IT Risk Management Report

Verified

Added on 2020/02/24

AI Summary

This report provides an in-depth analysis of IT risk management, focusing on the security landscape, threats, vulnerabilities, and mitigation strategies. It discusses the importance of user awareness and the implementation of effective security measures to protect information technology systems. The report emphasizes the need for continuous risk assessment and the adoption of multiple control measures to enhance IT security.

Running head: IT RISK MANAGEMENT
Assessment 1
[Student Name Here]
[Institution’s Name Here]
[Professor’s Name Here]
[Date Here]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT RISK MANAGEMENT 2
Table of Contents
Contents Page
Introduction.......................................................................................3
IT security and technology Landscape.............................................................3
Threats and vulnerabilities............................................................................4
Mitigating the risks.......................................................................................5
Benefits of these mitigations.........................................................................5
IT security threats and risk assessment.............................................................6
IT security Threats and risk...........................................................................7
Mitigation......................................................................................................8
Benefits.........................................................................................................8
Conclusion..........................................................................................9
References ……………………………………………………........ 10

IT RISK MANAGEMENT 3
Introduction
Information technology has introduced new concepts of meeting organizational objectives,
these concepts use automated technologies that facilitate the analysis of information to
develop better and conclusive decisions. Moreover, the same concepts enhance risk
management by providing factual results that facilitate users to make better future decisions.
However, information technology stands as an important asset on its own and will face
various problems, more so, security threats and vulnerabilities. These threats will stem from
illegal access as propagated by intruders who use these assets to further their illicit courses.
Moreover, the threats are also caused by system vulnerabilities which are caused by user
ignorance or by developer’s faults (Stoneburner, Goguen, & Feringa, 2002). This report
highlights IT security as witnessed in different settings of the digital world. In fact, a detailed
analysis is given on the security concepts of technology and the threats/risk it faces.
IT security and technology Landscape
Technology landscape: from the inception of information technology, the industry has always
envisioned on transformative operational architecture by continuously shifting the landscape
of information access. In essence, this shift has continuously moved IT infrastructure from
mainframe system (architectures) to client/server systems (OCLC, 2010). In the past, this was
achieved by personalised computers which were served by mainframe systems accessed
using client/server applications. However, the modern technological landscape sees’ direct
access to information where portable devices use different units of Softwares to access data,
the so called apps. Therefore, irrespective of the industry or field, the technology landscape
seems to acquire a common pattern where the end users, who lack technical ICT knowledge,
are at liberty to access extensive technological systems. This outcome raises many security
challenges as outlined below.

IT RISK MANAGEMENT 4
Fig: Technology landscape and IT security
Threats and vulnerabilities
To assess the threats facing the modern landscape of technology, one must demystify the
elements of IT. For one, there are three main elements, hardware, software and the users.
Hardware threats: In 2011 Dell, a computer system manufacturer, announced to the world
that its servers had been attacked by powerful malicious malware. This attack was unique in
nature as it affected a critical aspect of technology, the motherboard system. This malicious
software had embedded itself into the flash memory of the servers used in the company.
Now, in the past, such attacks were only done on the firmware (application) and were easy to
manage, however, this attack singled a new threat that affected physical components
(Dehigaspege, et al., 2016).
Software: most of the security threats experienced today are focused on firmware elements
where malicious codes infect devices and alter their operation modes. This outcome is further
intensified today because of the internet which provides endless connections that intruders
can use to attack (Liao, 2011). Furthermore, the advances in software development have
Data
User User vulnerabilities: poor authentication,
old application, internet access etc.
Infrastructure
Data loss, Data breach, Illegal access
Hardware attacks and software attacks
Malware, intrusions, DOS and MIM etc

