PricingBlogAbout Us

IT Security Report: Risk Assessment and Disaster Recovery Plan

Verified

Added on  2020/12/26

|9
|1771
|346
Report
AI Summary
This report provides an in-depth analysis of IT security measures for a retailing business, addressing key areas such as risk assessment procedures, data protection processes, and the design and implementation of security policies. It explores the identification of security risks, including those associated with firewall configuration and third-party VPNs, and emphasizes the importance of the General Data Protection Regulation (GDPR) and the ISO 31000 standard for effective data management. The report also details the components of a disaster recovery plan, including backup strategies, asset inventory, and vendor communication, and stresses the significance of cloud-based backup solutions. The conclusion highlights the crucial role of IT security in protecting confidential data and ensuring business continuity, emphasizing the need for robust security measures in the face of evolving cyber threats. References to relevant books and journals are provided to support the analysis.
Document Page
IT Security
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Table of Contents
INTRODUCTION...........................................................................................................................1
LO3..................................................................................................................................................1
P5 Risk assessment Procedure.....................................................................................................1
P6 Evaluating the data protection process and regulation as applicable to the organization......2
LO4..................................................................................................................................................2
P7 Designing and implementing the security policy for the retailing business...........................2
P8 Identifying the main components of disaster recovery plan along with the reason................3
CONCLUSION................................................................................................................................4
REFERENCES................................................................................................................................5
Document Page
INTRODUCTION
IT security is a set of cybersecurity strategies that prevents unauthorised access to
organizational assets which includes computer, network and data. IT security mainly maintains
the integrity and confidentiality of sensitive information, blocking the access to sophisticated
hackers. This study will help in providing the better IT solutions for the retail organization who
is going to expand the business in an online platform.
Moreover, The report will also help in identifying the different types of security risk
involved in an organization. It will also helps in identifying the potential impacts of the incorrect
firewall configuration and Third party VPN's. This study will also make a clear understanding
about the Control mechanism In order to control the organization IT security.
LO1 & LO2 are covered in PPT
LO3
P5 Risk assessment Procedure
An information security risk assessment procedure is the process of identifying, resolving
and preventing the security problems within the business. Ris assessor will helps in identifying
the the risk which is involved in securing the IT solutions within the business. This procedure
helps in analysing the risk involved in the retailing business (Bada, Sasse and Nurse, 2019). This
is often a asset based, where risks are generally assessed according to the information regarding
the assets.
ISO 27001 have prescribed a risk assessment methodology for the business which helps
in defining the rules by which t he IT manager will perform the risk assessment. This
methodology needs to address four issues such as Baseline security, criteria, risk appetite,
scenario based, asset based risk assessment. Risk assessment procedure includes :
Identification of the hazard
Evaluating the harmful effects of the hazards and its impacts on specific system
Evaluation of the risk and various control measures
Implementation of the strategies accordingly and recording the appropriate findings.
P6 Evaluating the data protection process and regulation as applicable to the organization
The general data protection regulation is a legal regulation according to the EU law on
data protection and privacy for all the individuals. This is the legal framework that sets the
1
1

