IT Risk Management Report: Threats, Models, and Access Controls

Verified

Added on 2020/03/02

AI Summary

This report comprehensively examines IT risk management, encompassing various aspects of IT security and its associated challenges. It begins by analyzing the evolving IT landscape, highlighting changes such as business monetization through mobile technology, enhanced interaction via business applications, and the rise of cloud computing. The report then delves into the core threats within the IT landscape, focusing on confidentiality, integrity, and availability, and emphasizes the importance of the CNSS security model in developing secure systems. Furthermore, it explores different types of security models and access controls, including discretionary, mandatory, and role-based access controls, as well as the state machine and Clark-Wilson models. The report concludes by addressing IT security threats, such as malware and phishing attacks, and provides mitigation strategies, including comprehensive policies and technical safeguards. Overall, the report provides a thorough understanding of the risks, models, and controls essential for effective IT risk management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT RISK MANAGEMENT 1
IT risk management
Name
Institution Affiliation:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IT RISK MANAGEMENT 2
IT Security & Technology Landscape
Introduction
The technology has always been accompanied by the changes. Some of these changes have just
small but they impact on specific sector, but others are major and impact everyone (Erl, Puttini &
Mahmood, 2013). There are various questions which arises as a result of technology landscape
which will be examined as follows;
How the IT landscape changed
The IT landscape has changed in various ways such as facilitating on the business monetization.
This has been due to the mobile technology, thus enabling the business to monetize more than
ever. Additionally, the technology landscape has enabled the facilitation of interaction through
the business apps (Erl, Puttini & Mahmood, 2013). This has been prior to the internet, the
customer and the business interact such as through the social media sites. There has also been
rise of the cloud which has been significant to many business today to an extent the average user
can retrieve data from anywhere when they access the internet (Safa, 2017). The technology
landscape has changed also particularly in the supporting of the business security.
The new threats in the IT landscape
Some of the threats associated with the information technology landscape are confidentiality,
integrity and availability. Confidentiality is equivalent to privacy. The measures which are
undertaken in order to ensure confidentiality are designed to prevent sensitive data from reaching
wrong individuals (Page, 2017). Integrity entails maintain the consistency, accuracy as well as
the trustworthiness of the data over the entire life cycle. The data should not be changed in the
transit, and steps needs to be taken in order to ensure the information cannot be altered by

IT RISK MANAGEMENT 3
individuals who are not authorized. On the other hand availability is ensured through
maintenance of all the hardware repair immediately when they are needed as well as maintaining
correctly the functioning operating system environment (Page, 2017). In the development of the
security to ensure that the authorized parties only are able to access the data when they need
there is need to use the CNSS security model. This model ensure ensures that there is
establishment and evaluation of the information security in the development of the secure system
(Safa, 2017). It is important to develop security goals and it is vital to know how these goals
relates to the various states.
Conclusion
The technology landscape has been the set of hardware as well as the software which serves
fabrics to support on all the business operation of the companies. The technology has
encountered various risks such as the confidentiality, integrity and availability. These risks could
be mitigated through cystography for ensuring there is data integrity and it include hashing the
data received. On the availability there should a backup done that is the key. Through the regular
doing of the off-site backups could limit the damage that is caused to hard drives.
References
Erl, T., Puttini, R., & Mahmood, Z. (2013). Cloud computing: concepts, technology &
architecture. Pearson Education.
Page, E. H. (2017). Modeling and Simulation (M&S) Technology Landscape. In Guide to
Simulation-Based Disciplines (pp. 25-35). Springer, Cham.
Safa, N. S. (2017). The information security landscape in the supply chain. Computer Fraud &
Security, 2017(6), 16-20.

