University IT Management Assignment: Security & Risk Analysis

Verified

Added on 2023/04/20

AI Summary

This document provides a comprehensive analysis of an Information Technology Management assignment, addressing key concepts in information security and risk management. The assignment explores topics such as the DISA training and Cyber Protect simulation, emphasizing the importance of budget, technology, and security goals. It delves into the roles and responsibilities of authorizing officials, the three forms of access control mechanisms (Discretionary, Mandatory, and Role-Based), and the phases of the Risk Management Framework (RMF). Furthermore, the assignment contrasts baseline and benchmarking, Business Impact Analysis (BIA) in contingency planning, and the differences between Business Continuity and Disaster Recovery planning. It also examines intrusion detection systems (signature-based and anomaly-based), firewall architectures (single bastion host and dual-homed host), and firewall devices (packet filtering and Unified Threat Management). The solution incorporates insights from the "Management of Information Security" textbooks by Whitman & Mattord, providing a detailed understanding of the subject matter.

Running head: INFORMATION TECHNOLOGY MANAGEMENT
Information Technology Management
Name of the Student
Name of the University
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION TECHNOLOGY MANAGEMENT
From the DISA training and Cyber Protect simulation, please share what you learned from
the experience. In your opinion, what does this simulation tool teach people with respect to
budget, technology, and our goals for information security? Please share what your
strategies were and what your best scores were.
The DISA training and the simulation tool which helps in understanding the securities
associated with the information systems. The risks associated with the information systems are
discussed in the training sessions. Budget is a huge issue for maintaining the security of the
information systems as there is a need of huge initial financial investment. The functional and
technical training helped in understanding the technologies associated with Joint deployment
training center (Whitman & Mattord, 2013). The training session helped in understanding the
importance of the joint deployment, situational awareness. The different aspects of
administration in terms of the security measures was discussed in the training. The strategies that
were selected for the training was to understand the different constraints associated with the
simulation tool so that the understandings can be applied in real situations.
From the AO training, what did you learn about the importance of the role and its
responsibilities?
The role and responsibilities of the authorizing official is very much important for the
operations of the information systems. The different risks associated with the information
systems are properly managed with the help of the authorizing officials. The assets associated
with the information systems are managed with the help of the authorizing officials, the
stakeholders associated with the information systems also falls under the category of the
authorizing officials. The AO training was important to understand the importance of the
strategic risk management, the policies associated with the information systems was understood

INFORMATION TECHNOLOGY MANAGEMENT
with the help of this training session. The different types of risks and risk management tool was
understood with the help of this training. The core competencies of the system and application
security was also an important aspect of the training.
In Chapter 8, we reviewed 3 forms of Access Control mechanisms. What are those three
types and how are each one different?
The different types of Access Control Mechanism are as followings:
o Discretionary Access Control: It is defined as the type of access control which helps in
restricting the objects considering the true identity of the subject. Permissions are
required in every stage of the mechanism; the controls are fully discretionary in this type
of access mechanism.
o Mandatory Access Control: It is defined as the type of access control where the
Operating System plays a huge role, it helps in controlling the ability of the subjects
according to the target. The main targets of this kind of access control are the files,
directories, IO devices, and the TCP/UDP ports. This category of MAC has multi-level
security, unlike the other categories.
o Role-Based Access Control Technology: It is defined as the type of access control
which helps in restricting the entry of unauthorized users in the system. This type of
access control technology is generally used in the bigger organization unlike the above-
discussed categories of access control. This category of access model is more flexible
than the other access controls.

