Aztek: IT Risk Management Report on Cloud Migration and Security
VerifiedAdded on 2020/03/16
|23
|6055
|34
Report
AI Summary
This report examines IT risk management for Aztek, an Australian Financial Services Sector organization, focusing on the implications of migrating applications and databases to an external cloud service. It discusses various decisions made by the company, including enabling employees to bring their own devices, migrating databases to the cloud, outsourcing IT functions, and upgrading technologies. The report identifies potential risks associated with cloud migration, such as data loss and security breaches, and emphasizes the importance of a robust security posture. It explores the financial service sector's intersection with technology, highlighting the need for stakeholder management and careful consideration of security threats from hackers, script kiddies, dishonest employees, and spammers. The report recommends strategies like Microsoft Azure or Amazon Web Services cloud infrastructure, scalability, flexibility, cost-effectiveness, and encryption to mitigate risks. It also recommends implementing anti-virus software to protect against intrusions and maintain data security.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s Note:
IT Risk Management
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
IT RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................4
Migration of Database to Cloud..................................................................................................4
Financial Service Sectors.............................................................................................................5
Security Posture...........................................................................................................................6
Probable Security Risks and Threats...........................................................................................9
Conclusion.....................................................................................................................................14
References......................................................................................................................................17
IT RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................4
Migration of Database to Cloud..................................................................................................4
Financial Service Sectors.............................................................................................................5
Security Posture...........................................................................................................................6
Probable Security Risks and Threats...........................................................................................9
Conclusion.....................................................................................................................................14
References......................................................................................................................................17
2
IT RISK MANAGEMENT
Executive Summary
The main aim of this report is to understand the case study of Aztek. Aztek is an organization
that does its task in the AFSS or Australian Financial Services Sector. The superior executives in
both the business divisions and technology within the organization have gathered a particular
collection of various projects or specifically have taken various decisions from the relevant
strategists, who would be extremely helpful for the company and funding can be easily done for
the deployment. These strategies or the decisions normally involve various projects like the
allowing of the employees for bringing their own typical devices. These particular devices
usually include the tablets, their laptops and the mobile phones in their particular workplace and
all the devices to be used as the main or the major devices for the completion of their tasks in the
work and attaining the goals and objectives of the organization. The second decision that the
company has taken is for the migration of databases, data sources or the applications to a specific
cloud hosting solution externally. The third decision that is undertaken by them is the
outsourcing of the main functions of information technology. These functions usually include the
management of desktop, the development of applications or the network to a particular third
party. The last project is the up gradation, update or introduction of the major technologies like
the platforms and applications of the mobile and the migration of the networking technology,
which is improved. The typical example is the IPv6 or Internet Protocol Version 6. Moreover, a
corporate wide email archive is to be created for the purpose and benefits of compliances, up
gradation and updating the operating systems of desktop and several applications. The objective
of this typical report is to recognize the relevant risks that can occur in the company when the
applications and databases are migrated to an external cloud service. Moreover, the following
IT RISK MANAGEMENT
Executive Summary
The main aim of this report is to understand the case study of Aztek. Aztek is an organization
that does its task in the AFSS or Australian Financial Services Sector. The superior executives in
both the business divisions and technology within the organization have gathered a particular
collection of various projects or specifically have taken various decisions from the relevant
strategists, who would be extremely helpful for the company and funding can be easily done for
the deployment. These strategies or the decisions normally involve various projects like the
allowing of the employees for bringing their own typical devices. These particular devices
usually include the tablets, their laptops and the mobile phones in their particular workplace and
all the devices to be used as the main or the major devices for the completion of their tasks in the
work and attaining the goals and objectives of the organization. The second decision that the
company has taken is for the migration of databases, data sources or the applications to a specific
cloud hosting solution externally. The third decision that is undertaken by them is the
outsourcing of the main functions of information technology. These functions usually include the
management of desktop, the development of applications or the network to a particular third
party. The last project is the up gradation, update or introduction of the major technologies like
the platforms and applications of the mobile and the migration of the networking technology,
which is improved. The typical example is the IPv6 or Internet Protocol Version 6. Moreover, a
corporate wide email archive is to be created for the purpose and benefits of compliances, up
gradation and updating the operating systems of desktop and several applications. The objective
of this typical report is to recognize the relevant risks that can occur in the company when the
applications and databases are migrated to an external cloud service. Moreover, the following
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
IT RISK MANAGEMENT
report also focuses on the measures that can be taken to reduce the security threats,
vulnerabilities and risks involved in information system of Aztek.