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
guideline for the collection and processing of personal information. ISO (International
organization for standardization) 31000 is a Family standard relating to the risk management.
This standard can help the organization in increasing the likelihood for accomplishing the main
objectives. It ensures the improved identification of opportunities and threats which assures the
effectively allocation and use of resources for treating the risk.
However ISO 31000 cannot be used for certifying the authorities but also provides the
guidelines for the internal and external audit programs (Ben-Asher and Gonzalez, 2015). Retail
organization can use this standardization technique to compare the risk management practices
which helps in international recognised benchmark in order to achieve the effective management
of the data and information along with the corporate governance.
Moreover, Reviewing the threats, vulnerabilities and various impacts in order to identify
the security risk within the enterprise. A security audit is the systematic evaluation technique
which helps in measuring the information system of the company which meets the established
criteria (Kalaiprasath, Elankavi and Udayakumar, 2017). This might includes the staff,
performing security vulnerability scans, reviewing the application and operating system access
control and it also helps in determining the physical access to the system.
LO4
P7 Designing and implementing the security policy for the retailing business
Security policies are As per the scenario, retailing company need to implement the proper
security policy which will be aimed at successful development of the online business. Securing
the online business by adopting the Cloud service provider security model (AlKalbani, Deng and
Kam, 2015). This Model allows the IT manager for employing the e-commerce website which
helps in enhancing the interaction with the customers. Most of the retailing organizations
generally uses the CSPs to support the foundational infrastructure. This involves the security
monitoring, vulnerability scanning, network threat detection etc.
Moreover, the Retailers are facing new digital era as the forces of social media, omni
channel shopping and a wave of emerging payment technologies are changing the business
processes within the enterprises. However, the cybercrime is the big business and retailers are
very easy and attractive targets. So in order to maximise the store performance over security has
lead to the supportive IT infrastructure. Combining the inadequate security with large amount of
data which belongs to the customer as well as retailers are ripe for the cyberattacks. As this
2
1
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
retailing business needs the security within the online store so for this very important data
security which need to be provided is the payment security of the customers (Bennett and Raab,
2017). So this The retailing company need to implement the PCI DSS (Payment card industry
data security standards) in order to secure the cardholder information of the customers. Along
with this, McAfree controls the system integrity and policy compliance for the retailing business
(Security policies, 2018).
P8 Identifying the main components of disaster recovery plan along with the reason
A disaster recovery plan is a documented process or a set of procedure which helps in
executing the disaster recovery process and ensures the IT infrastructure in the event of the
disaster. It is one of the important part which helps in preparing the security policies of the
business (Goodman and Flaxman, 2017). As the IT environment grow in complexity with large
number of business which are shifting to the virtual environment, so the risk associated with the
disaster increased. So this requires a well crafted disaster recovery and business continuity plan
which mainly includes the Off-site testing and Regular testing of the IT services. As per t he
disaster recovery plan, Manager basically need to explore about security requirements of the
business. So IT manager need to support the operational, financial and suppliers data. So
Disaster recovery plan mainly includes the following steps:
Backup check: It is one of the common mistake which includes the backup sites which makes
the better sense to have backup sites and redundant servers. This allows the easy recovery of the
data if in case if the private data is lost due to the occurrence of the disaster within the locality.
This makes sure that backup is including the full local backup on all the servers according to the
disaster preparation plan (Layton, 2016). So it is very important to maintain the external backup
via hard drive.
Detailed asset Inventory: It helps in accessing the information regarding the stock and
inventory within the retailing business. It allows the managers to determine the appropriate
damage and data lost.
Vendor communication and service restoration plan: After the storms passes, Service
restoration are the great considerations which allows the manager in paying attention towards the
logistics of testing backups and performing as many backups as possible before the storm.
3
1
Document Page
Opt for Cloud based backup: Server virtualisation is an effective way to achieve the redundant
system which ensures the cloud based backups (Iskandar, Virma and Ahmar, 2019). This helps
in efficient disaster recovery process.
CONCLUSION
From the above study, it can be concluded that IT security is one of the important factor
which helps in protecting the confidential data and information exchanged within the retailing
industries. Providing the proper IT solution helps in protecting the data from unauthorised
access. The study has described various different types of risk in securing the net work of the
organization. It has also make clear understanding about the Potential impact of the IT security in
case if the Firewall and Virtual private network has been wrongly configured.
Furthermore, this report has helped the reader in understanding the concept of DMZ,
Static IP and NAT which supports the system security and also helps in discovering various data
protection process and regulations which assess the risk in IT. In addition to this, it has explained
various disaster recovery plan and security policies which is used in the ret ailing business.
4
1

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
REFERENCES
Books and Journals
AlKalbani, A., Deng, H. and Kam, B., 2015, July. Organisational Security Culture and
Information Security Compliance for E-Government Development: The Moderating
Effect of Social Pressure. In PACIS (p. 65).
Bada, M., Sasse, A.M. and Nurse, J.R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack
detection. Computers in Human Behavior. 48. pp.51-61.
Bennett, C.J. and Raab, C.D., 2017. The governance of privacy: Policy instruments in global
perspective. Routledge.
Goodman, B. and Flaxman, S., 2017. European Union regulations on algorithmic decision-
making and a “right to explanation”. AI Magazine. 38(3). pp.50-57.
Iskandar, A., Virma, E. and Ahmar, A.S., 2019. Implementing DMZ in Improving Network
Security of Web Testing in STMIK AKBA. arXiv preprint arXiv:1901.04081.
Kalaiprasath, R., Elankavi, R. and Udayakumar, D.R., 2017. Cloud. Security and Compliance-A
Semantic Approach in End to End Security. International Journal Of Mechanical
Engineering And Technology (Ijmet). 8(5). pp.987-994.
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Online
Security policies. 2018. [online]. Available through:<https://entechus.com/7-key-elements-of-a-
business-disaster-recovery-plan/>
5
1
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
6
1
Document Page
7
1

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.