INFORMATION TECHNOLOGY MANAGEMENT
In many chapters, we discussed the Risk Management Framework (RMF). List each phase
and describe what happens in each phase. With its cyclical design, what does the RMF
hope to reinforce with information security officers?
There are different phases present in the Risk Management Framework such as the
followings:
o Categorize: The essential information about the system can be transmitted, processed
and stored which will help in categorizing the risks involved with the systems.
o Select: Baseline security control must be selected based on the first step. Assessments of
the risks is done with the help of this step of the framework.
o Implement: The security protocols must be properly implemented in the system.
o Access: The access of the security controls should be restricted only to selected admins of
the organization.
o Authorize: Different types of operations of the systems should be professionally
authorized so that the future probable risks associated with the organization can be
minimized.
o Monitor: The security controls of the system should be properly monitored so that the
effectiveness of the framework is maintained.
The discussed cyclical design helps in understanding the information security officers can
understand the amount of threat which still persists in the system even after all the preventive
measures, amount of vulnerability which is reduced by the safeguards, risks which are not
covered by the framework and value of the assets of the system considering the security threats.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION TECHNOLOGY MANAGEMENT
In Chapter 9, we discussed baseline and benchmarking. Describe both and compare how
they are similar and how they are different.
Baseline is defined as the type of measurement at a given point of time and
Benchmarking is defined as the type of measurement which compares the entity with the
industrial standards.
Baseline Benchmarking
Similarity It is a type of strategic
planning. Known
configurations is used in this
category.
It is also a type of strategic
planning. Unknown category
are used in the benchmarking.
Difference It only considers the entity
which is selected for
planning.
It considers the industry
standards which is more
useful as compared with the
baseline.
Table 1: Difference and similarity of bench making and baseline
(Source: Created by the author)
We discussed the BIA in Contingency Planning and Risk Assessments. What is the BIA and
what is its importance in the planning process?
It is defined as the type of analysis technique used in the business processes for the
identification of the critical aspects of the business. The nature and impact of the critical aspects
are analyzed with the help of the Business Impact Analysis. The recovery strategies are
identified with the help of BIA.
In planning process BIA is very much useful to understand the potentials risks associated
with the business (Whitman & Mattord, 2011). The risks and the challenges of the business can
be identified with the help of the involvement of BIA in planning process.

INFORMATION TECHNOLOGY MANAGEMENT
In Chapter 10, we reviewed both Business Continuity and Disaster Recovery planning. Are
these synonymous or are they different? Describe and compare these two and highlight
their differences (if any).
Based on the discussion in chapter 10, it can be said that the business continuity and
disaster recovery planning are not different from each other.
Business Continuity Disaster Recovery planning
It is defined as the ability of an organization
to maintain their normal procedures during
and after a disaster.
It is defined as the type of documented
process which is useful in the protection of
the assets of an organization from potential
disasters.
Any kind of emergency threats such as fire
can be tackled effectively with the help of the
business continuity.
Bigger hazards are considered to find the
effectiveness of this type of planning.
It deals with the non-technical aspects of the
organization.
It deals with the technical aspects of the
organization such as physical assets.
Table 2: Comparison between Business Continuity and Disaster Recovery planning
(Source: Created by the author)
In Chapter 12, we discussed two forms of Intrusion Detection. What are two forms and
how are they different? Are they competing or complimentary technologies?
Based on the discussions it can be found that the two forms of intrusion detection such as
the followings:
o Signature-based IDPS
o Anomaly-based IDPS
Signature-based IDPS Anomaly-based IDPS
Specific patterns are considered in this
technique such as byte sequences.
Both computer and network can be
secured with the help of this system.
Identifies the presence of malware with
matching bytecode of the software with
the signature of the malicious program.
It monitors the system activities and
classifies them as anomalous or not.

INFORMATION TECHNOLOGY MANAGEMENT
Table 3: Difference between Signature based IDPS and Anomaly-based IDPS
(Source: Created by the author)
Both the discussed technologies are competing technologies and are very much useful for
the detection of the malicious activities.
In Chapter 12, we discussed different firewall architectures. Compare two (2) architectures
to demonstrate your understanding.
Based on the discussions in chapter 12 the comparison between the two physical firewall
architectures are as followings:
Single Bastion Host Architecture Dual homed Host Firewall
Single device is configured with the filtered
packets which serves as a security point for
two networks.
It blocks the entry of the external data packets
with the help of the external filtering router
which is connected with the firewall
providing the service of NAT.
Only one network interfaces are involved in
this architecture.
Two network interfaces are involved in this
architecture.
Table 4: Comparison of two types of firewall architecture
(Source: Created by the author)
In Chapter 12, we discussed different physical firewall devices. Compare two (2) different
types to demonstrate your understanding
Based on the discussions in chapter 12 the comparison between the two physical firewall
devices are as followings:
Packet filtering Firewalls Unified Threat Management devices
It filters every outgoing and incoming data. It plays the role of a middleman between the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION TECHNOLOGY MANAGEMENT
cache server and the requestor of the
information.
It can selectively packet filters as needed. It provides the proxy services in the network
as well as the firewall services.
Table 5: Comparison of two types of firewall devices
(Source: Created by the author)

INFORMATION TECHNOLOGY MANAGEMENT
Reference
Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Cengage Learning.
Whitman, M., & Mattord, H. (2013). Management of information security. Nelson Education.