IT RISK MANAGEMENT 4
IT Security Models & Access Controls
What are different types of security models and access controls?
Access control
The access control is all about the selective restriction of the access to a place or the other
resource. The act of accessing could mean consuming, entering or perhaps using. The permission
to the access is a resource regarded as authorization (Van & Jajodia, 2014). There are various
access control mechanism which have been placed in order to control the authorization of the
system (Hashizume, Rosado, Fernández-Medina & Fernandez, 2013). One is the discretionary
access control which is a model that is based on the user discretion. The owner of the resource is
responsible to giving the access of the rights on the resources to the other users which is based on
discretion. Another control is the mandatory Access control where the owner do not enjoy on the
privilege of deciding who could access the files (Hashizume, Rosado, Fernández-Medina &
Fernandez, 2013). Additionally, role Base Access control is another type of the model which the
access to the resource has been governed based on the role which is subject to hold within the
business. It is important to note that the role based access control the users do not have an access
over the role which they are assigned.
Security models
The security model has been a scheme for enforcing on the security policies. The information
technology security model are used for authentication of the security policies as they are
intended for provision of the set rules that a system could follow to implement on those concepts,
processes and the procedure especially in the security policy (Van & Jajodia, 2014). There are
various models of the security these are as follows; one is the state machine model. This model

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IT RISK MANAGEMENT 5
has been based on the state machine that monitors on the status of framework in order to keep it
from slipping into the insecure state (Van & Jajodia, 2014). This model serves as the basis for
the security model such as the information flow model. Another model is Clark-Wilson, which
has access control triple that are comprised of transformational procedure, and the constrained
data item (Yang & Jia, 2014). The authorization users are not able to change the data in any
appropriate way. This model controls on the way to which the subject access the objects to
enable the internal consistency of the system can be manipulated only in the best way to enable
consistency protection. When looking at the IT security model it is a scheme that specify the way
to which the security policies have been enforced (Yang & Jia, 2014). The security model is the
formal model of access on the rights, computation and the model distribution and prevent various
risks such as confidentiality, integrity and availability from occurring on the system.
Conclusion
The IT security model outline to the way in which the data can be accessed, the level which are
required and the actions that can be taken to protect the system. On the other aspect of the access
control mechanism in the information technology, the focus is on authorization, authentication
and the approval of the access.
References
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
Van Tilborg, H. C., & Jajodia, S. (Eds.). (2014). Encyclopedia of cryptography and security.
Springer Science & Business Media.
Yang, K., & Jia, X. (2014). DAC-MACS: Effective data access control for multi-authority cloud
storage systems. In Security for Cloud Storage Systems (pp. 59-83). Springer New York.

IT RISK MANAGEMENT 6
IT Security Threat and risk assessment
Introduction
When it comes to the information technology, there are many security concerns which affects the
systems particularly in the breach of the data that causes harm (Fennelly, 2016). These threats
could be through attack of the system by a hacker who identifies on the vulnerabilities or even a
rogue employee who intentionally steal information to sell (Adeka, Shepherd & Abd-Alhameed,
2014). In regards to the risk assessment it is the systematic aspects that are used in the
identification of all the security risks and determining to the most cost effective means for
control of these threats.
What are the security threats?
In day to day running of the business there are constant security threats which are occurring.
Some of these risks are malware which is a form of harmful software such as the viruses and the
ransomware (Fennelly, 2016). Once these get into the computer, it could wreak all sort of havoc.
Others are through phishing and SQL injection attacks, which works through exploiting any one
of the known SQL vulnerability which allow the SQL servers to run the malicious code.
How to mitigate on the risks
One way to mitigate the security risk would by having a comprehensive policies. The
compliance requirements dictates that the organization should develop on comprehensive policy
that addresses on human side of data (Fenz, Heurix, Neubauer & Pechstein, 2014). Other ways
could be to implement on the technical safeguards, and also avoid on the complacency.
Conclusion

IT RISK MANAGEMENT 7
The risk assessment is vital to the management of the security threats since it provides an
analysis and the interpretation of the threats that are present in the business. The risk assessment
enables the organization to know the kind of threats encountered and be able to implement the
plan for mitigating them.
References
Adeka, M. I., Shepherd, S. J., & Abd-Alhameed, R. A. (2014). Threat analysis versus risk
analysis in intelligence and security assessment.
Fennelly, L. (2016). Effective physical security. Butterworth-Heinemann.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information
security risk management. Information Management & Computer Security, 22(5), 410-
430.