IT Security Principles: Risks, Policies, and Procedures for FDL
VerifiedAdded on  2020/06/06
|16
|4980
|104
Report
AI Summary
This report provides a detailed analysis of IT security principles, focusing on the various types of security risks faced by organizations, particularly FDL. It explores the potential consequences of these risks, including data breaches, financial losses, and reputational damage. The report then outlines the policies and procedures organizations can implement to mitigate these risks, such as data encryption, firewall installation, and employee training. It also delves into the strengths and weaknesses of these procedures, emphasizing the importance of regular updates and comprehensive security measures. Furthermore, the report addresses the specific security risks associated with cloud services and concludes with a comprehensive overview of the findings and recommendations for enhancing IT security within the organization. The report covers various aspects of IT security, including viruses, hackers, disgruntled employees, geopolitical instability, data privacy, compliance management, and digital marketing. The analysis covers the impact of these threats and the policies that can be used to mitigate them. Finally, the report also discusses the operational impact of security breaches, including reputation damage and financial loss.
IT Security Principles
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
A) Types of security risks to organisation..............................................................................1
B) What consequences can organisation have with risks.......................................................2
C) Policies and procedures followed to reduce risks..............................................................3
D) Strengths and weakness of procedures followed...............................................................6
E) Security risks associated with cloud services....................................................................7
CONCLUSION:.............................................................................................................................11
REFERENCES:.............................................................................................................................12
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
A) Types of security risks to organisation..............................................................................1
B) What consequences can organisation have with risks.......................................................2
C) Policies and procedures followed to reduce risks..............................................................3
D) Strengths and weakness of procedures followed...............................................................6
E) Security risks associated with cloud services....................................................................7
CONCLUSION:.............................................................................................................................11
REFERENCES:.............................................................................................................................12
INTRODUCTION
In present era many organisations are facing cyber threats or risks, as information has to
be shared with each other through network. Also, without connecting to each other business
operations can be performed. Moreover, a cyber attack can highly damage the overall
functioning of organisation (Ahson and Ilyas, 2017). It can enter into database and can leak
useful and confidential information or data. The data can be misused it leading to reducing the
brand image of organisation. These threats can have a long term impact on company. For
preventing cyber attacks systems and networks have to highly protected with firewalls and anti
viruses. Otherwise, it will damage the entire network. This report will show security risk to
organisation and policies developed to deal with it.
TASK 1
A) Types of security risks to organisation
An organisation is highly influenced by various types of security threats and risks. It
affects the data and information of employees as well as organisation. Also, data security is an
issue because it consists of various measures that has to be taken while keeping the track record
of data.
There are various types of security risk to FDL. These are as follows:-
Viruses- A virus once entered into the system can quickly spread within the entire network. A
virus copies itself and infect other machines (Merkow and Breithaupt,2014). They are spread via
e mails, messaging, etc. It can start creating causes to security policies of organisation. It can
propagate files on other networks.
Hackers – The system of FDL is also susceptible to the various hacking attacks that helps in the
effective handling of the various operations related to IT in the firm. The hackers can make the
serious attempt to infiltrate into the company and can get the unethical access to the vital
information and resources of company, that can affect it adversely.
Disgruntled Employee’s – The company has to look after the disgruntled employee's that will
lay an impact on the overall operations of the company. They can harm the data integrity and
security of FDL and can lead to the negative impact on the company.
1
In present era many organisations are facing cyber threats or risks, as information has to
be shared with each other through network. Also, without connecting to each other business
operations can be performed. Moreover, a cyber attack can highly damage the overall
functioning of organisation (Ahson and Ilyas, 2017). It can enter into database and can leak
useful and confidential information or data. The data can be misused it leading to reducing the
brand image of organisation. These threats can have a long term impact on company. For
preventing cyber attacks systems and networks have to highly protected with firewalls and anti
viruses. Otherwise, it will damage the entire network. This report will show security risk to
organisation and policies developed to deal with it.
TASK 1
A) Types of security risks to organisation
An organisation is highly influenced by various types of security threats and risks. It
affects the data and information of employees as well as organisation. Also, data security is an
issue because it consists of various measures that has to be taken while keeping the track record
of data.
There are various types of security risk to FDL. These are as follows:-
Viruses- A virus once entered into the system can quickly spread within the entire network. A
virus copies itself and infect other machines (Merkow and Breithaupt,2014). They are spread via
e mails, messaging, etc. It can start creating causes to security policies of organisation. It can
propagate files on other networks.
Hackers – The system of FDL is also susceptible to the various hacking attacks that helps in the
effective handling of the various operations related to IT in the firm. The hackers can make the
serious attempt to infiltrate into the company and can get the unethical access to the vital
information and resources of company, that can affect it adversely.
Disgruntled Employee’s – The company has to look after the disgruntled employee's that will
lay an impact on the overall operations of the company. They can harm the data integrity and
security of FDL and can lead to the negative impact on the company.
1
Geopolitical instability: The global and political issues will also lay a deep and significant
impact on the effective functions of the company and meeting the requirements of the company
in a better way. FDL has to take into consideration the better handling of various impacting
factor on the global scale to sustain the better operational capacity of its firm.
