IT Security Overview

Verified

Added on 2020/03/16

AI Summary

This report delves into IT security, covering its importance in protecting computer systems from threats and vulnerabilities. It discusses the technology landscape, access controls, and risk assessment strategies that organizations must implement to safeguard their data. The report emphasizes the need for continuous adaptation to evolving threats and the establishment of robust security models to mitigate risks effectively.

Running Head: IT SECURITY 1
IT Security
Student’s Name
Institution

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT SECURITY 2
Contents
Introduction.................................................................................................................................................2
IT Security & Technology Landscape...........................................................................................................2
IT Models & Access Controls.......................................................................................................................3
IT Security Threat & Risk Assessment..........................................................................................................3
Conclusion...................................................................................................................................................4
References...................................................................................................................................................4

IT SECURITY 3
IT Security
Introduction
IT Security which is also known as cyber or computer security is the process or actions
performed to ensure computer systems are protected from damage or theft in regard to the
information they hold and the hardware and software in which they use. IT security and the
technology landscape refer how IT security is implemented and maintained based on the
technology practices and resources available. IT security models are schemes which are provided
to aid in enforcing and specifying security policies (Katsicas, 2009). Access control is the act of
restricting access to a system or resource and only allowing a few individuals who have been
authorized to access the system. IT security threat and risk assessment is the process or act of
performing a risk assessment to establish to what degree a system is at threat or being breached
or accessible to unwanted parties.
IT Security & Technology Landscape
IT Security refers to the protection of systems to avoid misdirection or disruption as they
provide their services. IT security and the respective technology landscape covers various
spheres. Vulnerabilities are weaknesses which are identified and exploited in a systems design
and used to enable an individual gain access to the system. The act of gaining access to a system
without authorized access is known as vulnerability exploitation (ISACA, 2006). There are
various systems which have been developed to help secure systems. The current technological
landscape has been improving to ensure that systems are kept safer (Pipkin, 2000). Though there
are new vulnerabilities being discovered and exploited, the technological landscape is improving
to ensure that they are being patched so that malicious individuals will not be able to exploit

IT SECURITY 4
systems. The changes in the technology landscape have also brought about machines which are
very powerful and affordable to individuals who may utilize them in trying to breach various IT
systems. It is therefore upon any organization to be innovative and adapt so that they are able to
keep their systems from being breached.
IT Models & Access Controls
IT models are necessary in ensuring that a company can come up with policies which can
guide them as they face various IT security risks. The models are in place as a guideline to help
any company which has them in knowing the most appropriate procedure to take in case a
security problem arises. The models are advantageous because they display a company’s
preparedness in dealing with IT security risks (Schliemger & Teufer, 2003). Access control is
one such model of IT security. A company can have a policy which limits the kind of clearance
any employee has to their system. Here the employees will be granted access to a part of the
system which will enable them to perform their duties. A selected few individuals are the only
ones who are granted full access to the system because their roles may need such kind of
clearance.
IT Security Threat & Risk Assessment
In the rise of the digital age, information has become an invaluable resource. The large
amounts of data generated by people is being used to predict future business and trends that may
arise. This is the reason why most companies are increasingly becoming very dependent and
careful with their data. They know data is an important resource to their businesses and they
protect it so that they are able to operate effectively (Gordon & Loeb, 2002). There are
individuals with malicious intent who have identified that data is indeed a good resource and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT SECURITY 5
they try to access data which belongs to other companies for malicious purposes. Data is stored
in the database of a company and therefore it is run and controlled by a system. These
individuals are able to gain access to the system and tamper with the data or steal it for purposes
such as selling to the company’s competitor. Most companies know that this acts are a risk which
they face every day and therefore they need to invest heavily in ensuring that IT security within
the organization is always at optimum levels. Most companies today have a risk assessment
strategy in which they evaluate the level of risk they can take while venturing into their business
(McDermott & Geer, 2001). When a company has performed a risk assessment especially
regarding IT they can plan for all the risks which can occur and even come up with a risk
transference strategy where any risk they incur will be transferred to their insurer.
Conclusion
IT security is very important today especially for companies. The need to ensure that they
have setup the necessary steps, infrastructure and resources to maintain a high level of IT
security within their organizations. They also need to ensure that they have done risk assessment
which will help them plan for any IT issues that may arise (ISACA, 2008). The technology
landscape today is such that it is evolving at a very fast pace. Companies also need to do the
same to ensure they are always ahead of anyone who may wish to breach their systems. The
threat and risk assessment strategies in a company enable them to come up with models which
they can use when an IT security issue arises. Preparation or prevention for a company is the best
approach in handling IT security issues. The models formed can be used as a guideline in
safeguarding an organization and its information from unauthorized access. IT security is
therefore a structure in which any company should implement and have in place to protect
themselves as they endeavor to achieve their mission.

IT SECURITY 6
References
Engineering Principles for Information Technology Security. csrc.nist.gov
Gordon L. & Loeb M. (2002). The Economics of Information Security Investment. ACM
Transactions on Information and System Security. 5(4): 438-457.
ISACA (2006). CISA Review Manual. Information Systems Audit and Control Association. p.85
ISACA (2008). Glossary of Terms. Retrieved from www.isaca.org
Katsicas S. K. (2009). Computer and Information Security Handbook. Morgan Kaufmann
Publications. Elsevier Inc. p.605.
McDermott B. E. & Geer D. (2001). Information security is information risk management. In
Proceedings of the 2001 Workshop on New Security Paradigms. Pp. 97 -104.
Pipkin D. (2000). Information security: Protecting the global enterprise. Hewlett-Packard
Company.
Schliemger T. & Teufer S. (2003). Information Security culture from analysis to change. South
African Computer Journal. 31: 46-52.