Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Comprehensive Report on IT Security Risk Assessment & Management

Verified

Added on 2024/06/03

AI Summary

This report provides a comprehensive assessment of IT security risks within an organization, focusing on identifying various types of security threats such as ransomware, malware, viruses, spyware, and hackers. It details organizational security procedures, including data identification, documentation, configuration, password management, and security continuation. The report proposes a method to assess and treat IT security risks through risk assessment and management, emphasizing the importance of trusted networks and the potential impact of incorrect firewall configurations and third-party VPNs. Furthermore, it explores the implementation of DMZ, static IP, and NAT to enhance network security and discusses the benefits of network monitoring systems. The document reviews mechanisms to control organizational IT security, including risk assessment procedures, data protection processes, and regulations, summarizing the ISO 31000 risk management methodology and the possible impacts of IT security audits. Finally, it addresses the alignment of IT security with organizational policy, designs a security policy, lists the main components of a disaster recovery plan, discusses the roles of stakeholders, and evaluates the suitability of tools used in organizational policy. Desklib offers a variety of study tools and solved assignments for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

SECURITY
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

TABLE OF CONTENT
Introduction......................................................................................................................................1
LO1 Assess risks to IT security.......................................................................................................2
P1 Identify types of security risks to organisation......................................................................2
P2 Describe organisational security procedures..........................................................................4
M1 Propose a method to assess and treat IT security risks.........................................................6
D1 Investigate how a ‘trusted network’ may be part of an IT security solution.........................7
LO2 Describe IT security solutions.................................................................................................9
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................9
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security....................................................................................11
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
...................................................................................................................................................12
LO3 Review mechanisms to control organisational IT security...................................................13
P5 Discuss risk assessment procedures.....................................................................................13
P6 Explain data protection processes and regulations as applicable to an organisation...........15
M3 Summarize the ISO 31000 risk management methodology and its application in IT
security.......................................................................................................................................16
M4 Discuss possible impacts to organisational security resulting from an IT security audit.. .17
D2 Consider how IT security can be aligned with organisational policy, detailing the security
impact of any misalignment.......................................................................................................18
LO4 Manage organisational security.............................................................................................19
P7 Design and implement a security policy for an organisation...............................................19
P8 List the main components of an organisational disaster recovery plan, justifying the reasons
for inclusion...............................................................................................................................20
M5 Discuss the roles of stakeholders in the organisation to implement security audit
recommendations.......................................................................................................................21
D3 Evaluate the suitability of the tools used in an organisational policy..................................22
Conclusion.....................................................................................................................................23
References......................................................................................................................................24
2

LIST OF TABLES
Table 1: IT security aligned...........................................................................................................18
3

LIST OF FIGURES
Figure 1: Type of risk......................................................................................................................2
Figure 2: Risk procedure.................................................................................................................4
Figure 3: Type of networks..............................................................................................................7
Figure 4: Firewall............................................................................................................................9
Figure 5: VPNs functioning...........................................................................................................10
Figure 6: Benefit of the network monitoring.................................................................................12
Figure 7: Risk assessment procedure.............................................................................................13
Figure 8: Process View of the ISO 31000.....................................................................................16
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Introduction
The project is based on the security of the information technology in the organisation. As the
organisation face the lot of problems due to the lack of the security. The organisation is used in
the project is Maria for which the different type of network security has been described. Under
this project we have also explained the implementation of the DMZ, static IP and NAT for the
improvement of the network in the organisation. The network benefits and risk assessment has
also described in the project so that the risk can be manage and analysis in the proper way. The
data protection and regulation has also used in the project. The stakeholder audit is arranged by
the organisation for the recommendation of the project security. The stakeholder audit is one of
the best factors in the project as it will provide the proper measurement for the security of the
system.
1

LO1 Assess risks to IT security
P1 Identify types of security risks to organisation.
For the security of the organisation the proper inspection has to be done for the security of the
system. There are various type of risk arrive in the system that can cause the impact on the data
security and integrity.
Figure 1: Type of risk
(Source: Author)
Ransome and Malware Attack: The Ransome and malware attack can occur in the system while
accessing operation of the computer system. The attack usually corrupts the files and folder in
system after locking the machine that can damage the files hide and steal the information etc.
Viruses: The viruses can cause the effect on the operations of the system by slowing the speed
the computer operations, damaging the data, deleting the files etc.
2
IT Risk
Hackers
Ransom
e and
malware
attack
Viruses
Spaywa
re