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT RISK MANAGEMENT 5
increased the content of information available today which makes it difficult to manage the
IT infrastructure.
Users: The main culprits of the security problems facing IT and the technology landscape.
Consider the end users, who have good intention with technology but are naïve to use sub-
standard security measures. Their minimal security efforts facilitate intruders which increase
the security problems. Intruders, on the other hand, adapt to security models in order fulfil
their objectives (PTAC, 2011).
Mitigating the risks
There are various approaches that are used to mitigate security threats in technology and
most of them rely on protecting the user's information, lets highlights a few of them.
a. Cryptography – IT is all about information access and processing. Cryptography is a
security tool that secures information and communication in general. This mitigation
technique will use negotiation protocols to verify the users of ICT systems, this will include
authenticating and authorising the users. Furthermore, it will encrypt data in transit to avoid
illegal access by intruders (Smart, 2002).
b. Hardware security – comprising of firewalls, access control and intrusion detection
systems (Host and network). These techniques monitor, assess and manage IT components to
mitigate attacks before they happen. In essence, they are pro-active mitigation systems that
direct and regulate the flow of information (CDN, 2012).
c. Policies – consider the PCI/DSS standard (payment card industry data security) that
outlines the necessary security procedures for organizations handling credit card
technologies. Such policies ensure the basic security feature of IT are implemented (HSE,
2014).

IT RISK MANAGEMENT 6
Benefits of these mitigations
 First, users’ data is secured which facilitates the execution of daily activities.
 Secondly, organizations minimise the losses experienced due to system interruptions
and recovery.
 Thirdly, they promote technological systems to users which also facilitates
innovation.
IT security threats and risk assessment
Despite the security measures put in place, they can never assure users of complete protection
from the threats facing IT. Risk assessment outlines a process of evaluating and identifying
vulnerabilities facing systems. This assessment also identifies the consequences of security
threats and provide recommendations based on the security programs outlined. Therefore,
risk assessment is a process of identifying, implementing and managing effective
countermeasures to security problems (Jenkins, 1998). The diagram below outline the process
used to perform IT security assessments.
Risk Assessment
Identification
Examination
Monitor
Implementation
Assessment

IT RISK MANAGEMENT 7
Fig: IT security assessment
IT security Threats and risk
In the past, computer users could verify applications before installation as they were provided
by verified sources using recognised administrators. This verification process is no longer
available today owing to the degree of connectivity where users can readily acquire Software
packages online which raises the security threats experienced. Moreover, the threats
experienced affect all devices and systems used in IT as outlined below:
a. Network threats – this category of threats affect the access infrastructure of information
technology, they interfere with the confidentiality, integrity and availability of information.
They include flood attacks, DoS (denial of service) and man-in the middle attack:
Flood attacks will jam traffic in the channels of communication by sending high volumes of
unnecessary information/data. The same approach is used to conduct DoS where processors,
storage and networks are bombarded with unnecessary information thus denying legitimate
users access to content. Man in the middle attack is propagated by intruders who eavesdrop
on connections and in the process alter the content of the information (Gharibi & Mirza,
2011).
b. Malware threats – propagated by black hats, malware are illicit codes developed to
interfere with the operation of verified Softwares. They can harvest information or interfere
with access, a proponent of DOS. Several malware types exist, for instance, adware which
exists as short advert programs that consistently pop up in browsers and application
connected online. This malware can be used to track users and acquire their confidential
information. Ransomware, malicious codes that hold computers and applications hostage
while the users are demanded to pay ransoms, this programs restrict users from accessing
information. Trojan horse, the most famous and common of them all. This malware pretends

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT RISK MANAGEMENT 8
or disguises itself a legitimate program while conducting its illicit actions. Moreover, it will
also disguise itself to facilitate its installation in users machines (Dupal, 2014).
Mitigation
Most of the threats identified above depend on the vulnerabilities existing in computer
systems. For instance, unprotected network nodes/ports and ignorant users who fail to protect
their assets using the necessary security procedures. In other instances, the users will be
tricked while using legitimate service applications e.g, phishing attacks that duplicate emails
and website so that users can provide their confidential information (Pearsoned, 2012).
Therefore, the mitigation procedures will use the assessment made, as highlighted before to
establish the necessary security procedures such as:
a. Firewalls – security elements that will monitor network traffic (incoming and outgoing)
to regulate its access. This security feature has for a long time been used as the first line of
defence in computer systems.
b. Access control – matching policies that restrict access to IT assets based on pre-defined
conditions. They are variable when guarding against attacks as they only allow access to
legitimate users and traffic.
c. Intrusion detection systems (IDS) – IDS can either be physical devices or software
packages that monitor system and networks for unauthorised activities. When identified,
these systems will report to the necessary authority which helps mitigate attacks. Moreover,
they provide an accurate record of system vulnerabilities.
d. Anti-virus – software packages that detect, prevent and remove malware intrusions.
However, their effectiveness depends on the users’ application strategy as they require
regular updates to keep up with new forms of attack (Golchha, Deshmukh, & Lunia, 2014).

