assessment is the process of identification of threats and analyzing those threats by
conducting the deep evaluation. Risk assessment lowers down the chances of errors, by
eliminating the wastage of time, resources and efforts. Things included in the risk assessment
involve:
Identification of the various assets which are prone to be affected by the cyber attacks.
Identifying the type of risks which is affecting the assets.
An estimation and evaluation of the risk are performed.
Monitoring and reviewing of the risk environment are necessary.
Before giving the detail explanation about the various vulnerabilities and threats, it is important
to understand that what these terms refer to with respect to the cybersecurity in IT companies.
For the companies like Gigantic Corporation and other IT companies which are prone to the
various cyber risks. Vulnerability refers to the fault or the weakness which is leading to the
exposure of threats or attacks in the business organization. The threat is referred to as the terms
used for the people or objects which are in danger via attacks. Management should always be
well aware of the various kinds of threats which organization is facing or may face in the coming
future. These threats can be identified by proper examination, an evaluation which can be done
by framing proper protocols and policies among the corporation. Proper training should be given
to control and identify these threats. The table given below describes the various kinds of threats
prevailing in the IT companies along with the certain other details which related to these threats
(Smith, 2018).
The risk assessment is detailed below:
Classification of information: The information is classified in the organization. Classification
basically means classifying the data on the basis of a certain category. Information assets include
the categories which involve the recording of critical data, customer interfaces. It is the
responsibility of the organization to ensure the confidentiality, availability, and integrity of the
information. Information can be stored onsite or offsite. The classification of the information
should be considered as the central list. Policies and regulations should be framed related to the
classification of the document. The employees should also be well aware and educated about the
same.
Identification of threats: The identification of threats is the next step which comes after the
classification of information. Threats can be assessed on the basis of the probability and the
occurrence of the attacks in the system. There are varieties of information threats which can
destruct the system. These threats include internal threats, physical threats, natural threats, threats
related to the network, social threats, and malicious threats. It is very important for the
organization to be aware of the threats in order to exempt the threats. These threats can be
identified at each and every level of the corporation.
Identification of Vulnerabilities: Vulnerabilities are weaknesses which exist within the
organization. These vulnerabilities need to be identified and avoided to decrease the chances of
threats and attacks. The vulnerabilities can be related to the various issues such as confidential
2.1 Risk Assessment
Risk assessment is the process of identification of threats and analyzing those threats by
conducting the deep evaluation. Risk assessment lowers down the chances of errors, by
eliminating the wastage of time, resources and efforts. Things included in the risk assessment
involve:
Identification of the various assets which are prone to be affected by the cyber attacks.
Identifying the type of risks which is affecting the assets.
An estimation and evaluation of the risk are performed.
Monitoring and reviewing of the risk environment are necessary.
Before giving the detail explanation about the various vulnerabilities and threats, it is important
to understand that what these terms refer to with respect to the cybersecurity in IT companies.
For the companies like Gigantic Corporation and other IT companies which are prone to the
various cyber risks. Vulnerability refers to the fault or the weakness which is leading to the
exposure of threats or attacks in the business organization. The threat is referred to as the terms
used for the people or objects which are in danger via attacks. Management should always be
well aware of the various kinds of threats which organization is facing or may face in the coming
future. These threats can be identified by proper examination, an evaluation which can be done
by framing proper protocols and policies among the corporation. Proper training should be given
to control and identify these threats. The table given below describes the various kinds of threats
prevailing in the IT companies along with the certain other details which related to these threats
(Smith, 2018).
The risk assessment is detailed below:
Classification of information: The information is classified in the organization. Classification
basically means classifying the data on the basis of a certain category. Information assets include
the categories which involve the recording of critical data, customer interfaces. It is the
responsibility of the organization to ensure the confidentiality, availability, and integrity of the
information. Information can be stored onsite or offsite. The classification of the information
should be considered as the central list. Policies and regulations should be framed related to the
classification of the document. The employees should also be well aware and educated about the
same.
Identification of threats: The identification of threats is the next step which comes after the
classification of information. Threats can be assessed on the basis of the probability and the
occurrence of the attacks in the system. There are varieties of information threats which can
destruct the system. These threats include internal threats, physical threats, natural threats, threats
related to the network, social threats, and malicious threats. It is very important for the
organization to be aware of the threats in order to exempt the threats. These threats can be
identified at each and every level of the corporation.
