IT Risk Management Report: Security, Threats, and Risk Assessment

Verified

Added on 2020/02/24

AI Summary

This report delves into the critical aspects of IT risk management, emphasizing data security as a paramount concern in today's technology-driven world. It explores the evolving IT security landscape, highlighting the gap between customer expectations and the capabilities of current security technologies, and advocates for a more holistic approach. The report outlines various IT security models, including the State machine model and the Bell-Lapadula Model, and discusses access control mechanisms such as Mandatory Access Control (MAC), Rule-Based Access Control (RBAC), and Discretionary Access Control (DAC). It also covers IT security threats, vulnerability assessments, and the importance of risk assessment in mitigating potential damages. The report concludes by emphasizing the continuous nature of IT security and the necessity of proactive measures to address emerging threats.

Running head: IT RISK MANAGEMENT
IT RISK MANAGEMENT
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2IT RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
IT Security & Technology Landscape.............................................................................................3
IT Security Models & Access Controls...........................................................................................3
IT Security Threat and risk assessment...........................................................................................4
Conclusion.......................................................................................................................................4
References........................................................................................................................................6

3IT RISK MANAGEMENT
Introduction
Data security is very much vital in every aspect of living. As a result of the massive
breaches in the data by major corporations with respect to every industry data security is a talk of
the tech world. The impact of the data securities can be of very much importance due to the
factor of economic and reputation impact it causes (Carver, Minku & Penzenstadler, 2017). This
factor is the main reason of a massive shift going on in the world today. The different security
point features that are available such as firewalls can be of very much benefit as they not only
provide security but also take action to address the threats.
There can different situation where a person wants to access a data on a network drive but
does not have access to it. This happens at most appropriate time and as a result of which they
need to get holds of the system administrator in order to grand them the permission. Access point
is basically a technique of identifying a person doing a specific task or job which can be
authenticated by looking at their identification with respect to which the access can be given.
Information security model can be related to methods that are used in order to authenticate
security policies as they are intended to provide a precise set of rules that a computer must
follow (Angst el al., 2017)
Security threads and risk assessment should be incorporated when there is a developing
or implementing major changes to or acquires an information system. These are the basic
components of the overall risk management aspect (Karim et al., 2017)

4IT RISK MANAGEMENT
IT Security & Technology Landscape
In recent times the information technology security lags behind and there is a huge
mismatch on what the customer expect it to give and what the security technology delivers to
them. From the point of view of the customer the security should be protecting an enterprise
against any thread that can cause harm to it. On the other hand the security aspects should be
easy to implement as should be considered as an easy approach. The gap which is created is
lagging for a long time because the security industry is more focused on the point solution
creation rather than holistic answer to any aspect regarding to the security issue (Moncayo &
Montenegro, 2016). So, there is a massive shift of security aspect that must be deployed in order
to approach and resolve the overall security aspect as well as the technology landscape.
IT Security Models & Access Controls
The models to the It security model gives a large scale of idea about the basic rules that
should be followed by a computer to in order to implement the fundamental security concepts
involved in it. The basic models are stated below:
1. State machine model: according to this model a state is a system’s snapshot at a specific time
incident. The state machine model derives from the computer science definition which can be
related to finite state machine ( FSM), which is meant to integrate an external input with an
internal machine state in order to model all the system types which may include a decoder, parser
and an interpreter. The main transition takes place when accepting or producing output and this
always results in a new state.
2. Bell- Lapadula Model: this model was mainly developed in order to formulize the U.S
department of defense (DoD) multi level security policy. This model classifies the resources into

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5IT RISK MANAGEMENT
major four parts as unclassified, confidential, secret and top secret. The model can be
implemented in such a way that an individual cleared for the security level only has access
documents labeled secret. This merely means only those resources are available to the concerned
person who needs access to that particular resource and not all the resource.
Access point mainly deals with the permission of a particular person in order to access
specific information. The access control model has mainly four aspects mandatory access control
(MAC), rule and based access control (RBAC or RB-RBAC) and discretionary access control
(DAC). These all model address a specific point of access to an individual. A person cannot
merely access each and every point (De Smet & Mayer, 2016). Only if an individual’s
identification credentials are valid they would be allowed to pass through the information on the
data. This aspect plays a vital role in the security of the data from unwanted personals accessing
them (Buttyán, Félegyházi & Pék, 2016).
IT Security Threat and risk assessment
IT security threat can be described as anything that would be directly contributing to the
destruction, tampering or interruption of any service related aspect. Threats merely always go
with vulnerability which can be graded in a similar manner which can be measured in term of
capability and motivation. The vulnerability aspect analysis phase may include testing with the
objectives something which can be related to value for example text file, classification document
or password file (Buttyán, 2016). It should be noted that this should be pre determined with the
senior management who are concerned the security aspect related to any field. The assessment of
the risk plays an important role the risk can be factored in various conditions and the assessment
of the risk accordingly can decrease the effect of the risk and eventually decrease it. The level of

6IT RISK MANAGEMENT
protection and maintenance would be different in different areas. The measure would directly be
depending upon the size of the IT department (Lošonczi, Nečas & Naď, 2016).
Conclusion
It can be concluded from the report that the threads and the various aspects is not a mean
of end at any point. It is merely a continous process which has ones started and would continue
in the near future. The risk factors should be evaluated according and necessary actions in order
to minimize the risk associated with the different scenario should be identified in order to
decrease the overall affect of the risk. All security devices and control are very much important
but they should be framed in a large picture always.

7IT RISK MANAGEMENT
References
Angst, C. M., Block, E. S., D’Arcy, J., & Kelley, K. (2017). When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare
data breaches. MIS Quarterly.
Buttyán, L. (2016). Introduction to IT Security.
Buttyán, L., Félegyházi, M., & Pék, G. (2016). Mentoring Talent in IT Security-A Case Study. In
ASE@ USENIX Security Symposium.
Carver, J. C., Minku, L. L., & Penzenstadler, B. (2017). Requirements, Human Values, and the
Development Technology Landscape. IEEE Software, 34(1), 13-15.
De Smet, D., & Mayer, N. (2016, October). Integration of it governance and security risk
management: A systematic literature review. In Information Society (i-Society), 2016
International Conference on (pp. 143-148). IEEE.
Karim, N. S. A., Saba, T., & Albuolayan, A. (2017). Analysis of software security model in
scenario of Software Development Life Cycle (SDLC). Journal of Engineering
Technology (ISSN: 0747-9964), 6(2), 304-316.
Lošonczi, P., Nečas, P., & Naď, N. (2016). RISK MANAGEMENT IN INFORMATION
SECURITY. Journal of Management, (1), 28.
Moncayo, D., & Montenegro, C. (2016, October). Information security risk in SMEs: A hybrid
model compatible with IFRS: Evaluation in two Ecuadorian SMEs of automotive sector.