Data Privacy: As data or information is the most crucial and integral part of an organisation,
FDL has to look after its effective handling and maintaining its security. The data privacy is very
necessary to carry on the various operations of the company.
Compliance management: The compliance management system or CMS helps in the effective
handling of the various operations that helps in the effective handling of the various operations
of the company and carry out the various operations in a very effective way. It is a set of rules or
regulations that helps the FDL that helps in the better handling of the different operations in the
company.
Digital marketing: The digital marketing will also lay a deep impact on various operation that
may affect the functional capacity of the company.
B) What consequences can organisation have with risks
With the above security threats an organisation can be highly affected. All the security
risks such as viruses, malware, spam, etc. can occur within a network affecting the entire
business operations (Jamshidi, 2017). This can lead to leakage of confidential information and
data.
Virus- A virus can infect the overall network within an organisation. It can copy files, data,
information, etc. It reduces memory space, damage disks, etc. leading to sudden failure of
system. It also corrupts the computer by slowing down or changing the sequence of operations.
(Taylor, , Fritsch, and Liederbach,, 2014). Also, if virus is entered then it becomes difficult to
access some data. It hinders the computer ability and accessing programs smoothly. Some virus
are designed in such a way that they re modify themselves into system even after removing.
Disgruntled Employee’s- It may lead to leaking of useful information such as formulas,
process, methods, etc. This can be used by other business to take competitive advantage. Also, it
creates fear in employees as they might lose their job. Moreover,
2
impact on the effective functions of the company and meeting the requirements of the company
in a better way. FDL has to take into consideration the better handling of various impacting
factor on the global scale to sustain the better operational capacity of its firm.
Data Privacy: As data or information is the most crucial and integral part of an organisation,
FDL has to look after its effective handling and maintaining its security. The data privacy is very
necessary to carry on the various operations of the company.
Compliance management: The compliance management system or CMS helps in the effective
handling of the various operations that helps in the effective handling of the various operations
of the company and carry out the various operations in a very effective way. It is a set of rules or
regulations that helps the FDL that helps in the better handling of the different operations in the
company.
Digital marketing: The digital marketing will also lay a deep impact on various operation that
may affect the functional capacity of the company.
B) What consequences can organisation have with risks
With the above security threats an organisation can be highly affected. All the security
risks such as viruses, malware, spam, etc. can occur within a network affecting the entire
business operations (Jamshidi, 2017). This can lead to leakage of confidential information and
data.
Virus- A virus can infect the overall network within an organisation. It can copy files, data,
information, etc. It reduces memory space, damage disks, etc. leading to sudden failure of
system. It also corrupts the computer by slowing down or changing the sequence of operations.
(Taylor, , Fritsch, and Liederbach,, 2014). Also, if virus is entered then it becomes difficult to
access some data. It hinders the computer ability and accessing programs smoothly. Some virus
are designed in such a way that they re modify themselves into system even after removing.
Disgruntled Employee’s- It may lead to leaking of useful information such as formulas,
process, methods, etc. This can be used by other business to take competitive advantage. Also, it
creates fear in employees as they might lose their job. Moreover,
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Geopolitical instability- This may hamper the entire industry. It takes place at large level so it
leads to huge amount of financial loss of nation. Also, company loses its brand image and market
value.
Data Privacy- It highly affects the organisation as its confidential data is been leaked. The
questions are raised on their privacy policy. Employees start complaining about this and it leads
to decrease in their satisfaction.
Compliance management- The compliance management will help in the better handling of the
various operations and helps in the effective handling of different operations that helps in the
better management of different operations in company in a very ethical way.
Digital marketing: The digital marketing is prone to many risks of fake customers, phishers and
other cyber threats, that can lay a negative impact on the operations of the company.
C) Policies and procedures followed to reduce risks
In order to protect the network from cyber attack organisation has to developed effective
and strong policies. These policies are followed and implemented by management to ensure that
employee have to follow specific rules while sharing data in network. Also, these policies are
changed according to changes in systems and process (Nelson and Staggers, 2016). Also,
policies defines what actions have to be taken in case of security breach. Moreover, a proper
structure is defined on how network will work and who will be having the access of database. So
for dealing with different types of security risk shown above certain policies are developed.
These are describes below:-
ï‚· The data or information regarding the various operations and clients of the company
should be safeguarded by the company using various security measures.
ï‚· Only authorised individuals must be provided with the accessibility to these resources to
prevent any sort of data breaching or loss in the company.
 Disgruntled employee’s must be handles with strictness and strong actions should be
taken to prevent the future repetition.
ï‚· Effective management of the various data resources and management of the operations of
the company helps in the better handling of the various operations that helps in the
effective handling of different operations at HDL.
3
leads to huge amount of financial loss of nation. Also, company loses its brand image and market
value.
Data Privacy- It highly affects the organisation as its confidential data is been leaked. The
questions are raised on their privacy policy. Employees start complaining about this and it leads
to decrease in their satisfaction.
Compliance management- The compliance management will help in the better handling of the
various operations and helps in the effective handling of different operations that helps in the
better management of different operations in company in a very ethical way.
Digital marketing: The digital marketing is prone to many risks of fake customers, phishers and
other cyber threats, that can lay a negative impact on the operations of the company.