Spyware: This type of risk cause the information leak to the unauthorized person that is third
party. The spyware can cause the access to the third person that can software and steal the
important data from the computer (Perlman et.al 2016).
Hackers: The hackers are the third party person that accesses the computer operation by
performing the unauthorized functions in the system. The hacker can access on the important
files and folder even if the files are protected.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

P2 Describe organisational security procedures
The Maria security can manage the system of the computer for the security by implementing the
proper procedure in the organisation.
Figure 2: Risk procedure
(Source: Self-created)
Identification of the data: The Maria must identify the confidential data so that the data can be
protected from the attacker.
Proper documentation: The organisation must follow the proper procedure for the
documentation of the system. The documents and files can be protected by implementing the
authentication to the user (Rittinghouse and Ransome 2016).
High configuration: The configuration of the high quality antivirus software in the system can
protect the files and folder and can avoid the threat and viruses attack.
Password Management: The password can be implemented in the system for the protection of
the important information and data. The password for the user can be providing to the authentic
person so that the data cannot be used by the unauthentic person.
4
Identification Documentatin Configuration
Password
protect
Security
continuation

Security procedure continuation: The organisation must continue the process for the protection
of the system. The discontinuation of the procedure or lack of the security can make the system
corrupt and data loss.
These are the basic procedure that has to be followed by the organisation for the security of the
business by following this process the data and information can be kept protected.
5

M1 Propose a method to assess and treat IT security risks
The data can be protected using the risk assessment and risk management. It refers to the data
identification and evaluation so that the problem can be resolve. The risk can be arising in the
computer by the hackers and attacker. By relating the schedule for the security of the
organisation can reduce the risk of attacker and hacker in the system. The risk assessment can
help the organisation to find out the major cause of the unwanted data deletion and risk of leak of
information. The Maria can implement the risk assessment in the organisation for the
identification of the risk and its renovation of problem (Chang et.al 2016).
Risk management: The risk can be managed by using the risk management process under this
procedure the risk can be analyses and the risk approach can be implemented for the risk
management. The risk matrix is also used to identify the risk by using the risk assessment. The
risk matrix identified by categorizing into two types such as probabilities and likelihood. With
the help of the risk matrix the proper risk management can be prepare for the identification of the
risk.
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

D1 Investigate how a ‘trusted network’ may be part of an IT security solution.
The term trusted network refer to that all the control or management in the under control of the
administrator or the manager. The network is secure by the trusted authority and the management
for the parameters of the organisation. There are three type of network trusted that is given
below:
Figure 3: Type of networks
(Source: Self-created)
Trusted Networks: For the monitoring or the security of the data the trusted network can be
implement the few of the system in the organisation such as the VPNs and firewall for the
security of the data.
Untrusted Network: The untrusted networks are implemented on the outside of the perimeter of
security as these can be considered as the shared or private network. After the configuration of
the firewall in the system the data can be identified (Border et.al 2015).
7
Network
Trusted
network
Untrusted
network
UnKnown
network

Unknown network: The network that is difficult to identify is known as neither the unknown
network as these are not the trusted nor the untrusted network. The networks which are not even
identified by the firewall also it can be unauthorized network those are not even identified.
These are the three different type of network used by the organisation for the identification of the
work process and data process.
8

LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs.
It is important for the organisation to manage the security of the system the in configuration of
the firewall and VPNs can affect the security of the of the business organisation. The impact of
the IT security will be negative as the incorrect configuration of the policies can lead the data
unmanageable and insecure from the threats and viruses.
Figure 4: Firewall
(Source: Author)
Incorrect configuration of firewall
The firewall provides the security in terms of the traffic that arises in the network of the
operating system. It monitors and controls the data by providing the effective rule on the network
security. The main caused that will happen in case of the incorrect configuration will be the lack
of the data security and its protection. The IP address cannot be able to pass the information from
one path to other because of the lack of the security (Aravindakshan et.al 2015).
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 5: VPNs functioning
(Source: Tom, 2011)
Incorrect configuration of VPNs
The VPNs refer to the virtual private network it provide the security while accessing the public
network and avoid the leak of the users’ information. It provide the protection to the privately
among the various level of the organisation. The incorrect configuration of VPNs can cause the
insecurity in the users information. The third person can involve in the attack and hacking of the
data in the organisation and can cause the in protection of the data.
10

