Semester 1 IT Security Report: Risks and Mitigation

Verified

Added on 2025/05/05

AI Summary

Desklib provides solved assignments and past papers to help students succeed.

IT SECURITY
Student ID : -
Student Name: -

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION: -
In This context we have discussed about the risks that an organisation faces
if it uses information technology to perform activities. It has become very
important now a days because it simplify the work and leads to proper
optimization of work. therefore it is very essential to identify risks associated
with it. We learned about tools that can be used for network security purpose.
There is necessity of risk assessment and the treatment method have been
discussed.

IT SECURITY RISK: -
IT or information technology risk is the cyber risk that is related to IT.
Information technology in organisation is playing a huge role. And nowadays
is a great asset and valuable to the organisation which rises the digital
revolution and knowledge economy and dur to this the organisation is
increasingly depending on this. Relying on the IT the organisation involve in
exchange of thoughts and action. This put the organisation at risk as there
are various drawbacks associated to IT. It can affect the business process of
the organisation caused by different incidents and events in information
technology.

RISKS ASSOCIATED WITH IT SECURITY : -
1) Disclosure of data that is unauthorized
2) Viruses
3) Spam
4) Network monitoring
5) Malware
6) Infrastructure loss
7) vulnerability and Patch management
8) Incorrect data modification
9) Faulty service
10) Service denial

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IDENTIFY RISK ASSESSMENT OR (ID.RA): -
The organisation using information technology is well aware of the
consequences of using Information technology in organizational assets and
organisational operations ( function, reputation, image and mission).
1) ID. RA –1: - Documentation and identification of asset vulnerabilities.
2) ID. RA –2: - Intelligence for cyber threat
3) ID. RA –3: -Documentation and identification of internal and external
threats.
4) ID. RA –4: - Identification of business impacts
5) ID. RA –5: - Determination of risk using likelihood, threats ect.
6) ID. RA –6: - Prioritisation of responses to risks.

RISK MANAGEMENT STRATEGY OR (ID.RM): -
The priority of the organisation, risk tolerance, assumptions and constraints
for supporting decisions of operational risk.
1) ID.RM – 1: -processes of risk management are managed, established by
the stakeholders of organisation.
2) ID.RM – 1: -tolerance of risk is expressed after determination
3) ID.RM – 1: -determination of risk is informed in the role of specific sector
risk analysis

NETWORK SECURITY: -
Whenever the security is provided to the network from accessing by
unconventional methods and unauthorised risks is network security. Its
network administrator’s duty to adopt measures that are preventive for
network protection from potential threats. The networks of computer that are
mostly involved in communication and regular transaction within individuals,
business or government requires security. One of the most simple and
effective way network protection is assigning name to the network and
password that is unique (Comodo, 2019).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TYPES OF NETWORK SECURITY DEVICES: -
1) Passive devices
2) Active devices
3) Unified threat management (UTM)
4) Preventative devices

NETWORK SECURITY TOOLS: -
Following are some security tools for encryption, vulnerability scanning, monitoring of
network security etc.
1) POf
2) Argus
3) Splunk
4) Nagios
5) KeePass
6) TrueCrypt
7) Burp Suite
8) Snort
9) Paros Proxy
10)Nikto

11) Aircrack
12) Netstumbler
13) KisMAC
14) Cain and Abel
15) Tcpdump
16) Wireshark
17) Metasploit
18) John the ripper
19) Nessus
20) Netcat
21) Tcpdump
(Langlois, 2019)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

NETWORK MONITORING SYSTEM: -
In IT industry the network monitoring is speeded all over. It the process in
which components of networking like farewells, switches, routers, VMs and
servers are monitored performance and faults and is optimized and
maintained by continuously evaluation. One of the most important aspect of
monitoring of network is that it must be proactive. Proactive monitoring helps
in prevention from network a failure and down time (Mitchell, 2011).

IMPORTANT ASPECTS OF NETWORK MONITORING: -
There are four major aspects of monitoring of network: -
1) Monitoring of the essentials
2) Monitoring interval optimisation
3) Appropriate protocol selection
4) Threshold setting
5) Proactive threshold and monitoring
6) Customization and dashboard
7) High fail over and availability