C) Policies and procedures followed to reduce risks
In order to protect the network from cyber attack organisation has to developed effective
and strong policies. These policies are followed and implemented by management to ensure that
employee have to follow specific rules while sharing data in network. Also, these policies are
changed according to changes in systems and process (Nelson and Staggers, 2016). Also,
policies defines what actions have to be taken in case of security breach. Moreover, a proper
structure is defined on how network will work and who will be having the access of database. So
for dealing with different types of security risk shown above certain policies are developed.
These are describes below:-
ï‚· The data or information regarding the various operations and clients of the company
should be safeguarded by the company using various security measures.
ï‚· Only authorised individuals must be provided with the accessibility to these resources to
prevent any sort of data breaching or loss in the company.
 Disgruntled employee’s must be handles with strictness and strong actions should be
taken to prevent the future repetition.
ï‚· Effective management of the various data resources and management of the operations of
the company helps in the better handling of the various operations that helps in the
effective handling of different operations at HDL.
3
Some major attacks are as follows:
Disgruntled Employee’s- It is an internal cyber attack which involves employees. This includes
using unauthorised access to gain some sensitive information or data of company. By doing this
an employee generally wants to gain financial advantage.
Geopolitical instability- This is a global level attack where hacker from different country
attacks' anther country. It is due to poor relationships between them.
Data Privacy- This means breaching of confidential data or information of a company. It is done
by breaking the privacy policy of company. It happens when there are loop wholes in privacy
policy or an employee by mistake shares it on network.
Compliance management- It is a process that contains specific set of rules and regulations to be
followed. It consists of many forms that has to be filled. The rules refer to compliance standards
and the process through which it is managed is called compliance management. An employee
breaking these rules may result in cyber crime.
Digital marketing- It is a process through which business activities like promoting and
advertising goods or services is done online. It uses different channels such as social media, e
mails, websites, etc. This can lead to cyber attack through a hacker or outside person.
Data- No confidential data must be shared via e mails.
Systems- All systems must use single e mail software to share information via network. If any
one system gets spam e mails then it must be restricted to enter into network.
Network- Policy must be created to restrict the use of untrusted websites. Moreover, limited
access must be given for using websites that can cause security threats.
Web system- These systems must be designed with effective security measures and software so
that it can automatically detect spam and remove it (Tarafdar, and et..al 2015). Also, it can
identify and delete spam mails.
Virus- The only way to control virus is installing anti virus in the system. This will allow system
to detect virus and scan it. Also, it will help in maintaining the efficiency of system. The anti
virus must be updated regularly to avoid system getting outdated. Along with this, if virus enters
4
Disgruntled Employee’s- It is an internal cyber attack which involves employees. This includes
using unauthorised access to gain some sensitive information or data of company. By doing this
an employee generally wants to gain financial advantage.
Geopolitical instability- This is a global level attack where hacker from different country
attacks' anther country. It is due to poor relationships between them.
Data Privacy- This means breaching of confidential data or information of a company. It is done
by breaking the privacy policy of company. It happens when there are loop wholes in privacy
policy or an employee by mistake shares it on network.
Compliance management- It is a process that contains specific set of rules and regulations to be
followed. It consists of many forms that has to be filled. The rules refer to compliance standards
and the process through which it is managed is called compliance management. An employee
breaking these rules may result in cyber crime.
Digital marketing- It is a process through which business activities like promoting and
advertising goods or services is done online. It uses different channels such as social media, e
mails, websites, etc. This can lead to cyber attack through a hacker or outside person.
Data- No confidential data must be shared via e mails.
Systems- All systems must use single e mail software to share information via network. If any
one system gets spam e mails then it must be restricted to enter into network.
Network- Policy must be created to restrict the use of untrusted websites. Moreover, limited
access must be given for using websites that can cause security threats.
Web system- These systems must be designed with effective security measures and software so
that it can automatically detect spam and remove it (Tarafdar, and et..al 2015). Also, it can
identify and delete spam mails.
Virus- The only way to control virus is installing anti virus in the system. This will allow system
to detect virus and scan it. Also, it will help in maintaining the efficiency of system. The anti
virus must be updated regularly to avoid system getting outdated. Along with this, if virus enters
4
in file then it must not be shared within network. It is important that anti virus installed must be
authentic otherwise it can lead to huge loss of data.
Data- All the data and information must be backed up. This will help in retrieving the lost data
from database.
Systems- Each system must be installed with anti virus. Policy must be made to check and
update system regularly so that it works properly (Laudon, and Laudon, 2016).
Network- Besides this, a procedure must be developed to scan the entire network. It will help in
determining outdated devices.
Malware- Policies must be made to detect malware and report suspected infections. There are
logical and physical policies for malware. The first thing that can be done is blocking peer to
peer networking. It can be done by enforcing policy at gateway using application device control
(ADC) component. Installing firewalls will act as defence external threat to organisation system.
Physical policy can includes restricting access to equipments, it will help in preventing theft,
human error, etc. For this an effective physical plan must be developed. It includes clients,
server, network devices, etc. within organisation. Logical security includes user ID and
password that is requires accessing the system. It contains use rights for sharing information on
the network. It means limiting use of media such as floppy disk, increasing controls on key
system, increasing levels of auditing, etc. (Ab Rahman, and et.al., 2016).
