PricingBlogAbout Us

IT Risk Management Report: Security Models, Threats, and Assessment

Verified

Added on  2020/03/04

|8
|1612
|104
Report
AI Summary
This report focuses on IT risk management, particularly in the context of multi-platform applications. It begins by highlighting the importance of security in the current technology landscape, where developers are creating applications for various platforms. The report then delves into IT security models, including Lattice models, Bell-LaPadu Confidentiality model, and Biba Integrity model, as well as access controls. It then examines IT security threats and risk assessment, covering the scope of opportunities, data collection, detailed analysis of security policies, threat analysis, and vulnerability analysis. The report concludes by emphasizing the need for developers to implement robust security policies to protect multi-platform applications, providing a comprehensive overview of the key aspects of IT risk management.
Document Page
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1IT RISK MANAGEMENT
Executive Summary
The technology landscape has become important in recent times and the software
development team is developing multi platform apps, they must ensure the security of these
apps too. These different security models have been discussed in this report. The security
threat and the risk assessment associated with it have been discussed in this report
elaborately. The scope or opportunities, a collection of data, detail analysis of security
policies, detail analysis of the threats occurred, vulnerability analysis and the assessment of
the risks associated with the applications have been well defined.
Document Page
2IT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion and justification of IT Security and Technology Landscape..............................3
3. Discussion and justification of IT Security Models and Access Controls.............................4
4. Discussion and justification of IT Security Threat and risk assessment................................5
5. Conclusion..............................................................................................................................6
6. References..............................................................................................................................7

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3IT RISK MANAGEMENT
1. Introduction
The clients prefer to use their own technology landscape and want to execute the
software on their landscape, to enhance the business and to reach to more and more clients
the developers are creating multi platform applications. However, the developers must be aw\
are of threats and risks associated with it. The security models like Lattice models, Bell-
LaPadu Confidentiality model, Biba Integrity model and the access controls come handy
while securing these applications (Pattasseril et al., 2013).
This report a highlights the technology landscape, security models and access
controls, threats and security assessment of applications in details.
2. Discussion and justification of IT Security and Technology Landscape
Technology is the accumulation of knowledge of techniques and skills related to a
specific platform or landscape utilised for the production of goods or products. The landscape
can be of various types. In the case of the computer and IT, the landscape is the hardware and
software. The landscape adopts certain rules and regulations that the software developer
needs to follow, the software developer build applications software based on the software
landscape and operating system landscape like Windows, Linux and android (Page, 2017).
The software developers work on C++, Java, Python, all these programming languages have
different landscapes and along with that a set of protocols. Recently the software developers
have started to develop applications to support on multiple landscapes, so this gives rise to
the cross-platform applications and multi-platform applications.
Now, these cross platform applications have security threats, the intruders start their
attack routine on a platform and later on spread their hands on to another platform. The risks
and the threats involved enables to execute on multiple platforms. The developer should also
ensure the security of these cross-platform apps. In general, the native apps are more secured
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4IT RISK MANAGEMENT
compared to the cross-platform apps. However, the apps can be made secure by data
validation and integrity checks, these apps can be even made secure by restricting clipboard
access, enabling Jailbreak Detection and by testing vulnerabilities (Dara & Sangamwar,
2014). The developers have already taken the initiative to make the software more and more
secure by implementing these features into applications and software.
3. Discussion and justification of IT Security Models and Access Controls
IT Security Models consists of a model of computation and a model of distributed
computing. There are multiple security models like State machine models, Lattice models,
Non-interference models, Bell-LaPadu Confidentiality model, Information Flow model,
Clark-Wilson Integrity model, Biba Integrity model, Graham-Denning model and much
more. A secure lattice model deals with multilevel security, the state machine model deals
with securing a system capturing a particular state of the machine. The non-interference
model addresses the potential threats while someone access one’s computer (Seo & Emura,
2013). Bell-LaPadu Model looks after the confidentiality facet of the system, there are two
rules involved; first one is Simple security rule and the other one Star property rule. The
Simple security rule showcases that no subject will be able to read the data that pertains at the
high-security level, the star property rule showcases that no subject will be able to write
anything at lower security levels (Kearns, 2016). Biba Integrity Model has three rules simple
integrity rule, star integrity rule and invocation property, simple integrity rule showcases that
from a lower integrity level no subject can be read, star integrity rule showcases that at a
higher integrity level no subject can compose data to an object, the invocation property
showcases that at a higher integrity level no subject can call upon any subject or object.
The access control is two types physical and logical. Physical access relates to
buildings and campuses while the logical access mainly relates to computer networks, system
Document Page
5IT RISK MANAGEMENT
files and IT resources. The access control involves authorization, and authentication process,
it basically includes the identification process by means of personal identification numbers,
electronic keys, biometric scans.
4. Discussion and justification of IT Security Threat and risk assessment
IT security threat and security risk assessment involve scope or opportunities, a
collection of data, detail analysis of security policies, detail analysis of the threats occurred,
vulnerability analysis and the assessment of the risks associated with it.
Scope: The scope of opportunities is associated with the security of the software, what
must be protected and to what level.
Collecting data: This step involves all the security policies collected all together and
identify the undocumented policies.
Detail analysis of security policies: It is necessary to identify the problems and also
the analysis of the policies and procedures to measure what the organisations are following
and to what extent (Silva et al., 2014). Special care is taken to detect any noncompliance
when required.
Vulnerability analysis: The need of vulnerability analysis is necessary to analysis
from the collected documents to detect the matters related to the confidentiality, integrity and
availability (McNeil, Frey & Embrechts, 2015).
Threat analysis: Threat analysis involves both human and non-human components.
Human components involve the non-technical staff, theft, hackers, inexperienced IT staff,
electricians and technicians, whereas non-human components involve the floods, lightning
strikes, plumbing viruses, fire, heat and air (Damenu & Balakrishna, 2015).