IT RISK MANAGEMENT 9
Benefits
 Operational efficiency – minimal interruptions are caused by attacks which boost
productivity.
 Cost efficiency – with minimal attacks, the users spend little resources on developing
new solutions.
 Innovation – users gain confidence in users who are motivated to develop new IT
systems such as software packages (CDN, 2012).
Conclusion
In the analysis given above, a broad view of the security issues facing IT has been given
starting from the technological landscape seen today. Moreover, the immediate threats facing
IT have also been given, while having a greater emphasis on the most common forms of
attacks/threats. In all, a common trend is highlighted, that of user vulnerabilities as most
threats are fuelled by user negligence or lack of information. Furthermore, the mitigation
techniques highlighted have outlined the importance of using multiple control measures as
none is guaranteed. Therefore, IT security is a factor of time and the resources available. The
users should implement effective security strategies that are regularly revised and updated to
keep up with the time. Through this model, the security aspect of information technology will
be maintained within reasonable terms as complete protection is not guaranteed.

IT RISK MANAGEMENT 10
References
CDN. (2012). Hardware based security . Retrieved 24 August, 2017, from:
http://cdn.ttgtmedia.com/searchSecurity/downloads/0321434838_Ch16.pdf.
Dehigaspege, l., Hamy, U., Shehan, H., Dissanayake, S., Dangalla, H., Wijewantha, W., &
Dhammearatchi, D. (2016). Secure Authentication: Defending Social Networks from
Cyber Attacks Using Voice Recognition. ijsrp, Retrieved 24 August, 2017, from:
https://www.scribd.com/document/330395895/ijsrp-p5820-pdf.
Dupal, N. (2014). Common Malware Types: Cybersecurity 101. Veracode, Retrieved 24
August, 2017, from: https://www.veracode.com/blog/2012/10/common-malware-
types-cybersecurity-101.
Gharibi, W., & Mirza, A. (2011). Security Risks and Modern Cyber Security technologies for
corporate networks. International Journal of Computer Science and Information
Security, REtrieved 24 August, 2017, from:
https://arxiv.org/ftp/arxiv/papers/1105/1105.2002.pdf.
Golchha, P., Deshmukh, P., & Lunia, P. (2014). A Review on network security threats and
solutions. International Journal of Scientific Engineering and Research (, Retrieved
24 August, 2017, from: http://www.ijser.in/archives/v3i4/IJSER1567.pdf.
HSE. (2014). Information Technology (I.T.) Security policy. HSE, Retrieved 24 August,
2017, from:
https://www.hse.ie/eng/services/Publications/pp/ict/Information_Security_Policy.pdf.
Jenkins, B. (1998). Security risk analysis and management. Countermeasures, Retrieved 24
August, 2017, from: https://www.nr.no/~abie/RA_by_Jenkins.pdf.
Liao, C. (2011). Security threats from hardware. Retrieved 24 AUgust, 2017, from:
http://www.cs.rochester.edu/~sandhya/csc256/seminars/chao_malware.pdf.
OCLC. (2010). Technology Landscape. Major trends, Retrieved 24 August, 2017, from:
https://www.oclc.org/content/dam/oclc/reports/escan/downloads/technology.pdf.
Pearsoned. (2012). Security Risks and Threats. Chapter 2, Retrieved 24 August, 2017, from:
http://catalogue.pearsoned.co.uk/samplechapter/0321349946.pdf.
PTAC. (2011). Data Security: Top Threats to Data Protection. Privacy technical assistance
center, Retrieved 24 August, 2017, from: http://ptac.ed.gov/sites/default/files/issue-
brief-threats-to-your-data.pdf.
Smart, N. (2002). Cryptography: An Introduction. Retrieved 24 August, 2017, from:
https://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf.
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk Management Guide for Information
Technology Systems . National institute of standard technology, Retrieved 24 August,