Data- It must be backed up and sensitive data must be encrypted. An effective database must be
maintained by proper security measures so that data can be protected. For this high security
privacy policy must be developed.
Systems- In this the system must be installed with firewalls. This will restrict unusual traffic
within the system. Each system must be having anti virus and updated software so that they
work properly. Policies must be developed to provide access only to organisational people for
using the systems. This will ensure privacy of data and system.
Web systems- These systems can be protected by designing in it proper way. Also, by using anti
virus and conducting screening and background checks. This will help in making system more
secured and protected.
5
authentic otherwise it can lead to huge loss of data.
Data- All the data and information must be backed up. This will help in retrieving the lost data
from database.
Systems- Each system must be installed with anti virus. Policy must be made to check and
update system regularly so that it works properly (Laudon, and Laudon, 2016).
Network- Besides this, a procedure must be developed to scan the entire network. It will help in
determining outdated devices.
Malware- Policies must be made to detect malware and report suspected infections. There are
logical and physical policies for malware. The first thing that can be done is blocking peer to
peer networking. It can be done by enforcing policy at gateway using application device control
(ADC) component. Installing firewalls will act as defence external threat to organisation system.
Physical policy can includes restricting access to equipments, it will help in preventing theft,
human error, etc. For this an effective physical plan must be developed. It includes clients,
server, network devices, etc. within organisation. Logical security includes user ID and
password that is requires accessing the system. It contains use rights for sharing information on
the network. It means limiting use of media such as floppy disk, increasing controls on key
system, increasing levels of auditing, etc. (Ab Rahman, and et.al., 2016).
Data- It must be backed up and sensitive data must be encrypted. An effective database must be
maintained by proper security measures so that data can be protected. For this high security
privacy policy must be developed.
Systems- In this the system must be installed with firewalls. This will restrict unusual traffic
within the system. Each system must be having anti virus and updated software so that they
work properly. Policies must be developed to provide access only to organisational people for
using the systems. This will ensure privacy of data and system.
Web systems- These systems can be protected by designing in it proper way. Also, by using anti
virus and conducting screening and background checks. This will help in making system more
secured and protected.
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Wireless system- In this system are connected without any wires. To protect these systems,
encryption devices can be used, it will help in limiting the access of data over network. Besides
this, router can be secured by changing the SSID of router. Moreover, passwords can be changed
to it more secured.
Network- IT should also be installed with firewalls. The purpose is to restrict unusual traffic
within network. Then network must be protected with firewall and cloud. This will block
unneeded traffic from entering into the network. Also, by restricting the limit of data that is
transferred can be done .
Operational impact of security breaches- A cyber attack can highly damage the entire business
operations. It may lead to decrease its financial position or brand image. Five impact are:-
Reputation damage- It can lead to decrease in customer trust ass well as stakeholders.
Customers will not be interested in associating with company if their data gets leaked.
Theft- Cyber crime can lead to theft of sensitive data. These data contains methods or formulas
used by company. Leakage of this will highly impact the brand image of company.
Financial loss- It is the major impact of cyber crime that will lead to financial loss of company.
Due to this business might faces financial crises. It directly affects its growth and development of
company.
Besides this, As IT officer, for the effective handling of the various operations certain
policies will be developed which will help in the effective management of the various operations
can be taken for better data security in company are:
ï‚· Disgruntled employee's: Such employee's must be handled with discipline for the better
management of the different operations of the company and meeting the security
requirements of the organisation. If an employee is found in suspicious activities,
termination can be taken for the effective handling of various operations.
ï‚· Geopolitical instability: The change or alteration of the geopolitical factors are needed
to be taken into proper consideration that helps in the better management of the
operations which helps in effective handling of various operations in company for better
data information and system security.
6
encryption devices can be used, it will help in limiting the access of data over network. Besides
this, router can be secured by changing the SSID of router. Moreover, passwords can be changed
to it more secured.
Network- IT should also be installed with firewalls. The purpose is to restrict unusual traffic
within network. Then network must be protected with firewall and cloud. This will block
unneeded traffic from entering into the network. Also, by restricting the limit of data that is
transferred can be done .
Operational impact of security breaches- A cyber attack can highly damage the entire business
operations. It may lead to decrease its financial position or brand image. Five impact are:-
Reputation damage- It can lead to decrease in customer trust ass well as stakeholders.
Customers will not be interested in associating with company if their data gets leaked.
Theft- Cyber crime can lead to theft of sensitive data. These data contains methods or formulas
used by company. Leakage of this will highly impact the brand image of company.
Financial loss- It is the major impact of cyber crime that will lead to financial loss of company.
Due to this business might faces financial crises. It directly affects its growth and development of
company.
Besides this, As IT officer, for the effective handling of the various operations certain
policies will be developed which will help in the effective management of the various operations
can be taken for better data security in company are:
ï‚· Disgruntled employee's: Such employee's must be handled with discipline for the better
management of the different operations of the company and meeting the security
requirements of the organisation. If an employee is found in suspicious activities,
termination can be taken for the effective handling of various operations.
ï‚· Geopolitical instability: The change or alteration of the geopolitical factors are needed
to be taken into proper consideration that helps in the better management of the
operations which helps in effective handling of various operations in company for better
data information and system security.