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6IT RISK MANAGEMENT
5. Conclusion
It can be concluded from the above discourse that the developers must implement the
security policies while developing multi platform applications. This report showcases the
developers' creating multi-platform software applications according to the clients' needs. This
report also grandstands the different security models that are associated with software
development. The security threat and the risk assessment associated with the applications
have been discussed in this report elaborately. The scope or opportunities, a collection of
data, detail analysis of security policies, detail analysis of the threats occurred, vulnerability
analysis and the assessment of the risks associated with it have showcased in details.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7IT RISK MANAGEMENT
6. References
Damenu, T. K., & Balakrishna, C. (2015, September). Cloud Security Risk Management: A
Critical Review. In Next Generation Mobile Applications, Services and Technologies,
2015 9th International Conference on (pp. 370-375). IEEE.
Dara, A., & Sangamwar, A. T. (2014). Clearing the fog of anticancer patents from 1993–
2013: through an in-depth technology landscape & target analysis from pioneer
research institutes and universities worldwide. PloS one, 9(8), e103847.
Kearns, G. S. (2016). Countering mobile device threats: A mobile device security
model. Journal of Forensic & Investigative Accounting, 8(1).
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Page, E. H. (2017). Modeling and Simulation (M&S) Technology Landscape. In Guide to
Simulation-Based Disciplines (pp. 25-35). Springer, Cham.
Pattasseril, J., Varadaraju, H., Lock, L., & Rowley, J. A. (2013). Downstream technology
landscape for large-scale therapeutic cell processing. Bioprocess Int, 11(3), 38-47.
Seo, J. H., & Emura, K. (2013, January). Revocable Identity-Based Encryption Revisited:
Security Model and Construction. In Public Key Cryptography (Vol. 7778, pp. 216-
234).
Silva, M. M., de Gusmão, A. P. H., Poleto, T., e Silva, L. C., & Costa, A. P. C. S. (2014). A
multidimensional approach to information security risk management using FMEA and
fuzzy theory. International Journal of Information Management, 34(6), 733-740.
chevron_up_icon
1 out of 8
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.