Identification of Vulnerabilities: Vulnerabilities are weaknesses which exist within the
organization. These vulnerabilities need to be identified and avoided to decrease the chances of
threats and attacks. The vulnerabilities can be related to the various issues such as confidential
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
issues, availability issue, and integrity issue. These issues must be well measured. A detail
description regarding the vulnerabilities is detailed below in the vulnerability section along with
its consequences.
Analyzing risk to information assets: Risk needs to be analyzed regarding the information
stored. If the information is confidential, then the authorized access should be granted for that
information. Such information should be well secured by people who are the competitors,
intruders. People may try to get the information by the wrong means or may also receive the
private information by accident or even the system can be attacked by the malicious attacks
which may result in loss of information? Risk can be calculated as:
Risk = (Probability of a threat occurring against any asset)* (the value of the asset)
The above equation can be summed up as; if the asset does not contain any value the risk
attached will be zero. If the assets consist of some valuable information then the risk will also be
higher
Selection of the method: Method needs to be selected for the measurement of the risk. There are
many types of methods; corporation has to select the best method among the various
methodologies as per the need and requirement. For the selection of the method, the organization
has to understand the security risk related to the information assets. The actions considered by
the corporation may depend upon the level of risk bearded by the organization. The measurement
of the risk can be done by dividing the risk on the basis of its impact. For example Risk can be
divided in form of low, medium and high on the basis of its impact.
The table given below states the threats along with the threat agents. It also displays the
description of the threats showcasing the threat assessments value.
S.NO Threats Threat Agents Description Threat
Assessment
Value
1. Viruses and
Malicious codes
Malicious attacker This threat is harming the
system in order to gain the
unauthorized access to the
computer system to extract the
information or personal data.
3
2. Jamming and
Blocking
Hackers Jamming is performed with the
help of radio transmission
which allows unauthorized
access for reading some
personal documents. It
basically leads to leakage of
sensitive and private
information from the system.
3
3. Function Creep Commercial
establishments
Function creep is the threat
when the information collected
4
description regarding the vulnerabilities is detailed below in the vulnerability section along with
its consequences.
Analyzing risk to information assets: Risk needs to be analyzed regarding the information
stored. If the information is confidential, then the authorized access should be granted for that
information. Such information should be well secured by people who are the competitors,
intruders. People may try to get the information by the wrong means or may also receive the
private information by accident or even the system can be attacked by the malicious attacks
which may result in loss of information? Risk can be calculated as:
Risk = (Probability of a threat occurring against any asset)* (the value of the asset)
The above equation can be summed up as; if the asset does not contain any value the risk
attached will be zero. If the assets consist of some valuable information then the risk will also be
higher
Selection of the method: Method needs to be selected for the measurement of the risk. There are
many types of methods; corporation has to select the best method among the various
methodologies as per the need and requirement. For the selection of the method, the organization
has to understand the security risk related to the information assets. The actions considered by
the corporation may depend upon the level of risk bearded by the organization. The measurement
of the risk can be done by dividing the risk on the basis of its impact. For example Risk can be
divided in form of low, medium and high on the basis of its impact.
The table given below states the threats along with the threat agents. It also displays the
description of the threats showcasing the threat assessments value.
S.NO Threats Threat Agents Description Threat
Assessment
Value
1. Viruses and
Malicious codes
Malicious attacker This threat is harming the
system in order to gain the
unauthorized access to the
computer system to extract the
information or personal data.
3
2. Jamming and
Blocking
Hackers Jamming is performed with the
help of radio transmission
which allows unauthorized
access for reading some
personal documents. It
basically leads to leakage of
sensitive and private
information from the system.
3
3. Function Creep Commercial
establishments
Function creep is the threat
when the information collected
4
for some purpose is used for
some another purpose than the
basic purpose which leads to
the extraction of data with the
wrong intentions or motives
which can be harmful to the
company as it may lead to
leaking out some personal or
confidential information.
4. Denial of
service attack/
Buffer overflow
Corporate raiders,
hackers,
professionals.
It aims at creating disruption of
services in the organization for
fun or for the achievement of
the illegal or political goals. It
is also known as the buffer
overflow.
3
5. Bypass
authentication/
Spoofing of
credentials
Professionals,
corporate raiders, an
employee in the
corporation
This step involves moving one
step forward for the sabotage
or penetration of the
information with the
permission of the user.
5
6. Trivialization of
unique
identifiers
Commercial
establishments
This threat is defined as using
the fingerprints of some
individual for some
unauthorized access to certain
documents or information.
4
7. Low acceptance
of equipment or
device
Employees Some systems or devices face
the problem of low acceptance
of input such as biometrics in
case of fingerprints which is
generally linked to a criminal
investigation.