6
ï‚· Data privacy: The proper data privacy measures are required to be taken into
consideration that helps in the effective management of the various operations for
safeguarding the vital information of the HDL and its clients. It involves the effective
measures such as strong firewalls, device restriction and access authentication that helps
in the prevention of any attack on the data of company.
ï‚· Compliance management: The effective management of the compliance policies such
as no access to restricted resources, no indulgence in malpractices and proper following
of the various policies and regulations is must for the effective management of the system
security in company.
ï‚· Digital marketing: The approach of digital marketing is most prone to the cyber threats
and attacks. This helps in the effective handling of the measures that will help in the
fulfilment of the various operation's in company. Besides this, it will help in effective
handling of different cyber or system attacks.
Besides this, the effective handling of the system network that will help in the effective
handling of the various operations and thus will lead to the better fulfilment of different
operations in company. This will help the cited firm to avoid and tackle any sort of security
breach that may lead to lose of vital information of company.
D) Strengths and weakness of procedures followed
By implementing the above policies and procedures the security risks in systems and
networks can be removed. This will create an effective network for sharing information. But
there are certain strengths and weakness of polices applied. These are described below:-
Virus – To tackle the viruses in the system, effective measures of installing an Antivirus will be
taken into consideration. The major strength of it is that it provides the effective security to the
system from various threats but it has a drawback that it required to be updated effectively to
maintain its functioning.
Disgruntled employee's: The handling of the disgruntled employee's is quite tedious task but it
helps the company to maintain a data integrity and maintain a discipline in the company. But
sometimes it leads to the loss of the important information of the company and effect the image
of the firm.
7
consideration that helps in the effective management of the various operations for
safeguarding the vital information of the HDL and its clients. It involves the effective
measures such as strong firewalls, device restriction and access authentication that helps
in the prevention of any attack on the data of company.
ï‚· Compliance management: The effective management of the compliance policies such
as no access to restricted resources, no indulgence in malpractices and proper following
of the various policies and regulations is must for the effective management of the system
security in company.
ï‚· Digital marketing: The approach of digital marketing is most prone to the cyber threats
and attacks. This helps in the effective handling of the measures that will help in the
fulfilment of the various operation's in company. Besides this, it will help in effective
handling of different cyber or system attacks.
Besides this, the effective handling of the system network that will help in the effective
handling of the various operations and thus will lead to the better fulfilment of different
operations in company. This will help the cited firm to avoid and tackle any sort of security
breach that may lead to lose of vital information of company.
D) Strengths and weakness of procedures followed
By implementing the above policies and procedures the security risks in systems and
networks can be removed. This will create an effective network for sharing information. But
there are certain strengths and weakness of polices applied. These are described below:-
Virus – To tackle the viruses in the system, effective measures of installing an Antivirus will be
taken into consideration. The major strength of it is that it provides the effective security to the
system from various threats but it has a drawback that it required to be updated effectively to
maintain its functioning.
Disgruntled employee's: The handling of the disgruntled employee's is quite tedious task but it
helps the company to maintain a data integrity and maintain a discipline in the company. But
sometimes it leads to the loss of the important information of the company and effect the image
of the firm.
7
Geopolitical instability: This is required to be handled with care to maintain the productivity
and profitability of the company. Besides this, it can impact the working efficiency and
operational capacity of company.
Data Privacy: the data privacy will help the company to safeguard its vital information and data
against any sort of cyber attack. Besides this, it needs to be handled with effective caution to
meet the requirements of the company.
Compliance management: The effective management of various rules and regulations will help
in the better handling of various security measures in the company.
Digital marketing: It is needed to be handled in a very effective way to meet the requirements
of the company. Also, it helps in the increase oif productivity and profitability of company.
E) Security risks associated with cloud services
Cloud computing:- It is a model that uses network of remote servers on internet to store and
process data rather than using local network.
C- Common infrastructure
L- Location independence
O- Online accessibility
U- Utility pricing
D- On-Demand resources
NIST cloud service models are:-
Infrastructure as a Service (IaaS)- It is a self service model that manages remote data centre
infrastructure. It provides resources over internet by using third party such as Amazon web
services or Google. In this customer does payment for what he or she has used.
8
and profitability of the company. Besides this, it can impact the working efficiency and
operational capacity of company.
Data Privacy: the data privacy will help the company to safeguard its vital information and data
against any sort of cyber attack. Besides this, it needs to be handled with effective caution to
meet the requirements of the company.
Compliance management: The effective management of various rules and regulations will help
in the better handling of various security measures in the company.
Digital marketing: It is needed to be handled in a very effective way to meet the requirements
of the company. Also, it helps in the increase oif productivity and profitability of company.
E) Security risks associated with cloud services
Cloud computing:- It is a model that uses network of remote servers on internet to store and
process data rather than using local network.
C- Common infrastructure
L- Location independence
O- Online accessibility
U- Utility pricing
D- On-Demand resources
NIST cloud service models are:-
Infrastructure as a Service (IaaS)- It is a self service model that manages remote data centre
infrastructure. It provides resources over internet by using third party such as Amazon web
services or Google. In this customer does payment for what he or she has used.
8
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Platform as a Service (PaaS) – It helps organisation to build, rune and manage application
without using IT infrastructure. With this it becomes easy to make, develop applications. It
brings more efficiency in cloud. Also, it reduces cost of organisation.