IT RISK MANAGEMENT
report also focuses on the measures that can be taken to reduce the security threats,
vulnerabilities and risks involved in information system of Aztek.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
IT RISK MANAGEMENT
Introduction
Cloud computing is the process or technique, which acts as the tool or technique for
transferring any type of confidential data or information or any type of services that are related to
computing. These various services of computing are of several types (Dinh et al., 2013). The
services include analytics, storage, servers, networking or even software. Several other services
are also present in cloud computing. The companies or organizations, which help in providing
the above mentioned services within the cloud, are called the cloud providers or the providers of
the cloud. These particular companies or organizations get money after providing the services of
cloud computing (Chaisiri, Lee & Niyato, 2012). This is most used technology in today’s world.
It is the best technology for transferring any data with security. The major advantage or benefit
of cloud computing is that it does not incur much cost and is affordable by all organizations. This
particular advantage makes cloud computing much popular and acceptable by almost all
organizations and companies. The second advantage of cloud computing is that it provides
security to the data that is to be transferred. Intrusion is prevented by the utilization of cloud
computing (Garg, Versteeg & Buyya, 2013). Aztek is an organization, which does its operation
in the Australian Financial Services Sector. The senior executives in both the technology and
business divisions within the company have collected a collection of several projects or rather
have taken certain decisions from the respective strategists that would be helpful for the
organization and could be easily funded for the deployment. The decisions or the strategies
include several projects such as the enabling the employees for bringing their own devices (Lee
& Zomaya, 2012). These devices include the laptops, their tablets and their mobile phones in
their respective workplace and the devices to be utilized as the major or the main devices in
completing their tasks in the work and achieving the organizational goals and objectives. The
IT RISK MANAGEMENT
Introduction
Cloud computing is the process or technique, which acts as the tool or technique for
transferring any type of confidential data or information or any type of services that are related to
computing. These various services of computing are of several types (Dinh et al., 2013). The
services include analytics, storage, servers, networking or even software. Several other services
are also present in cloud computing. The companies or organizations, which help in providing
the above mentioned services within the cloud, are called the cloud providers or the providers of
the cloud. These particular companies or organizations get money after providing the services of
cloud computing (Chaisiri, Lee & Niyato, 2012). This is most used technology in today’s world.
It is the best technology for transferring any data with security. The major advantage or benefit
of cloud computing is that it does not incur much cost and is affordable by all organizations. This
particular advantage makes cloud computing much popular and acceptable by almost all
organizations and companies. The second advantage of cloud computing is that it provides
security to the data that is to be transferred. Intrusion is prevented by the utilization of cloud
computing (Garg, Versteeg & Buyya, 2013). Aztek is an organization, which does its operation
in the Australian Financial Services Sector. The senior executives in both the technology and
business divisions within the company have collected a collection of several projects or rather
have taken certain decisions from the respective strategists that would be helpful for the
organization and could be easily funded for the deployment. The decisions or the strategies
include several projects such as the enabling the employees for bringing their own devices (Lee
& Zomaya, 2012). These devices include the laptops, their tablets and their mobile phones in
their respective workplace and the devices to be utilized as the major or the main devices in
completing their tasks in the work and achieving the organizational goals and objectives. The
5
IT RISK MANAGEMENT
second decision undertaken by the company is to migrate their all of the applications, databases
or data sources to a cloud hosting solution externally. The third decision is to outsource the
major functionalities of information technology (Almorsy, Grundy & Müller, 2016). These
functionalities include the development of applications, management of desktop or the network
to a specific third party. The final project is to upgrade, update or introduce the main
technologies like the applications and platforms of mobile and to migrate to the networking
technology that is improved. The example is Internet Protocol Version 6. Moreover, a corporate
wide email archive is to be created for the purpose and benefits of compliances, up gradation and
updating the operating systems of desktop and several applications (Gampala, Inuganti &
Muppidi, 2012). These projects will help Aztek to achieve its organizational goals and
organizations.
The following report covers the project of migration of database to the cloud for Aztek.
They have decided to migrate their database to the cloud (Gupta, Seetharaman & Raj, 2013).