4
The threats detailed above are some of the basic threats which prevail in any organization which
raises the issue of security in the company. These threats are some basic threats such as
unauthorized access to personal data or information. Various other threats also prevail such as
profiling, side channel attack, social engineering attack etc. These threats violate the information
(El Mrabet, et. al., 2018).
Various exposures which are leading to threats are detailed below:
Spam
Phishing
Malware
Spyware
Proxies
Adware
some another purpose than the
basic purpose which leads to
the extraction of data with the
wrong intentions or motives
which can be harmful to the
company as it may lead to
leaking out some personal or
confidential information.
4. Denial of
service attack/
Buffer overflow
Corporate raiders,
hackers,
professionals.
It aims at creating disruption of
services in the organization for
fun or for the achievement of
the illegal or political goals. It
is also known as the buffer
overflow.
3
5. Bypass
authentication/
Spoofing of
credentials
Professionals,
corporate raiders, an
employee in the
corporation
This step involves moving one
step forward for the sabotage
or penetration of the
information with the
permission of the user.
5
6. Trivialization of
unique
identifiers
Commercial
establishments
This threat is defined as using
the fingerprints of some
individual for some
unauthorized access to certain
documents or information.
4
7. Low acceptance
of equipment or
device
Employees Some systems or devices face
the problem of low acceptance
of input such as biometrics in
case of fingerprints which is
generally linked to a criminal
investigation.
4
The threats detailed above are some of the basic threats which prevail in any organization which
raises the issue of security in the company. These threats are some basic threats such as
unauthorized access to personal data or information. Various other threats also prevail such as
profiling, side channel attack, social engineering attack etc. These threats violate the information
(El Mrabet, et. al., 2018).
Various exposures which are leading to threats are detailed below:
Spam
Phishing
Malware
Spyware
Proxies
Adware
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
The above-listed exposures to threats are some of the basic viruses or attacks are done by the
attackers which create the problem in the system and interrupt the working of the entire
corporation.
Figure 1 Types of threats prevailing in the system
Source: (Aryal, 2018).
2.2 Threat Agents
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
Employees: Every business or organization have given certain access to the employees
who have authority to make the legitimate access to the private and confidential
information related to the corporation and the misuse of this information can be very
harmful an destructive for the organization. It may also happen that this access is either
given to the employees by trusting them or employees may hack the information without
letting the corporation know about it (McIntosh, 2015).
Hackers: Hackers are said to be the trained professionals who have the skill and
knowledge about the hacking various software and programs of any particular
organization to know the inside data or information about the specific corporation which
can be private and confidential.
attackers which create the problem in the system and interrupt the working of the entire
corporation.
Figure 1 Types of threats prevailing in the system
Source: (Aryal, 2018).
2.2 Threat Agents
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
Employees: Every business or organization have given certain access to the employees
who have authority to make the legitimate access to the private and confidential
information related to the corporation and the misuse of this information can be very
harmful an destructive for the organization. It may also happen that this access is either
given to the employees by trusting them or employees may hack the information without
letting the corporation know about it (McIntosh, 2015).
Hackers: Hackers are said to be the trained professionals who have the skill and
knowledge about the hacking various software and programs of any particular
organization to know the inside data or information about the specific corporation which
can be private and confidential.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cyber Criminals: These are the personnel who perform the crimes online with the
motive of making money with this fraud business. For example, generating fake calls to
extract your account information (van der Walt, et. al., 2018).
Foreign intelligence services or Industrial competitors: These are the other
competitive companies, which are interested in gaining the knowledge about your
successful business operations.
Corporate raiders: Corporate raiders are the financier who tries to control the policies
of companies and then sell them over the bids and resell them to gain profit and earn
money from those policies (James, 2018).
Professional criminals/ hackers: These are the hackers who have proper skills and
knowledge and who are said to be professional in this work. The threats performed by
these hackers are like spoofing of credentials, by-pass authentication.
Figure 2 Threat agents in the organization
Source: (Desjardins, 2017).
motive of making money with this fraud business. For example, generating fake calls to
extract your account information (van der Walt, et. al., 2018).
Foreign intelligence services or Industrial competitors: These are the other
competitive companies, which are interested in gaining the knowledge about your
successful business operations.
Corporate raiders: Corporate raiders are the financier who tries to control the policies
of companies and then sell them over the bids and resell them to gain profit and earn
money from those policies (James, 2018).