Software as a Service (SaaS) – They are generally licensed software. It is a centrally hosted
cloud. It can be accessed directly from a web server without downloading or installing anything.
Cloud Deployment Models
Cloud can be deployed in a number of ways. The choice of deployment models really comes
down to whether you want to own the cloud, rent the cloud, or a mixture of both. It consists of
four types:-
Public cloud: Public cloud storage contains multi tenant storage that provides an environment
for unstructured data. In this data is stored at global level and services are provided to customers
who are spread all over the world. Each tenants in public cloud is isolated from others. This
provide a greater bandwidth network connectivity to transmit data. Its feature is that multiple
data centres are used. In these customers or organisation have to pay on how much data they
have used. This payment method is similar to utility model.
Private cloud: Private cloud storage is a model that is generally used by large business within a
specific environment. It runs on data centre that are installed with strong security measures.
Moreover, the customer base cloud storage are limited to outside environment of organisation. It
uses traditional information technology infrastructure that is difficult to maintain.
Community cloud: Infrastructure for the use of a specific community of consumers from
Various organisations with shared concerns (e.g. financial traders, airlines, government).
Hybrid cloud: Hybrid cloud is the combination of both public and private cloud storage. It is
like a third party service provider that have features of public ad private. It provides flexibility to
business by developing their own cloud infrastructure. It creates a gateway using application
program interface that serves between public and organisation premises. It is often implemented
by using a cloud storage appliance software
Problems in Cloud Computing
Loss of control - It refers to losing data, resources, etc. the security measures are provided by
cloud provider. It can be protected by monitoring cloud or using different cloud network./
9
without using IT infrastructure. With this it becomes easy to make, develop applications. It
brings more efficiency in cloud. Also, it reduces cost of organisation.
Software as a Service (SaaS) – They are generally licensed software. It is a centrally hosted
cloud. It can be accessed directly from a web server without downloading or installing anything.
Cloud Deployment Models
Cloud can be deployed in a number of ways. The choice of deployment models really comes
down to whether you want to own the cloud, rent the cloud, or a mixture of both. It consists of
four types:-
Public cloud: Public cloud storage contains multi tenant storage that provides an environment
for unstructured data. In this data is stored at global level and services are provided to customers
who are spread all over the world. Each tenants in public cloud is isolated from others. This
provide a greater bandwidth network connectivity to transmit data. Its feature is that multiple
data centres are used. In these customers or organisation have to pay on how much data they
have used. This payment method is similar to utility model.
Private cloud: Private cloud storage is a model that is generally used by large business within a
specific environment. It runs on data centre that are installed with strong security measures.
Moreover, the customer base cloud storage are limited to outside environment of organisation. It
uses traditional information technology infrastructure that is difficult to maintain.
Community cloud: Infrastructure for the use of a specific community of consumers from
Various organisations with shared concerns (e.g. financial traders, airlines, government).
Hybrid cloud: Hybrid cloud is the combination of both public and private cloud storage. It is
like a third party service provider that have features of public ad private. It provides flexibility to
business by developing their own cloud infrastructure. It creates a gateway using application
program interface that serves between public and organisation premises. It is often implemented
by using a cloud storage appliance software
Problems in Cloud Computing
Loss of control - It refers to losing data, resources, etc. the security measures are provided by
cloud provider. It can be protected by monitoring cloud or using different cloud network./
9
Lack of trust- It is very hard to trust on cloud provider, sometimes they use unauthorised access
to gain customer data or information. For protecting data strict policies must be developed.
Moreover, contracts must be signed between parties.
Multi tenancy issues- It occurs due to conflicts between both parties. It means that it separates
two tenants.
Measures taken to minimise security issues-
Minimise lack of trust- It can be reduced by developing a standard language for policies. This
must be agreed by both parties. Also, policy language must be understandable by customer and
easy to merge or combine. Moreover, policy must be certified by Oxley, DIACAP, etc.
Minimise loss of control- It can be minimised by monitoring the critical applications used in
cloud computing. It enables both provider and tenant to monitor the components in the cloud.
Also, it provides mechanism to provider to take action on attacks.
ï‚· Utilising different clouds- Consumer may use services from different clouds using multi
cloud architecture. It will help in reducing the risk and increasing redundancy.
ï‚· Access control management- It can be done by providing layers of access control.
Example- access top cloud, access top server, etc. This can be controlled by provider or
consumer. Along with this, consumer can manage its authentication by implementing
control policies or security measures.
Minimise tenancy issues- It will help in increasing isolation between tenants. This can be done
by following strong isolation techniques.
Security : physical network and virtualisation
Outside attacks- These attacks are DDOS attacks or application program interface endpoints
attacks.
Inside attacks- It is related to internal attacks that occurs within the cloud. It includes IP
spoofing, port scanning, packet sniffing, etc.
These attacks can be prevented by cloud service provider by implementing standard and
proprietary networking techniques. The provider can develop terms of service for accessing the
cloud.
10
to gain customer data or information. For protecting data strict policies must be developed.
Moreover, contracts must be signed between parties.
Multi tenancy issues- It occurs due to conflicts between both parties. It means that it separates
two tenants.