There are various cloud infrastructures and platforms present in the market and Aztek have
decided to select one of them. However, there are always some of the major risks and threats in
the cloud and cloud infrastructure (Lee & Zomaya, 2012). The report covers the effective
decision making for the migration of data. Moreover, security postures, the probable risks,
vulnerabilities and threats are also mentioned here. The data security is also given in the report.
Discussion
Migration of Database to Cloud
Migration of data to the cloud would be one of the best decisions for Aztek. Database
migration helps to reduce the overall risk or threat for risks related to data like the loss of data
IT RISK MANAGEMENT
second decision undertaken by the company is to migrate their all of the applications, databases
or data sources to a cloud hosting solution externally. The third decision is to outsource the
major functionalities of information technology (Almorsy, Grundy & Müller, 2016). These
functionalities include the development of applications, management of desktop or the network
to a specific third party. The final project is to upgrade, update or introduce the main
technologies like the applications and platforms of mobile and to migrate to the networking
technology that is improved. The example is Internet Protocol Version 6. Moreover, a corporate
wide email archive is to be created for the purpose and benefits of compliances, up gradation and
updating the operating systems of desktop and several applications (Gampala, Inuganti &
Muppidi, 2012). These projects will help Aztek to achieve its organizational goals and
organizations.
The following report covers the project of migration of database to the cloud for Aztek.
They have decided to migrate their database to the cloud (Gupta, Seetharaman & Raj, 2013).
There are various cloud infrastructures and platforms present in the market and Aztek have
decided to select one of them. However, there are always some of the major risks and threats in
the cloud and cloud infrastructure (Lee & Zomaya, 2012). The report covers the effective
decision making for the migration of data. Moreover, security postures, the probable risks,
vulnerabilities and threats are also mentioned here. The data security is also given in the report.
Discussion
Migration of Database to Cloud
Migration of data to the cloud would be one of the best decisions for Aztek. Database
migration helps to reduce the overall risk or threat for risks related to data like the loss of data
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
IT RISK MANAGEMENT
(Hamlen et al., 2012). The best type of cloud infrastructure is the Microsoft Azure and the
Amazon Web Services or AWS. Aztek should migrate their database in these two cloud
infrastructures. The main advantages of migration of database in cloud are as follows:
i) Scalability: The data migration makes the database and data scalable enough to be
accessed by all (Gupta, Seetharaman & Raj, 2013).
ii) Flexibility: The data migration makes the database and data flexible.
iii) Cost Effective: Data migration is not at all costly and can be easily afforded by all
organization, irrespective of its size (Beloglazov, Abawajy & Buyya, 2012).
iv) High Security: The next advantage of migration of data and database is that it
provides extreme security to the database.
Microsoft Azure and Amazon Web Services or AWS are the best cloud infrastructures
for any organization. The best benefit that Aztek would get after this migration is that all the data
is not needed to be migrated (Almorsy, Grundy & Müller, 2016). Shifting only the database will
be helpful. Every single data and information is not needed to be shifted.
Financial Service Sectors
Aztek is an organization, which does its operation in the Australian Financial Services
Sector. The management of the stakeholder is the most important component in any organization
(Behl & Behl, 2012). Stakeholders of an organization are those people who help in the entire
process of an organization. There is always an interface between the stakeholders of an
organization and technologists of an organization. The financial services sectors are the interface
or the common boundary between the stakeholders and technologists of the organization. The
IT RISK MANAGEMENT
(Hamlen et al., 2012). The best type of cloud infrastructure is the Microsoft Azure and the
Amazon Web Services or AWS. Aztek should migrate their database in these two cloud
infrastructures. The main advantages of migration of database in cloud are as follows:
i) Scalability: The data migration makes the database and data scalable enough to be
accessed by all (Gupta, Seetharaman & Raj, 2013).
ii) Flexibility: The data migration makes the database and data flexible.
iii) Cost Effective: Data migration is not at all costly and can be easily afforded by all
organization, irrespective of its size (Beloglazov, Abawajy & Buyya, 2012).
iv) High Security: The next advantage of migration of data and database is that it
provides extreme security to the database.
Microsoft Azure and Amazon Web Services or AWS are the best cloud infrastructures
for any organization. The best benefit that Aztek would get after this migration is that all the data
is not needed to be migrated (Almorsy, Grundy & Müller, 2016). Shifting only the database will
be helpful. Every single data and information is not needed to be shifted.