Professional criminals/ hackers: These are the hackers who have proper skills and
knowledge and who are said to be professional in this work. The threats performed by
these hackers are like spoofing of credentials, by-pass authentication.
Figure 2 Threat agents in the organization
Source: (Desjardins, 2017).
2.3 Vulnerabilities
Vulnerabilities include the fault or mistake which is leading to the threat in the organization.
These vulnerabilities are like generally inviting the attackers for the hacking of the system. The
common software security vulnerabilities include:
Weak password setting: When the passwords set by the employees in the corporation
are too weak that it can be easily hacked by the hackers. So it must be ensured that the
password set should be strong enough to break down.
Bugs: Bugs are the various viruses or threats present in the system which is violating the
functionality of the system.
Avoiding integrity checks while downloading of the codes: When the employees are
downloading the codes from the system, proper checking is not ensured which leads to
the problem in the future as it leads to loss of integrity.
Lack of back-up/ failover procedures: There is no adequate back up in the system
taken up by the employees. Appropriate nodes related to failure are not being considered
by the employees.
Using devices and equipment in the unprotected environments: Devices or equipment
used by the employees or the management should be used in the secure and safe
environment. Using the system in the inappropriate or unprotected environment leads to
viruses or attacks which damage the system and also increases the chances of information
leakage (Saini, et. al., 2018).
Error rates in the computer systems: The increasing rate of errors in the computer
system or system devices create the problems which invite the errors and threats in the
system, which creates the problem of data leakage, unauthorized access to data, sharing
of confidential and private information with others without the permission of the user.
Lacking correct data mechanisms: Procedure for collecting the correct data is improper
or incorrect which creates the problem in the system.
Linkability of data: The linking between the different documents or data is also the
problem for the IT employees as different databases are linked with the help of profiling,
data mining, social sorting, data aggregation etc. These functions create the problem of
data linking which raises the issue of security (McIntosh, 2015).
Vulnerabilities are basically considered as the weakness prevailing in the system. These
weaknesses allow the intruders or hackers to execute certain commands, unauthorized access to
data etc. These vulnerabilities are found in every area of the corporation. The table given below
shows a relationship between the vulnerability and the threat and how this vulnerability is giving
birth to the threat is given below:
Description of Vulnerability Consequences
Increasing dependency on IT systems, external
infrastructure, and network
This leads to the denial service of
attacks and also creates the
problem of buffer overflow.
It gives rise to worms, malicious
code and worms.
Vulnerabilities include the fault or mistake which is leading to the threat in the organization.
These vulnerabilities are like generally inviting the attackers for the hacking of the system. The
common software security vulnerabilities include:
Weak password setting: When the passwords set by the employees in the corporation
are too weak that it can be easily hacked by the hackers. So it must be ensured that the
password set should be strong enough to break down.
Bugs: Bugs are the various viruses or threats present in the system which is violating the
functionality of the system.
Avoiding integrity checks while downloading of the codes: When the employees are
downloading the codes from the system, proper checking is not ensured which leads to
the problem in the future as it leads to loss of integrity.
Lack of back-up/ failover procedures: There is no adequate back up in the system
taken up by the employees. Appropriate nodes related to failure are not being considered
by the employees.
Using devices and equipment in the unprotected environments: Devices or equipment
used by the employees or the management should be used in the secure and safe
environment. Using the system in the inappropriate or unprotected environment leads to
viruses or attacks which damage the system and also increases the chances of information
leakage (Saini, et. al., 2018).
Error rates in the computer systems: The increasing rate of errors in the computer
system or system devices create the problems which invite the errors and threats in the
system, which creates the problem of data leakage, unauthorized access to data, sharing
of confidential and private information with others without the permission of the user.
Lacking correct data mechanisms: Procedure for collecting the correct data is improper
or incorrect which creates the problem in the system.
Linkability of data: The linking between the different documents or data is also the
problem for the IT employees as different databases are linked with the help of profiling,
data mining, social sorting, data aggregation etc. These functions create the problem of
data linking which raises the issue of security (McIntosh, 2015).
Vulnerabilities are basically considered as the weakness prevailing in the system. These
weaknesses allow the intruders or hackers to execute certain commands, unauthorized access to
data etc. These vulnerabilities are found in every area of the corporation. The table given below
shows a relationship between the vulnerability and the threat and how this vulnerability is giving
birth to the threat is given below:
Description of Vulnerability Consequences
Increasing dependency on IT systems, external
infrastructure, and network
This leads to the denial service of
attacks and also creates the
problem of buffer overflow.
It gives rise to worms, malicious
code and worms.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 22
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.