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network
can improve Network Security.
The organisation can implement few of the network security for the protection of the
information and the important data. The types of network security are given below for the
organisation security:
DMZ: The demilitarized zone in the computer system provides the access to the network traffic
such as servers for the access of the email, Web, and HTTP controls. The DMZ provides the
excessive control on the data for example the Maria organisation can implement the DMZ for the
security of the Email access with the help of the web server.
Static IP: The IP contain the two type of IP address such as dynamic and static. The static IP
address provides the access to the external security of the system. The static IP address provides
the IP address which never changes it controls the DHCP server access. For instance the Maria
can access the static IP for the external security of the system.
NAT: The network access translation is the reoccurring of the IP address by modifying the
address of the network. It provides the improvement for the security of the organisation by
reusing the IP address. For Example the organisation can use the NAT for the configuration of
the IP Address (Ormazabal et.al 2016).
11

M2 Discuss three benefits to implement network monitoring systems with supporting reasons
The network monitoring system helps managing the network securities for the operation of the
system. The three benefit of the network monitoring are given below:
Figure 6: Benefit of the network monitoring
(Source: Author)
Cost Saver: The configuration of the quality network can reduce the cost in the field of the
security. The security for the files and data can be protected by using the well configured
network so that cost can be saved.
Reliabilities: The data can provide the reliability for the data by developing the various securities
for the organisation so that operation of the system can be protected.
Productivity: The network monitoring provides the productivity for the security of the system by
implementing the various security purposes (McNeil et.al 2015).
12
Cost
saver
Improved relaibility
Improve in productivity

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

LO3 Review mechanisms to control organisational IT security
P5 Discuss risk assessment procedures.
For the monitoring of the operating system safely the security of the system is most important so
that the information can be kept protected from the viruses and threats. The risk assessment
procedure for the organisation is given below:
Figure 7: Risk assessment procedure
(Source: Author)
Hazard Identification: for the access of the risk assessment the first step is to identify the hazard
such as the identification of the threats and viruses in the system.
Risk Action Taken. The second step that can be taken in the risk assessment is to provide the
necessary action on the system so that access of the viruses can be detected (Imperatore et.al
2018).
Record Saving: The third step of the risk assessment is to keep the record for the future
reference so that in case of the problem occurrence in future it can be rectify immediately.
13
Record saving
Review the risk managementHazard identification
Risk action taken

Review of the risk management: The Forth step of the risk assessment is to review the risk
management by involving the identification, evaluation and criticizing the risk.
14

P6 Explain data protection processes and regulations as applicable to an organisation
The Maria can implement various data protection in the organisation for the security of the data
and in organisation. The data can be protected by implementing the two factors in the system
such as backup and recovery. While in the computer sometime data can be lost after the access
of the virus and the threats in the system. In the case of the unwanted data deletion and lost the
backup can be used so that the data can be taken from the server and place on the same path from
where the data was deleted.
The recovery of the data can be used in the same case such as the deletion and loss of the data
recovery of the data is done from the back side of the computer system under which viruses get
affect the working of the operation of the data. The organisation must implement both the factor
so that the data can be kept save and secure by following the recovering and back up process.
The organisation must keep the data on the server as if data does not place on the server the
chances of data lost will be high and may be possible that the data cannot be recover or cannot be
taken the backup of the data (Hentunen 2017).
15

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

M3 Summarize the ISO 31000 risk management methodology and its application in IT security.
The risk methodology in the IT security is used for the follow of the proper procedure so that the
organisation can follow the application and can make it secure from the working of the
organisation. The risk methodologies include the various processes by which the organisation
can implement the application in the IT security are given below:
Figure 8: Process View of the ISO 31000
(Source: Author)
Above the major risk assessment which follow the procedure that include the monitoring,
consulting, communication and reviewing of the risk so that the risk can be rectify or reduce by
implementing these process in the management of the organisation. The organisation needs to
establish the factor of the risk resolution in the system of the computer so that the process can be
followed. The OCTAVE is known as the risk management methodology it means that
operationally, critical threats, assets and vulnerability identification. After the apply of the risk
management methodology can protect the information of the data and system security. The risk
methodology involves the proper functioning of the process by applying the treatment,
assessment, evaluation, analysis of the establishment of the content.
16