Financial Service Sectors
Aztek is an organization, which does its operation in the Australian Financial Services
Sector. The management of the stakeholder is the most important component in any organization
(Behl & Behl, 2012). Stakeholders of an organization are those people who help in the entire
process of an organization. There is always an interface between the stakeholders of an
organization and technologists of an organization. The financial services sectors are the interface
or the common boundary between the stakeholders and technologists of the organization. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IT RISK MANAGEMENT
stakeholders deal with all the finance related decisions in the organization and each and every
decision undertaken is clarified and checked by the stakeholders of the company. Whereas, the
technologists are responsible for the technical and the technological growth and downfall of an
organization (Almorsy, Grundy & Müller, 2016). The technologists deal with the technical and
the non technical benefits and disadvantages of the organization. They look into the matter so
that every thing is under control. These technical things involve the information system of the
organization. The information is the most important system for any organization and the
confidential data or information is stored and recorded in that particular system. The financial
service sector is the mixture of both technology and finance (Hashizume et al., 2013). It is an
information system that stores all the important data or information related to the finance
department or financial team of a particular organization. Often there exists clash between the
finance department and the technologists of an organization. Aztek should look in to the matter
so that there exists no loopholes in the financial service sectors of Aztek.
Security Posture
Security posture of any company organization is the complete security plan of that
organization. Security posture is the approach or the step, an organization takes for its
organizational security (Arora, Parashar & Transforming, 2013). This posture involves
everything, right from the planning till the implementation of the security plan. The security
posture contains each and every policy, that is the technical, non technical. Moreover, the
processes, the procedures and the security measures that can control and protect the database or
data from any type of security threats or risks (Hashem et al., 2015). These risks can be both
internal and external. All organizations or companies are always vulnerable to potential
IT RISK MANAGEMENT
stakeholders deal with all the finance related decisions in the organization and each and every
decision undertaken is clarified and checked by the stakeholders of the company. Whereas, the
technologists are responsible for the technical and the technological growth and downfall of an
organization (Almorsy, Grundy & Müller, 2016). The technologists deal with the technical and
the non technical benefits and disadvantages of the organization. They look into the matter so
that every thing is under control. These technical things involve the information system of the
organization. The information is the most important system for any organization and the
confidential data or information is stored and recorded in that particular system. The financial
service sector is the mixture of both technology and finance (Hashizume et al., 2013). It is an
information system that stores all the important data or information related to the finance
department or financial team of a particular organization. Often there exists clash between the
finance department and the technologists of an organization. Aztek should look in to the matter
so that there exists no loopholes in the financial service sectors of Aztek.
Security Posture
Security posture of any company organization is the complete security plan of that
organization. Security posture is the approach or the step, an organization takes for its
organizational security (Arora, Parashar & Transforming, 2013). This posture involves
everything, right from the planning till the implementation of the security plan. The security
posture contains each and every policy, that is the technical, non technical. Moreover, the
processes, the procedures and the security measures that can control and protect the database or
data from any type of security threats or risks (Hashem et al., 2015). These risks can be both
internal and external. All organizations or companies are always vulnerable to potential
8
IT RISK MANAGEMENT
information technology security risks and breaches (Dinh et al., 2013). The major reasons for
worrying in any type of security breaches or security threats are as follows:
i) Hackers: They are the most dangerous and vulnerable persons who breach the entire
system of any organization (Hashizume et al., 2013). They get into the system of users and
further breach them so that the information is stolen or lost.
ii) Script Kiddies: They are the newest generations of hackers. They are not skilled
hackers but try to hack any system with the help of malicious scripts (Kliazovich, Bouvry &
Khan, 2012). Sometimes, even they turn out to be vulnerable and risky for the organization.
iii) Dishonest Employees: Employees are the ones, who have every knowledge of an
organization’s information system or database. It often happens that when an employee leaves an
organization or is driven out of an organization, has a grudge over the organization and tries to
breach the security system or help others in breaching the system (Lee & Zomaya, 2012). They
take out the company’s confidential data or information and breach them. Aztek should be
careful about their employees.
iv) Spammers: These hackers normally send vulnerable emails to the victims (Lin &
Chen, 2012). The moment the user opens the email, the spammer gets the complete access of the
information system or the computer of the user. These are extremely common in all
organizations.