Measures taken to minimise security issues-
Minimise lack of trust- It can be reduced by developing a standard language for policies. This
must be agreed by both parties. Also, policy language must be understandable by customer and
easy to merge or combine. Moreover, policy must be certified by Oxley, DIACAP, etc.
Minimise loss of control- It can be minimised by monitoring the critical applications used in
cloud computing. It enables both provider and tenant to monitor the components in the cloud.
Also, it provides mechanism to provider to take action on attacks.
ï‚· Utilising different clouds- Consumer may use services from different clouds using multi
cloud architecture. It will help in reducing the risk and increasing redundancy.
ï‚· Access control management- It can be done by providing layers of access control.
Example- access top cloud, access top server, etc. This can be controlled by provider or
consumer. Along with this, consumer can manage its authentication by implementing
control policies or security measures.
Minimise tenancy issues- It will help in increasing isolation between tenants. This can be done
by following strong isolation techniques.
Security : physical network and virtualisation
Outside attacks- These attacks are DDOS attacks or application program interface endpoints
attacks.
Inside attacks- It is related to internal attacks that occurs within the cloud. It includes IP
spoofing, port scanning, packet sniffing, etc.
These attacks can be prevented by cloud service provider by implementing standard and
proprietary networking techniques. The provider can develop terms of service for accessing the
cloud.
10
Risk is considered as the possibility that a certain threat will exploit a vulnerability to
cause harm to an asset. In the era of digitisation and rise of information technologies, the
organisations are using different means to improve the technological practices and improving the
business. Cloud computing is one of the best and efficient method of storing and acquiring data
stored on virtual network. But, there are certain risk associated with cloud computing that can
negatively impacts on the organisational performance. These are unauthorised access to customer
and business data, security risk at the vendor, compliance and legal risks, risks regarding lack of
control, etc. (Merkow and Breithaupt,2014) As Furniture Direct Limited desires to using cloud
services like Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a
Service (SaaS) as part of their
Expansion plan, they need to consider the certain security risk associated with each service.
These are evaluated below:
Security Risk Associated with Infrastructure as a Service (IaaS)
ï‚· Misconfiguration risk: Infrastructure as a Service (IaaS) provides virtualised computing
resources over the Internet hosted by a 3rd party. The major risk associated with the
service is misconfiguration risk. If the infrastructure has been misconfigured or not
configured appropriately, the hackers will get access to the network or server and they
can steal data from the server efficiently.ï‚· Uncover Shadow-IT in IaaS: It is very easy in cloud IaaS to deploy a new server by
terminating previous one. If the previous server does not update during patching than this
server become more risky and vulnerable server in organisation (Nelson, and Staggers,
2016).ï‚· Vulnerabilities- Iaas does not protect from vulnerabilities and weakness in application
and data. It becomes a bottleneck in enterprise infrastructure security.
Security Risk Associated with Platform as a Service (PaaS)
ï‚· Data Breach: Platform as a Service (PaaS) enables the organisations to establish,
commence and eventually manage Web applications without normally required
infrastructure. As the resources required a shared network, there is risk of data breach
associated with the cloud service.
11
cause harm to an asset. In the era of digitisation and rise of information technologies, the
organisations are using different means to improve the technological practices and improving the
business. Cloud computing is one of the best and efficient method of storing and acquiring data
stored on virtual network. But, there are certain risk associated with cloud computing that can
negatively impacts on the organisational performance. These are unauthorised access to customer
and business data, security risk at the vendor, compliance and legal risks, risks regarding lack of
control, etc. (Merkow and Breithaupt,2014) As Furniture Direct Limited desires to using cloud
services like Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a
Service (SaaS) as part of their
Expansion plan, they need to consider the certain security risk associated with each service.
These are evaluated below:
Security Risk Associated with Infrastructure as a Service (IaaS)
ï‚· Misconfiguration risk: Infrastructure as a Service (IaaS) provides virtualised computing
resources over the Internet hosted by a 3rd party. The major risk associated with the
service is misconfiguration risk. If the infrastructure has been misconfigured or not
configured appropriately, the hackers will get access to the network or server and they
can steal data from the server efficiently.ï‚· Uncover Shadow-IT in IaaS: It is very easy in cloud IaaS to deploy a new server by
terminating previous one. If the previous server does not update during patching than this
server become more risky and vulnerable server in organisation (Nelson, and Staggers,
2016).ï‚· Vulnerabilities- Iaas does not protect from vulnerabilities and weakness in application
and data. It becomes a bottleneck in enterprise infrastructure security.
Security Risk Associated with Platform as a Service (PaaS)
ï‚· Data Breach: Platform as a Service (PaaS) enables the organisations to establish,
commence and eventually manage Web applications without normally required
infrastructure. As the resources required a shared network, there is risk of data breach
associated with the cloud service.
11
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
ï‚· Lack of Secured software: PaaS offers SDLC which is not widely used. Furthermore,
due to less availability of secured software, organisation tends to avoid using Platform as
a Service cloud networking.ï‚· Vendor lock in- In these vendors dictate database, storage and application used by
business. For running this business requires skills and infrastructure.
Security Risk Associated with Software as a Service (SaaS)
ï‚· Data Security Risk: SaaS cloud software is referred as on demand software, where
organisations can subscribe or purchase license from different vendors. As it depends on
how service provider is using the data, the security risk for breaching of data is always
associated with the application (Nazareth and Choi, 2015).