M4 Discuss possible impacts to organisational security resulting from an IT security audit.
The organisation audit is very necessary for the rectification of the viruses and threats from the
system. The security is important for every organisation so the audit must be arrange so that the
problem can be resolve by the auditors. The Maria can arrange the audit for the organisation
security:
Issues and problem: After the audit the auditors can analyses the crashes and virus in the
organisation and its causes that are affecting the availability and consistency of the system
operation.
Authentication access: For the security of the organisation the proper security can be
implementing in the system so that the data cannot be leaked or used by the unauthentic person.
The security of the system can be done by using the password or the lock to the system so that it
can be protected from the third person.
Expertise and cost implementation: The Maria can find the expert those are expert in the
protection of the system so that by giving the training and development to the expert the problem
can be identified by the expert after the arrival of the issues. The cost can be reducing for the
other effect of the rectification as after the expert indulgent can reduce the risk of the
organisation.
18

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

D2 Consider how IT security can be aligned with organisational policy, detailing the security
impact of any misalignment.
The risk of the threats and virus cannot be completely detected but it can be reduce by
implementing the various type of alignment in the organisation such as:
Table 1: IT security aligned
Planning The proper strategies can be applied in the organisation for the security. Plan can be make the IT security better flexible
Process The process can be used in the organisation after the implementation of the strategies.
Communication
 The communication between the auditors and the organisation manager must be strong so
that problem can be resolve in the systematic way.
 The proper communication can help in the reduction of the issues and can provide the
proper measurement for the IT Securities.
Technology The higher technology can be used by the organisation for the reduction of the viruses. The Technology can improve the working of the system in effective way.
Competencies It involves the communication and proper procedure follower so that the organisation
does not face any issue in the security of the organisation. For the expert in the organisation the skill expert will be needed for the reduction of the
risk. The experience expects can help the organisation to analysis the issue and its rectification
of the problem can be resolved by the experts.
19

LO4 Manage organisational security
P7 Design and implement a security policy for an organisation.
The security policies of the organisation is involving the CIA triads such as confidentially,
integrity and the availability with the help of these triads the data can be protected and secure.
Designing
 The organisation can find the engineer so that the risk can be reduced and it can rectify
by the experts.
 The risk can be identified after the analysis of the risk.
 The organisation must be considered the risk methodology for the implementation of the
risk security in the system.
 The security policies can be applied in the organisation for the protection of the system.
 The technical use can be implemented in the organisation so that the system can be
protected by antivirus software (White, G.B., Fisch, E.A. and Pooch, U.W., 2017).
Implementation
 For the security of the organisation the implementation of the software is required so that
the system can be protected. Proper training and development should be given to the experts. The organisation can consider the proper testing and review of the system so the threat
and viruses can be identify at the same time of the arrival. The system must be checked after the particular time so that rectification can be done
properly.
20

P8 List the main components of an organisational disaster recovery plan, justifying the reasons
for inclusion.
The organisation can be recovering the security by using the main component in the system. The
disaster recovery plan involves the various strategies in the organisation so that it can be secure
from the viruses and threats.
Backup: The security of the file and folder can be done with the help of the backup feature. This
feature is used while the data get lost by the user it can be re save by using the data from the
server. The server always keep the data protected and does not make the data loss so the user
always use the server to save the files as it keep the data secure.
Recovery: The recovery uses when the data get lost and deleted from the specific folder in that
case the data can be placed one again. The server recovers the data and save it on again with the
help of the server.
Redundancy: This feature provides the multiple copies of the particular file so that it can be
recover in the case of the deletion of the file.
21