There are few trends in the security posture of any organization. they are as follows:
IT RISK MANAGEMENT
information technology security risks and breaches (Dinh et al., 2013). The major reasons for
worrying in any type of security breaches or security threats are as follows:
i) Hackers: They are the most dangerous and vulnerable persons who breach the entire
system of any organization (Hashizume et al., 2013). They get into the system of users and
further breach them so that the information is stolen or lost.
ii) Script Kiddies: They are the newest generations of hackers. They are not skilled
hackers but try to hack any system with the help of malicious scripts (Kliazovich, Bouvry &
Khan, 2012). Sometimes, even they turn out to be vulnerable and risky for the organization.
iii) Dishonest Employees: Employees are the ones, who have every knowledge of an
organization’s information system or database. It often happens that when an employee leaves an
organization or is driven out of an organization, has a grudge over the organization and tries to
breach the security system or help others in breaching the system (Lee & Zomaya, 2012). They
take out the company’s confidential data or information and breach them. Aztek should be
careful about their employees.
iv) Spammers: These hackers normally send vulnerable emails to the victims (Lin &
Chen, 2012). The moment the user opens the email, the spammer gets the complete access of the
information system or the computer of the user. These are extremely common in all
organizations.
There are few trends in the security posture of any organization. they are as follows:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
IT RISK MANAGEMENT
i) Cloud Adoption: Cloud computing plays a significant role in the security posture of an
organization (Khalil, Khreishah & Azeem, 2014). It is the safest and the best technology utilized
for transferring data or any services.
ii) Cloud Application Usage: The migration to the cloud architecture would be the best
for Aztek organization as it will help them in reducing the huge complexities of database
migration.
iii) Encryption: The most simple and efficient way of protecting data and database and
providing security is the encryption. The data is encoded or encrypted into a cipher text and the
intruder is unable to crack that data (Lin et al., 2013). Aztek should opt for encryption as it
would be the best measure for their security posture.
The mitigation plans for the current security posture of Aztek are as follows:
i) Anti virus: Installation of anti virus in the information system of any organization helps
to reduce or mitigate the security threats or risks (Vatsalan et al., 2017). Moreover, anti virus
prevents any type of intrusion in the cloud infrastructure of platform easily. Anti virus is not at
all costly and can be easily afforded by all organizations.
ii) Firewalls: This is the second security measure after anti virus. These are somehow
similar to anti virus and help to detect and prevent the security risks and threats. This is exactly
same as the walls (Kshetri, 2014). The walls protect any house or building from any type of
threat or risks. Similarly, firewalls secure and protect the computer architecture or information
system from any type of security threats or risks.
IT RISK MANAGEMENT
i) Cloud Adoption: Cloud computing plays a significant role in the security posture of an
organization (Khalil, Khreishah & Azeem, 2014). It is the safest and the best technology utilized
for transferring data or any services.
ii) Cloud Application Usage: The migration to the cloud architecture would be the best
for Aztek organization as it will help them in reducing the huge complexities of database
migration.
iii) Encryption: The most simple and efficient way of protecting data and database and
providing security is the encryption. The data is encoded or encrypted into a cipher text and the
intruder is unable to crack that data (Lin et al., 2013). Aztek should opt for encryption as it
would be the best measure for their security posture.
The mitigation plans for the current security posture of Aztek are as follows:
i) Anti virus: Installation of anti virus in the information system of any organization helps
to reduce or mitigate the security threats or risks (Vatsalan et al., 2017). Moreover, anti virus
prevents any type of intrusion in the cloud infrastructure of platform easily. Anti virus is not at
all costly and can be easily afforded by all organizations.
ii) Firewalls: This is the second security measure after anti virus. These are somehow
similar to anti virus and help to detect and prevent the security risks and threats. This is exactly
same as the walls (Kshetri, 2014). The walls protect any house or building from any type of
threat or risks. Similarly, firewalls secure and protect the computer architecture or information
system from any type of security threats or risks.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
IT RISK MANAGEMENT
iii) Security Policies: This is the third way of securing the data or information (Chen &
Zhang, 2014). The security policies or the standards secure the information system or cloud
platform and infrastructure to protect and secure the services.
iv) Proper Storage: For cloud computing, storage is the most important feature (Nafi et
al., 2013). If the storage of the cloud is not perfect, there is always a chance of losing the data
and the database.
v) Virtual Private Network: VPN or Virtual Private Network helps in providing a private
network in a public network (AlZain et al., 2012). This network is utilized in receiving or
sending information or data.