ï‚· SaaS Provider Application Risk: Application Risk is the inherent risk created by how
the app was developed. For example, how does the app handle authentication and
authorization? What access provisioning standards does it support? How are identities
imported/exported into the app data store?
ï‚· Weak cloud standards- The standards set in these are very weak and may lead to data
breach. Also, service providers do not have enough control over data.
ï‚· Secrecy- Cloud service providers do not reveal all the details about data centres and
operations. With these customers and business finds it difficult to maintain their secrecy.
CONCLUSION:
From the above report it is concluded that an organisation is highly influenced by various
types of security threats and risks. It affects the data and information of employees as well as
organisation. Security risks such as viruses, malware, spam, etc. can occur within a network
affecting the entire business operations. This can lead to leakage of confidential information and
data. In order to protect the network from cyber attack organisation has to developed effective
and strong policies. Cloud computing is one of the best and efficient method of storing and
acquiring data stored on virtual network.
12
due to less availability of secured software, organisation tends to avoid using Platform as
a Service cloud networking.ï‚· Vendor lock in- In these vendors dictate database, storage and application used by
business. For running this business requires skills and infrastructure.
Security Risk Associated with Software as a Service (SaaS)
ï‚· Data Security Risk: SaaS cloud software is referred as on demand software, where
organisations can subscribe or purchase license from different vendors. As it depends on
how service provider is using the data, the security risk for breaching of data is always
associated with the application (Nazareth and Choi, 2015).
ï‚· SaaS Provider Application Risk: Application Risk is the inherent risk created by how
the app was developed. For example, how does the app handle authentication and
authorization? What access provisioning standards does it support? How are identities
imported/exported into the app data store?
ï‚· Weak cloud standards- The standards set in these are very weak and may lead to data
breach. Also, service providers do not have enough control over data.
ï‚· Secrecy- Cloud service providers do not reveal all the details about data centres and
operations. With these customers and business finds it difficult to maintain their secrecy.
CONCLUSION:
From the above report it is concluded that an organisation is highly influenced by various
types of security threats and risks. It affects the data and information of employees as well as
organisation. Security risks such as viruses, malware, spam, etc. can occur within a network
affecting the entire business operations. This can lead to leakage of confidential information and
data. In order to protect the network from cyber attack organisation has to developed effective
and strong policies. Cloud computing is one of the best and efficient method of storing and
acquiring data stored on virtual network.
12
REFERENCES:
Books and Journals:
Ab Rahman, and et..al., 2016. Forensic-by-design framework for cyber-physical cloud
systems. IEEE Cloud Computing.3(1). pp.50-59.
Ahson, S.A. and Ilyas, M., 2017. RFID handbook: applications, technology, security, and
privacy. CRC press.
AlHogail, A., 2015. Design and validation of information security culture
framework. Computers in Human Behavior.49. pp.567-575.
Chen, and et..al. 2016. Software-defined mobile networks security. Mobile Networks and
Applications.21(5). pp.729-743.
Jamshidi, M. ed., 2017. Systems of systems engineering: principles and applications. CRC press.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Merkow, M.S. and Breithaupt, J., 2014. Information security: Principles and practices. Pearson
Education.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management.52(1). pp.123-134.
Nelson, R. and Staggers, N., 2016. Health Informatics-E-Book: An Interprofessional Approach.
Elsevier Health Sciences.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in
industrial internet of things. In Proceedings of the 52nd annual design automation
conference (p. 54). ACM.
Tarafdar, and et..al 2015. The dark side of information technology. MIT Sloan Management
Review.56(2). p.61.
13
Books and Journals:
Ab Rahman, and et..al., 2016. Forensic-by-design framework for cyber-physical cloud
systems. IEEE Cloud Computing.3(1). pp.50-59.
Ahson, S.A. and Ilyas, M., 2017. RFID handbook: applications, technology, security, and
privacy. CRC press.
AlHogail, A., 2015. Design and validation of information security culture
framework. Computers in Human Behavior.49. pp.567-575.
Chen, and et..al. 2016. Software-defined mobile networks security. Mobile Networks and
Applications.21(5). pp.729-743.
Jamshidi, M. ed., 2017. Systems of systems engineering: principles and applications. CRC press.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Merkow, M.S. and Breithaupt, J., 2014. Information security: Principles and practices. Pearson
Education.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management.52(1). pp.123-134.
Nelson, R. and Staggers, N., 2016. Health Informatics-E-Book: An Interprofessional Approach.
Elsevier Health Sciences.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in
industrial internet of things. In Proceedings of the 52nd annual design automation
conference (p. 54). ACM.
Tarafdar, and et..al 2015. The dark side of information technology. MIT Sloan Management
Review.56(2). p.61.
13
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice
Hall Press
Online:
Security Threats that can affect your business, 2017. [Online] Available Through:
<http://www.nsiserv.com/blog/the-four-types-of-security-threats-that-can-affect-your-local-
business>
14
Hall Press
Online:
Security Threats that can affect your business, 2017. [Online] Available Through:
<http://www.nsiserv.com/blog/the-four-types-of-security-threats-that-can-affect-your-local-
business>
14
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.