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

M5 Discuss the roles of stakeholders in the organisation to implement security audit
recommendations.
The role of the stakeholder is very crucial as it provide the security procedure for the
organisation. The stakeholder visit the organisation can provide the recommendation for the
organisation growth. The audit can achieve the requirement of the organisation by approaching
the various factors in the system. The stakeholders provide the proper recommendation for the
problem of the organisation or it provide the varieties of solutions. For example the Maria can
organize the audit for the stakeholder to find out the measurement of the system. The stakeholder
visit will provide the proper functioning of the system as it will let the organisation know about
the prons and cons.
The steps are majorly followed by the stakeholders are given below such as:
 Quality assessment
 Monitoring of the performance
 Opinions
 Reporting
This process is implemented by the stakeholder in the audit as the stakeholder has to identify the
problem, its quality and monitoring of work, reporting and after all the stakeholder has to
recommend the opinion for the organisation. The stakeholder visit must be organized for the
protection of the security system in the organisation.
22

D3 Evaluate the suitability of the tools used in an organisational policy.
The various tools are used in the policies of the Maria organisation so that the information and
data can be protected by the users. The security of the organisation is very much important as the
data loss and unwanted activities can be prevented by using the tools for the protection. The
organisation has used the CIA triad for the data protection. The stakeholder audit is done in the
organisation for the opinion on the security of the data. The various security type have been
describe for the better network (Perlman, 2016).
 The risk assessment tool has been used in the organisation for the security purpose.
 The risk management has been used
 Risk matrix is used by the organisation for the monitoring, analyzing of the data in the
proper way.
 Network is used such as VPNs and firewall for the protection of the data and information.
23

Conclusion
The research has provided the various factors that can be implementing by the organisation for
the protection of the data and information. The IT security has provided the few of the type of
network for the prevention of the unwanted viruses and threats that are the cause of the lack of
the security. The risk management is implemented in the project for the security of the project
and its vulnerability. The project has provided the stakeholder visit in the organisation so that
proper analysis of the proper can be identified and can recommend the solution for the security
of the organisation.
24

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

References
Books and Journals
 Aravindakshan, V., Kumar, K. and Kummur, A., Citrix Systems Inc, 2015. Systems and
methods for network filtering in VPN. U.S. Patent 8,990,901.
 Border, J., Dillon, D. and Pardee, P., Hughes Network Systems LLC, 2015. Method and
system for communicating over a segmented virtual private network (VPN). U.S. Patent
8,976,798.
 Chang, V., Kuo, Y.H. and Ramachandran, M., 2016. Cloud computing adoption
framework: A security framework for business clouds. Future Generation Computer
Systems, 57, pp.24-41.
 Hentunen, D., F Secure Corp, 2017. Preventing Security Threats in a Computer Network.
U.S. Patent Application 15/604,769.
 Imperatore, N., Rispo, A., Testa, A., Bucci, L., Luglio, G., De Palma, G.D., Rea, M.,
Nardone, O.M., Caporaso, N. and Castiglione, F., 2018. P276 Risk matrix model for
prediction of one-year surgery in Crohn’s disease. Journal of Crohn's and
Colitis, 12(supplement_1), pp.S240-S241.
 Li, W., 2014. Risk assessment of power systems: models, methods, and applications. John
Wiley & Sons
 McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management:
Concepts, techniques and tools. Princeton university press.
 Ormazabal, G.S., Schulzrinne, H.G., Yardeni, E. and Singh, K., Verizon Patent and
Licensing Inc, 2016. System and method for testing network firewall using fine
granularity measurements. U.S. Patent 9,374,342.
 Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private
communication in a public world. Pearson Education India.
 Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private
communication in a public world. Pearson Education India.
 Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation,
management, and security. CRC press
25

 White, G.B., Fisch, E.A. and Pooch, U.W., 2017. Computer system and network security.
CRC press
Online reference
 Author, 2018. Firewall [online] [Accessed through] <
http://oglacs.blogspot.in/2011/07/securing-your-network-hardware> [Accessed on 25th
May, 2018]
 Tom K, 2011. VPNs functioning [online] [Accessed through]
<http://tomkconsulting.com/news019-about-VPNs> [Accessed on 25th May, 2018]
 Author, 2018.Process view of the ISO 31000 [online] [Accessed through] <
https://www.riskwatch.com/2018/03/19/risk> [Accessed on 25th May, 2018]
26