Probable Security Risks and Threats
Various security threats and risks are present in the information system or cloud
infrastructure and platform. The probable risks and threats are as follows:
i) Malicious Activities: These are the most dangerous activities for any security system.
a) Malicious Code or Software: This type of code or software is injected within a system
by a hacker to infect the system (Chen & Zhao, 2012). This code is malicious in nature and can
replicate itself in the system. It formats the entire system and the important data gets lost.
b) Denial of Service: This type of threat is done by denying the service of the system. The
owner of the system has no idea about this attack and when tries to access the system, the service
is denied (Liu, 2012). The hacker gets the complete access to the system.
c) Abuse of Information Leakage: This type of security threat leaks the information with
wrong intentions and the user suffers from trouble.
IT RISK MANAGEMENT
iii) Security Policies: This is the third way of securing the data or information (Chen &
Zhang, 2014). The security policies or the standards secure the information system or cloud
platform and infrastructure to protect and secure the services.
iv) Proper Storage: For cloud computing, storage is the most important feature (Nafi et
al., 2013). If the storage of the cloud is not perfect, there is always a chance of losing the data
and the database.
v) Virtual Private Network: VPN or Virtual Private Network helps in providing a private
network in a public network (AlZain et al., 2012). This network is utilized in receiving or
sending information or data.
Probable Security Risks and Threats
Various security threats and risks are present in the information system or cloud
infrastructure and platform. The probable risks and threats are as follows:
i) Malicious Activities: These are the most dangerous activities for any security system.
a) Malicious Code or Software: This type of code or software is injected within a system
by a hacker to infect the system (Chen & Zhao, 2012). This code is malicious in nature and can
replicate itself in the system. It formats the entire system and the important data gets lost.
b) Denial of Service: This type of threat is done by denying the service of the system. The
owner of the system has no idea about this attack and when tries to access the system, the service
is denied (Liu, 2012). The hacker gets the complete access to the system.
c) Abuse of Information Leakage: This type of security threat leaks the information with
wrong intentions and the user suffers from trouble.
11
IT RISK MANAGEMENT
d) Abuse of Authorization: The authorized users are stopped or abused in this particular
type of threat.
e) Receiving Unsolicited E-mails: This is another dangerous security threat where the
victim receives a fake email and the moment he opens the mail, his system is corrupted and the
confidential information is stolen (Iankoulova & Daneva, 2012).
f) Identity theft: The identity of the authorized user is theft in this particular security
threat and the hacker acts as the user.
g) Remote Activities: This is another dangerous attack where the execution of activities is
done remotely (Bonomi et al., 2012).
h) Unauthorized Installation of Software: Software installation plays a significant role in
any system (Gellman, 2012). When the user installs an authorized software, he himself invites
hackers in his system.
ii) Unintentional Damage or Loss of Information or IT Assets: This is the second
category of security threats in any organization (Behl & Behl, 2012). These threats mostly occur
unintentionally or by losing any information or important assets. This category can be further
classified into several threats. They are follows:
a) Destruction of records: This is the most dangerous threat under this category. Every
organization or agency stores its data in its information system (Hashem et al., 2015). When
these records are destructed by any means either by system formatting or by unintentional cause
of an employee., it leads to major problem.
IT RISK MANAGEMENT
d) Abuse of Authorization: The authorized users are stopped or abused in this particular
type of threat.
e) Receiving Unsolicited E-mails: This is another dangerous security threat where the
victim receives a fake email and the moment he opens the mail, his system is corrupted and the
confidential information is stolen (Iankoulova & Daneva, 2012).
f) Identity theft: The identity of the authorized user is theft in this particular security
threat and the hacker acts as the user.
g) Remote Activities: This is another dangerous attack where the execution of activities is
done remotely (Bonomi et al., 2012).
h) Unauthorized Installation of Software: Software installation plays a significant role in
any system (Gellman, 2012). When the user installs an authorized software, he himself invites
hackers in his system.
ii) Unintentional Damage or Loss of Information or IT Assets: This is the second
category of security threats in any organization (Behl & Behl, 2012). These threats mostly occur
unintentionally or by losing any information or important assets. This category can be further
classified into several threats. They are follows:
a) Destruction of records: This is the most dangerous threat under this category. Every
organization or agency stores its data in its information system (Hashem et al., 2015). When
these records are destructed by any means either by system formatting or by unintentional cause
of an employee., it leads to major problem.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.